Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nalezena virová infekce

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
cormack
Návštěvník
Návštěvník
Příspěvky: 74
Registrován: 02 kvě 2008 06:18

Nalezena virová infekce

#1 Příspěvek od cormack »

Dobrý den,
prosím Vás o kontrolu logu - syn něco stahoval a máte zavirovaný PC - win 10 upozorňuje na hrozbu.
Děkuji moc.
------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by Zbyse (administrator) on ZBYSEK (11-02-2019 18:26:56)
Running from C:\Users\Zbyse\Desktop
Loaded Profiles: Zbyse (Available Profiles: Zbyse)
Platform: Windows 10 Home Version 1803 17134.556 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
() C:\Supgam\Coretemp\Core Temp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VIA TECH) C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543352 2012-11-23] (VIA Technologies Inc. -> VIA TECH)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110008 2015-07-13] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\MountPoints2: {1c1e4eac-e856-11e8-af18-c86000168fe3} - "J:\Setup.exe"
HKLM\...\Drivers32: [vidc.x264] => x264vfw.dll
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-09-29] ()
HKLM\...\Drivers32-x32: [vidc.x264] => x264vfw.dll
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [122880 2012-07-21] (fccHandler)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2008-12-06] (Hewlett-Packard Company -> Hewlett-Packard Company)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe [2019-02-09] ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2875399751-1358015588-351649890-1001] => Proxy is enabled.
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wlidNSP.dll [41984 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [41984 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [64512 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [64512 2018-04-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45617d57-14b1-4339-9374-988b6c3e4f85}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a300576b-445e-4aa4-908e-91d1fbd1944c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ebn21zf.default-1543520244075
FF ProfilePath: C:\Users\Zbyse\AppData\Roaming\Mozilla\Firefox\Profiles\1ebn21zf.default-1543520244075 [2019-02-06]
FF Homepage: Mozilla\Firefox\Profiles\1ebn21zf.default-1543520244075 -> hxxps://www.seznam.cz/
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Zbyse\AppData\Roaming\Mozilla\Firefox\Profiles\1ebn21zf.default-1543520244075\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-09]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default [2019-02-11]
CHR Extension: (Dokumenty) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (LIVESCORE SOCCER) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibfflggfgeemmkaifokfjanokokcjfg [2017-04-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Extension: (Browse Faster) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponhjlldbpnmeieenmaacddmlfpdielh [2018-02-18]
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-30]
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-09-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-19]
CHR Extension: (Chrome Media Router) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation -> Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286720 2018-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\TEMP\ALSysIO64.sys [25064 2019-02-11] (CPUID -> Arthur Liberman)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2016-08-31] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink Corp. -> CyberLink)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2017-06-19] (Power Technology -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [472016 2017-01-04] (Intel(R) INTELNPG1 -> Intel Corporation)
R3 Envy24HFS; C:\WINDOWS\system32\drivers\Envy24HF.sys [228368 2012-10-25] (VIA Technologies Inc. -> VIA - IC Ensemble, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [26528 2017-01-04] (Martin Malik - REALiX -> REALiX(tm))
S1 kqwbiiyy; C:\WINDOWS\system32\drivers\kqwbiiyy.sys [72816 2019-02-11] (Microsoft Corporation -> Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaki.inf_amd64_d73a9f0b898ab879\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
S1 oxfwhpwe; C:\WINDOWS\system32\drivers\oxfwhpwe.sys [72816 2019-02-11] (Microsoft Corporation -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz139; \??\C:\WINDOWS\TEMP\cpuz139\cpuz139_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-11 18:26 - 2019-02-11 18:27 - 000018914 ____C C:\Users\Zbyse\Desktop\FRST.txt
2019-02-11 18:26 - 2019-02-11 18:26 - 000000000 ____D C:\FRST
2019-02-11 18:26 - 2019-02-11 18:25 - 002434048 ____C (Farbar) C:\Users\Zbyse\Desktop\FRST64.exe
2019-02-11 18:23 - 2019-02-11 18:23 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oxfwhpwe.sys
2019-02-11 18:22 - 2019-02-11 18:22 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kqwbiiyy.sys
2019-02-11 18:18 - 2019-02-11 18:19 - 000000000 ____D C:\AdwCleaner
2019-02-07 16:35 - 2019-02-07 16:35 - 000000000 ____D C:\WINDOWS\Panther
2019-02-06 16:51 - 2019-02-06 16:53 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-02-06 16:45 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000456640 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-06 16:45 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-06 16:45 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-06 16:45 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-06 16:45 - 2019-02-01 02:38 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 009254696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 005273048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 004624184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 002031896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001534912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001464008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001129352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000752440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 040235120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 035140696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 020101600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 017428328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001471816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001152200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000915120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000638200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-06 16:45 - 2019-02-01 02:36 - 004296808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-06 16:45 - 2019-01-31 07:09 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-02-04 20:39 - 2019-02-04 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2019-01-30 21:51 - 2019-01-30 21:51 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-29 18:14 - 2019-01-29 18:20 - 000000000 ___DC C:\Users\Zbyse\Documents\PcSetup
2019-01-29 18:14 - 2019-01-29 18:14 - 000000000 ____D C:\Program Files (x86)\Goland
2019-01-29 18:14 - 2019-01-29 18:14 - 000000000 _____ C:\WINDOWS\AudioDVD.INI
2019-01-29 18:09 - 2019-01-29 18:09 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dvda-author-gui-10.05
2019-01-20 22:44 - 2019-01-20 22:44 - 000000000 ____D C:\ProgramData\LightScribe
2019-01-20 22:43 - 2019-01-20 22:43 - 000002110 _____ C:\Users\Public\Desktop\LightScribe.lnk
2019-01-20 22:39 - 2019-01-20 22:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2019-01-20 22:39 - 2019-01-20 22:39 - 000000000 ____D C:\Program Files (x86)\LightScribe
2019-01-19 22:54 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-01-19 22:54 - 2019-01-09 18:57 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-01-19 22:54 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-01-19 22:54 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-01-19 22:54 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-19 22:54 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-19 22:54 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-01-19 22:54 - 2019-01-09 18:36 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-01-19 22:54 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-01-19 22:54 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-01-19 22:54 - 2019-01-09 18:35 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-19 22:54 - 2019-01-09 15:50 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-01-19 22:54 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-01-19 22:54 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-19 22:54 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-01-19 22:54 - 2019-01-09 10:51 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-01-19 22:54 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-01-19 22:54 - 2019-01-09 09:50 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-19 22:54 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-01-19 22:54 - 2019-01-09 09:46 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-01-19 22:54 - 2019-01-09 09:46 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-01-19 22:54 - 2019-01-09 09:44 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-19 22:54 - 2019-01-09 09:24 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-19 22:54 - 2019-01-09 09:11 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-19 22:54 - 2019-01-09 09:06 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-19 22:54 - 2019-01-09 08:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-19 22:54 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-01-19 22:54 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 006567768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-01-19 22:54 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-01-19 22:54 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-01-19 22:54 - 2019-01-09 06:41 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-01-19 22:54 - 2019-01-09 06:41 - 000983120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-01-19 22:54 - 2019-01-09 06:41 - 000076296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-19 22:54 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-19 22:54 - 2019-01-09 06:40 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-19 22:54 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-19 22:54 - 2019-01-09 06:40 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-19 22:54 - 2019-01-09 06:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-19 22:54 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-01-19 22:54 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-01-19 22:54 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-01-19 22:54 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000144072 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-01-19 22:54 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-01-19 22:54 - 2019-01-09 06:34 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-19 22:54 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-01-19 22:54 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-01-19 22:54 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-01-19 22:54 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-01-19 22:54 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-01-19 22:54 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-19 22:54 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-01-19 22:54 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-01-19 22:54 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-01-19 22:54 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-01-19 22:54 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-01-19 22:54 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-01-19 22:54 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-01-19 22:54 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 004940288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-19 22:54 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-01-19 22:54 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-01-19 22:54 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-01-19 22:54 - 2019-01-09 05:34 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-16 17:16 - 2019-01-12 05:04 - 002018392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441771.dll
2019-01-16 17:16 - 2019-01-12 05:04 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441771.dll
2019-01-15 22:03 - 2019-01-15 22:03 - 000001286 ____C C:\Users\Zbyse\Desktop\HQPlayer-HiFi.lnk
2019-01-15 22:01 - 2019-01-15 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HQPlayer Desktop 3
2019-01-15 21:58 - 2019-01-15 21:58 - 000000375 _____ C:\Users\Zbyse\Downloads\file

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-11 18:27 - 2018-03-28 20:09 - 000000000 ____D C:\TEMP
2019-02-11 18:26 - 2018-04-30 21:30 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-11 18:26 - 2018-04-12 16:50 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-11 18:26 - 2018-04-12 16:50 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-11 18:26 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-11 18:23 - 2017-04-06 17:42 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-11 18:21 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-11 18:20 - 2018-04-30 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-11 18:20 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-11 17:59 - 2017-06-29 17:29 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\uTorrent
2019-02-11 17:56 - 2016-12-06 18:02 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-11 17:51 - 2018-04-30 21:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-11 14:49 - 2018-04-30 21:30 - 000003696 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-zbysek1968@outlook.cz
2019-02-10 23:20 - 2016-11-26 20:05 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\foobar2000
2019-02-10 23:17 - 2016-11-26 20:36 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\vlc
2019-02-10 20:14 - 2017-05-17 20:11 - 000000000 ___DC C:\Users\Zbyse\Documents\Euro Truck Simulator 2
2019-02-10 11:29 - 2018-04-30 21:30 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2875399751-1358015588-351649890-1001
2019-02-10 11:29 - 2018-04-30 21:22 - 000002387 ____C C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 11:29 - 2016-11-26 19:10 - 000000000 ___RD C:\Users\Zbyse\OneDrive
2019-02-09 11:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-08 17:42 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 17:41 - 2018-07-11 16:56 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 14:14 - 2016-11-26 19:16 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-08 00:47 - 2018-04-30 21:22 - 000000000 ____D C:\Users\Zbyse
2019-02-07 20:08 - 2017-06-30 14:08 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\AIMP
2019-02-07 16:39 - 2018-02-13 20:56 - 000000000 ___DC C:\Users\Zbyse\Documents\AquaMark3
2019-02-07 16:38 - 2018-02-04 16:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-07 16:38 - 2018-02-04 16:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-07 16:35 - 2016-11-26 19:08 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-05 16:40 - 2016-11-26 19:48 - 000000600 ____C C:\Users\Zbyse\AppData\Roaming\winscp.rnd
2019-02-04 20:39 - 2018-10-24 21:51 - 000002553 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-04 20:39 - 2016-12-08 22:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-01 02:37 - 2018-10-05 15:23 - 005036824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-01-31 07:09 - 2017-04-06 23:12 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-01-30 21:53 - 2018-02-04 16:04 - 000000000 ___DC C:\Users\Zbyse\AppData\LocalLow\Mozilla
2019-01-30 21:51 - 2018-02-04 16:04 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-30 21:09 - 2017-04-06 17:42 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000450600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000124968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-30 14:15 - 2017-04-06 17:42 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-28 00:17 - 2018-06-25 21:48 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-01-27 18:20 - 2017-02-05 21:08 - 000000000 ____D C:\Program Files (x86)\Ulozto File Manager
2019-01-27 18:20 - 2016-12-06 17:35 - 000001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2019-01-27 18:20 - 2016-12-06 17:35 - 000001122 _____ C:\Users\Public\Desktop\Ulož.to FileManager.lnk
2019-01-27 13:57 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-26 15:03 - 2017-04-06 17:42 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-01-20 10:07 - 2018-04-30 21:19 - 000420496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-19 23:00 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-18 21:45 - 2018-11-16 19:30 - 000000000 ____D C:\Program Files\rempl
2019-01-18 17:41 - 2017-02-24 23:59 - 000002145 ____C C:\Users\Zbyse\Desktop\JDownloader 2.lnk
2019-01-14 01:08 - 2018-02-02 19:28 - 000000832 ____C C:\Users\Zbyse\Desktop\Subnautica.lnk
2019-01-14 01:07 - 2018-04-24 21:10 - 000000595 ____C C:\Users\Zbyse\Desktop\Far Cry 5.lnk
2019-01-14 01:06 - 2018-09-02 22:13 - 000001597 ____C C:\Users\Zbyse\Desktop\Chess Ultra.lnk
2019-01-13 20:41 - 2016-12-28 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2019-01-13 20:41 - 2016-12-28 21:04 - 000000000 ____D C:\Program Files (x86)\Futuremark
2019-01-13 20:40 - 2016-11-26 19:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-13 20:40 - 2016-11-26 19:22 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2018-05-11 17:02 - 2018-05-11 17:02 - 000000171 ____C () C:\Users\Zbyse\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-05-11 17:02 - 2018-05-11 17:02 - 000000304 ____C () C:\Users\Zbyse\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2017-04-01 21:36 - 2017-04-01 21:36 - 000000132 ____C () C:\Users\Zbyse\AppData\Roaming\Adobe Formát AIFF CS6 – předvolby
2018-05-11 17:02 - 2018-05-11 17:02 - 000000175 ____C () C:\Users\Zbyse\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2018-04-16 17:47 - 2018-04-18 17:29 - 000009728 ____C () C:\Users\Zbyse\AppData\Roaming\Launcher_01.exe
2018-03-13 23:31 - 2018-03-13 23:40 - 000015814 ____C () C:\Users\Zbyse\AppData\Roaming\log_031318_233106.txt
2018-03-16 00:53 - 2018-03-16 00:58 - 000007812 ____C () C:\Users\Zbyse\AppData\Roaming\log_031618_005340.txt
2017-10-12 17:52 - 2017-10-12 17:52 - 000000080 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_185219.txt
2017-10-12 17:52 - 2017-10-12 17:52 - 000000080 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_185230.txt
2017-10-12 17:53 - 2017-10-12 18:32 - 000036912 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_185304.txt
2017-10-12 19:54 - 2017-10-12 20:28 - 000035652 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_205402.txt
2017-11-21 21:40 - 2017-11-21 21:42 - 000003314 ____C () C:\Users\Zbyse\AppData\Roaming\log_112117_214050.txt
2016-11-26 19:48 - 2019-02-05 16:40 - 000000600 ____C () C:\Users\Zbyse\AppData\Roaming\winscp.rnd
2018-04-26 22:23 - 2019-02-07 20:25 - 000044544 ____C () C:\Users\Zbyse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-15 17:58 - 2018-11-09 16:39 - 000003523 ____C () C:\Users\Zbyse\AppData\Local\FSDownloader.err
2016-12-15 17:57 - 2018-11-09 16:39 - 000001168 ____C () C:\Users\Zbyse\AppData\Local\FSDownloader.nast
2017-05-27 21:15 - 2017-05-27 21:15 - 000140800 ____C () C:\Users\Zbyse\AppData\Local\installer.dat
2018-09-28 17:30 - 2018-09-28 17:30 - 000000000 ____C () C:\Users\Zbyse\AppData\Local\oobelibMkey.log
2017-01-03 17:01 - 2018-10-15 09:16 - 000007656 ____C () C:\Users\Zbyse\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-30 21:19

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by Zbyse (11-02-2019 18:27:39)
Running from C:\Users\Zbyse\Desktop
Windows 10 Home Version 1803 17134.556 (X64) (2018-04-30 20:31:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2875399751-1358015588-351649890-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2875399751-1358015588-351649890-503 - Limited - Disabled)
Guest (S-1-5-21-2875399751-1358015588-351649890-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2875399751-1358015588-351649890-504 - Limited - Disabled)
Zbyse (S-1-5-21-2875399751-1358015588-351649890-1001 - Administrator - Enabled) => C:\Users\Zbyse

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC-3 ACM Codec 2.2 (HKLM-x32\...\AC3ACM) (Version: 2.2 - fccHandler)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_0) (Version: 17.0.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Aktualizace NVIDIA 34.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 34.0.0.0 - NVIDIA Corporation) Hidden
Altap Salamander 3.0 (x64) (HKLM\...\Altap Salamander 3.0 (x64)) (Version: 3.0 - ALTAP)
Aperio ImageScope (HKLM-x32\...\{A5856584-F090-4FD3-BA95-34E6D85546B1}) (Version: 9.01 - )
AquaMark3 (HKLM-x32\...\AquaMark3) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Aurora (HKLM-x32\...\{396a1805-d31e-419f-839d-7f041740f826}) (Version: 1.0.1.682 - Macphun)
Aurora (HKLM-x32\...\{57F1980E-883E-449D-BDAE-C9F0A35E2C5C}) (Version: 1.0.1.682 - Macphun) Hidden
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Balíček ovladače systému Windows - Microsoft USBDevice (02/19/2016 1.0.0.0) (HKLM\...\01D4AA89568B59E5941907D403E3B682EE413AB7) (Version: 02/19/2016 1.0.0.0 - Microsoft)
BenVista PhotoZoom Pro 7.1 (HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\PhotoZoom Pro 7) (Version: 7.1 - BenVista Ltd.)
Black Mesa verze 0.2.1 (HKLM-x32\...\Black Mesa_is1) (Version: 0.2.1 - Tomi2k9)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
CrystalDiskMark 5.2.0 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.2.0 - Crystal Dew World)
CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.1913.0 - CyberLink Corp.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
DSD Transcoder ASIO Driver (HKLM-x32\...\DSDTranscoder) (Version: 1.0.6 - Maxim V.Anisiutkin)
DVDFab (x64) 10.0.9.0 (20/04/2018) (HKLM-x32\...\DVDFab 10(x64)) (Version: 10.0.9.0 - Fengtao Software Inc.)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
Far Cry 5 (HKLM-x32\...\Far Cry 5_is1) (Version: - )
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version: - Ubisoft)
Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
Farming Simulator 19 v.1.1.0.0 (HKLM-x32\...\Farming Simulator 19_is1) (Version: - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FFU Loader Driver 1.0.0 (HKLM-x32\...\{7209d085-ed88-4a08-beb2-c49db2b9e838}) (Version: 1.0.0 - Microsoft)
FFU Loader Driver 1.0.0 (HKLM-x32\...\{CA839C49-B3D1-4EA6-BB8A-21937B808771}) (Version: 1.0.0 - Microsoft) Hidden
foobar2000 v1.3.14 (HKLM-x32\...\foobar2000) (Version: 1.3.14 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Half.Life.2.Prospekt.REPACK-KaOs Uninstaller v3.0 (HKLM-x32\...\Half.Life.2.Prospekt.REPACK-KaOs_is1) (Version: 3.0 - KaOsKrew)
Chess Ultra (HKLM-x32\...\Chess Ultra_is1) (Version: - )
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version: - )
Just Cause 4 (HKLM-x32\...\{D1F33AFE-757B-4A27-9F96-D507177C3E40}_is1) (Version: - Avalanche Studios)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
MadOnion.com/3DMark2001 SE (HKLM-x32\...\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}) (Version: - )
MediaInfo 0.7.95 (HKLM\...\MediaInfo) (Version: 0.7.95 - MediaArea.net)
Microsoft Office Professional 2019 - cs-cz (HKLM\...\Professional2019Retail - cs-cz) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 30.1.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 30.1.0 - Moritz Bunkus)
Mozilla Firefox 65.0 (x64 cs) (HKLM\...\Mozilla Firefox 65.0 (x64 cs)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 418.81 - NVIDIA Corporation) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
RarmaRadio 2.71.6 (HKLM-x32\...\RarmaRadio_is1) (Version: - RaimerSoft)
Serious Sam 2 verze 2.070 (HKLM-x32\...\{C5E4298B-3581-4AAD-9FAF-2FE76C07EFC8}_is1) (Version: 2.070 - Croteam)
Serious Sam 3 (HKLM-x32\...\Serious Sam 3_is1) (Version: 249955 - Croteam)
Signalyst HQPlayer Desktop 3 (HKLM-x32\...\HQPlayer Desktop 3) (Version: - Signalyst)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM-x32\...\Subnautica_is1) (Version: - )
Ulož.to FileManager verze 2.71 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.71 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Will Rock (HKLM-x32\...\{58DB5417-E1FF-4EF6-A93C-592D35F01E84}) (Version: 1.0 - )
Windows IP Over USB (HKLM-x32\...\{FF0EA481-42DB-A8AE-8356-48C09F7D953D}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Phone IP Over USB (HKLM-x32\...\{E7C8E5D3-9EDC-4430-8AEF-FD590937F55F}) (Version: 10.0.10240.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSCP 5.13.4 (HKLM-x32\...\winscp3_is1) (Version: 5.13.4 - Martin Prikryl)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net)
CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{C78B6146-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)
CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{C78B614C-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Supgam\Altap Salamander 3.06 (x86 x64) 2015 CZ (Ml) Portable\utils\salextx64.dll (ALTAP)
CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-03] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [CLVDShellExt10] -> {4682CEF2-C2F9-457B-83E0-3D6EBA418565} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt10.dll [2015-07-14] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [EzCddax] -> {31415D58-4750-4413-A95B-83D151F50040} => C:\Program Files\Easy CD-DA Extractor 16\ezcddax64.dll [2012-01-24] (Poikosoft -> Poikosoft)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt10] -> {4682CEF2-C2F9-457B-83E0-3D6EBA418565} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt10.dll [2015-07-14] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-03] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [EzCddax] -> {31415D58-4750-4413-A95B-83D151F50040} => C:\Program Files\Easy CD-DA Extractor 16\ezcddax64.dll [2012-01-24] (Poikosoft -> Poikosoft)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0105F4F7-D6E5-46EE-86DC-62EE4CFA939D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0130DB69-E68A-43DD-A429-09CE9D99107E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {04855FF4-F63E-4C3C-AF78-26BC5ED63A8B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {077AF0CC-F99C-4E88-B7A5-875B6C63EB8E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {089F6D34-BFE8-4945-8009-43582A854767} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0D5CEDB2-5213-4692-9EA0-C20B277B93B6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {118E7548-AFE1-4413-8056-13B0548007B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {12C9494F-9ED4-4E69-B115-06AB3B9D42B6} - System32\Tasks\S-1-5-21-2875399751-1358015588-351649890-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {1A0FE8ED-E57F-49A0-BCE6-73B533814ECF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1A39F4F9-5794-4B25-94AA-E57AD16547DD} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-zbysek1968@outlook.cz => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {2513B2D4-E82C-4C92-B6BF-EC9351568A6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {284E036A-A67C-4971-8A38-6A657DB9F381} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2902EDC2-6F23-4967-8608-BEC7E8F7169D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {39ABB5D5-8745-4940-A0BA-1237279E140E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6D2F381F-4D4C-4DE3-8D6B-8DE20C74FC28} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {770CADAA-9804-4DD5-BC23-314FFC99E0B7} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7D927A96-73D5-4F79-80F1-AE3C55B344AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {916DCAAE-A7F6-476D-828B-896E9C8E682B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9247A19E-87E5-4BC9-895B-FCE6D2E9128E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {927590D8-095F-4C89-BBFB-171BD4963612} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {97D3A525-E03A-4B28-A304-B2701C732381} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9C6B73FF-7FF6-4184-9CAF-5E86716BE74B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A360A19E-4D85-4BE2-9087-03BC28A7FF55} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5E932E0-7F16-42C2-A292-AD4ECB3E813A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E953B8EB-2912-42DC-BC66-07E5506ECD89} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F52A5316-F6F8-4A53-A72A-322D671DEDC1} - System32\Tasks\Core Temp Autostart Zbyse => C:\Supgam\Coretemp\Core Temp.exe () [File not signed]
Task: {F6F2B74B-B1E9-4FB2-A617-3E9F90C3C541} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION

Shortcut: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10 (x64)\DVDFab (x64) Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab10&p=x64&v=10.0.9.

==================== Loaded Modules (Whitelisted) ==============

2018-05-27 21:31 - 2018-12-06 11:14 - 001315312 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-11-26 19:43 - 2012-01-25 13:59 - 000848336 _____ () C:\Supgam\Coretemp\Core Temp.exe
2016-06-10 01:41 - 2016-06-10 01:41 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 22:01 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 101252592 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 004620272 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 000109040 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2019-01-19 22:54 - 2019-01-09 09:10 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-07 16:47 - 2019-02-07 16:47 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-07 16:47 - 2019-02-07 16:47 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 14:56 - 2017-12-01 14:56 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 19:54 - 2018-11-28 19:54 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 16:47 - 2019-02-07 16:47 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-07 16:47 - 2019-02-07 16:47 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2019-02-08 14:13 - 2019-02-06 03:00 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libglesv2.dll
2019-02-08 14:13 - 2019-02-06 03:00 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libegl.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 001033200 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-26 19:33 - 2012-11-23 10:18 - 000174712 _____ () C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\Envy24Api.dll
2016-11-26 19:33 - 2012-11-23 10:18 - 000076408 _____ () C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\QsApoApi.dll
2016-11-26 22:16 - 2015-07-13 08:39 - 000626104 _____ () C:\Program Files (x86)\CyberLink\Power2Go10\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\kqwbiiyy.sys:changelist [450]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\oxfwhpwe.sys:changelist [348]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2018-03-28 21:18 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2875399751-1358015588-351649890-1001\Control Panel\Desktop\\Wallpaper -> c:\users\zbyse\appdata\roaming\irfanview\irfanview_wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BB8A3D20-5818-40F7-B8CE-B26A4DF298AA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{364CEDB1-CAE3-44A4-B6E7-3E7434451658}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{99522F0D-7992-4E01-9B03-913C9305BF4A}D:\games\subnautica\subnautica.exe] => (Allow) D:\games\subnautica\subnautica.exe ()
FirewallRules: [TCP Query User{45D3FB68-FAD4-4286-8FFE-AF272195E4CD}D:\games\subnautica\subnautica.exe] => (Allow) D:\games\subnautica\subnautica.exe ()
FirewallRules: [UDP Query User{1A8A2734-E7D6-4626-B0AE-5D557E8F338C}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe (Adobe Systems Incorporated -> Joyent, Inc)
FirewallRules: [TCP Query User{B8FD429C-3213-493B-AE9D-9F2139F4FBC1}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe (Adobe Systems Incorporated -> Joyent, Inc)
FirewallRules: [UDP Query User{A2C0553A-0DFC-4AF9-9401-A02F796F3F01}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{D6C48BE8-AE7A-43DA-AA18-71B8C222F8E2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{0973985C-165E-4FEF-AA70-DC27032424A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{42B1DB2B-7DDF-42B5-919B-391D11C12089}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C88961B-0B13-48DD-8BA1-603456AD35F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6381FEFC-1F40-4F01-9B73-6670150D0121}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6973C9C0-1170-4218-9D52-7808D7812986}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A9B77D98-D068-415A-8B05-765533A49A3D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{64DED886-8AB1-4830-AAC5-8467A8398C2E}C:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) C:\program files (x86)\foobar2000\foobar2000.exe (Piotr Pawlowski)
FirewallRules: [UDP Query User{DCCD96AF-007F-4561-91A0-9C0C4B6C550D}C:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) C:\program files (x86)\foobar2000\foobar2000.exe (Piotr Pawlowski)
FirewallRules: [{928616B1-637D-4716-8E89-2CD18C140BEE}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A0BDFADE-F5A9-4C29-8D7D-1284D342E2F9}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E8F3B9E3-38D4-4248-9001-18D0B5F460D0}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{65D09A16-44DC-4B80-B7DC-19C8B86287B2}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{8C957F18-3011-4599-A607-A799FF1DA23B}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{15D38564-3182-42A5-88A6-F5AD786DD424}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{84F92791-7DC3-4CB3-AC22-D53E86076F1C}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{7E77C551-BEF5-45F4-B7D8-C6929B728703}] => (Allow) D:\Programy\Steam\steamapps\common\Doom 3\Doom3.exe (id Software)
FirewallRules: [{08339AC4-9D35-407C-99F0-01ACBC808DF7}] => (Allow) D:\Programy\Steam\steamapps\common\Doom 3\Doom3.exe (id Software)
FirewallRules: [{08012CB5-BCF5-44E2-90BB-0EBAEC5731C6}] => (Allow) D:\Programy\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (QLOC S.A. -> Bethesda Softworks)
FirewallRules: [{182045B1-949F-45CA-A0F3-1E22A08A01D5}] => (Allow) D:\Programy\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (QLOC S.A. -> Bethesda Softworks)
FirewallRules: [{5498C9DC-48DB-46B9-970A-3BC9B4874243}] => (Allow) D:\Programy\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe ()
FirewallRules: [{440876A6-2557-4A35-A5C1-16AFC8AF3B99}] => (Allow) D:\Programy\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe ()
FirewallRules: [TCP Query User{C9260197-8D6B-4BE4-84C8-DAD7FC228454}D:\hry\far cry primal\bin\fcprimal.exe] => (Allow) D:\hry\far cry primal\bin\fcprimal.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{68DA5C68-DEB7-46F4-99CC-636E126087F5}D:\hry\far cry primal\bin\fcprimal.exe] => (Allow) D:\hry\far cry primal\bin\fcprimal.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{795AB50D-7701-4DA2-A493-AFD7207C6FAF}C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{96200E0D-732E-47C4-BD26-6D88B452C97C}C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{4FC24BDB-DA80-4146-A34A-C46E5ADA841D}] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{98227891-53FB-4C11-967B-5E145C051395}] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{5ACBA4FB-8747-425F-B98A-F3FA4912D735}] => (Allow) C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{CA6BAA19-1814-47A0-A0FB-8F79A673FB34}] => (Allow) C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{4DD73704-9EA9-4F68-BC3A-FB2850FD7646}D:\programy\ioquake3&ta\ioquake3.x86.exe] => (Allow) D:\programy\ioquake3&ta\ioquake3.x86.exe ()
FirewallRules: [UDP Query User{DD3DFF6F-2CBB-407D-B4D2-83FA5780A349}D:\programy\ioquake3&ta\ioquake3.x86.exe] => (Allow) D:\programy\ioquake3&ta\ioquake3.x86.exe ()
FirewallRules: [{A6139397-CB40-429D-AA92-38B13E3607D5}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 3\JustCause3.exe ()
FirewallRules: [{96884CDB-47BE-455D-ADBE-9331FC149D87}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 3\JustCause3.exe ()
FirewallRules: [TCP Query User{3E6BD9A5-A1E9-43D6-95C0-89930CCA6BB1}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File
FirewallRules: [UDP Query User{A42D851B-B23A-4B2B-8349-F6DA60AD5454}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [TCP Query User{DF79153D-6F9B-4783-A246-6C8E3093E61A}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe (Raimersoft)
FirewallRules: [UDP Query User{ECD26B94-D4DF-465F-9DCF-C73754CB1430}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe (Raimersoft)
FirewallRules: [TCP Query User{1553784E-F293-43B1-8E46-77F0B952E914}C:\program files\dvdfab 10\dvdfab64.exe] => (Allow) C:\program files\dvdfab 10\dvdfab64.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [UDP Query User{30C14A58-C986-4C67-BDE0-FF809140D19F}C:\program files\dvdfab 10\dvdfab64.exe] => (Allow) C:\program files\dvdfab 10\dvdfab64.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [{524C1475-1AA6-4C74-A327-CEC89F1E0867}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{79911ABD-54BD-4782-93E8-B9958E6661C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{B54AA642-893E-445C-842E-5B1C7B2EABD2}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [UDP Query User{B7A43E40-DBDD-4B7A-9181-7DF9E7FA766E}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [TCP Query User{A9B5161B-CBAF-4A9F-9049-9FBA2631300C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [UDP Query User{A873F73E-B2CE-4AC5-9D74-E061E6C25C6C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [TCP Query User{BECC35D9-5A10-4BD1-9A4D-D690907EBD29}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [UDP Query User{E5398C38-FC27-4E1F-8AEA-F1B4FBFDD788}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [{D5FBD69D-C4E3-4E8B-A521-4FDDA5E334C9}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 2\JustCause2.exe (Valve Corp. -> Avalanche Studios)
FirewallRules: [{92C3B664-8F36-4AD0-B861-C122479C1126}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 2\JustCause2.exe (Valve Corp. -> Avalanche Studios)
FirewallRules: [{B5F6EF0A-9E85-4EFB-A1B8-0C34AB7A915A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4E13A86-374C-4242-893F-7AB96207B76D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{DE1734B0-FBDB-447B-87C2-6273A7F1F518}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [UDP Query User{9798F0C0-F2FB-406B-8BD7-ADB85EB04D64}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [TCP Query User{2E8FF68B-1EDF-43F5-BDC6-CAE679F4EE48}D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe] => (Allow) D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe (GHI Media LLC -> Croteam)
FirewallRules: [UDP Query User{B90F4A10-2C46-4894-811E-4CAD9E244D3C}D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe] => (Allow) D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe (GHI Media LLC -> Croteam)
FirewallRules: [{F7B47109-6750-4793-9BCB-5C26A8B10E91}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF68FFD6-0C03-43C7-8014-967166C23DAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{13A3CE8D-CE1F-45F2-AB67-CEA299225B5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B477961C-EB66-4C2E-8680-325AE8E21B00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{798CE178-F83E-4CBC-B197-4261E602BD4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{5C853D52-DA6F-4D23-A1F0-9D6889C6932C}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [UDP Query User{21CE5442-BEF4-480F-81DC-726689B6E2E1}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [TCP Query User{17D98705-371D-47DC-9EEB-6631F887627C}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [UDP Query User{84C4474B-4414-4FDB-A944-25899307745D}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [TCP Query User{43AEFBB9-31E4-419F-86D6-F01F529EED5F}C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe] => (Allow) C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe (Signalyst -> )
FirewallRules: [UDP Query User{D490C34A-DC79-4EDC-9781-F79C60DB6CE8}C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe] => (Allow) C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe (Signalyst -> )
FirewallRules: [TCP Query User{CEBEA942-4AF0-444B-BFED-986CA996C758}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [UDP Query User{FE4A9144-224E-40A0-8C6B-2B8918C45A63}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [TCP Query User{2934D463-88C9-46AB-90F2-D4022B1BB84C}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [UDP Query User{62F6849D-4FFB-4097-9CDF-BF42C6EF1B60}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [{847E82CD-33C3-431B-A2B3-22E935D30255}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe (GHI Media LLC -> Croteam)
FirewallRules: [{BB60B626-50C4-466D-9E27-1A0DC55CECE2}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe (GHI Media LLC -> Croteam)
FirewallRules: [{43E46FA3-4546-46DB-8FB8-974BE5648828}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{1CB1A0A0-856D-49F6-A20C-D679F622EE0F}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{1BEC376D-3966-490F-9B52-5CEFC0B608B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{F1A4FB1C-2A18-4DF4-8BD2-12D7068BB899}D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe] => (Allow) D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe ()
FirewallRules: [UDP Query User{CB400FD0-ED85-443B-99AA-8FCF8156B7D5}D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe] => (Allow) D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe ()
FirewallRules: [{2CACE3F9-9FA6-445D-9ABB-0F65E4D06AF6}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{D69940AF-7592-496D-A803-5484BE5D05C0}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{99D2FAB0-E9B7-44EA-B947-81C372D246F0}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{2B660282-5FC0-4AAC-A3E8-DDAC9E791B34}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6854938F-2E5B-4A33-9AE6-28857CF5392E}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File
FirewallRules: [{F3C7F2AA-76B7-49DE-A3DC-8B1DCD0CECC1}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: VSO Software class ...
Description: VSO Software class ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2019 05:59:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x15ac
Čas spuštění chybující aplikace: 0x01d4c21039203f16
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: cf2976de-cbdf-4fc4-b0da-661597683b87
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/10/2019 07:27:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x32b8
Čas spuštění chybující aplikace: 0x01d4c168b3424569
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 1de52df2-aa17-486c-a33d-56b3a4085f12
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/10/2019 04:22:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0xdfc
Čas spuštění chybující aplikace: 0x01d4c14d5da1d0db
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: e891c97f-e940-43b0-9536-43351301b867
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/10/2019 03:29:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x4f4
Čas spuštění chybující aplikace: 0x01d4c12b5bb430dd
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: ed8a7167-57aa-4d91-a986-e3af8fcca04a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/09/2019 07:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x30d8
Čas spuštění chybující aplikace: 0x01d4c091a7bca698
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 04b44d25-1979-4677-9167-0b8a5e1271f3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/09/2019 11:47:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x222c
Čas spuštění chybující aplikace: 0x01d4c0624670870c
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 08149fea-0898-4bcb-9146-85f9c4a064b5
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/09/2019 03:34:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x2dd0
Čas spuštění chybující aplikace: 0x01d4bfafe1512a54
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: e8946b67-1c0b-42a0-a188-f3e0fb8a3240
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/08/2019 12:46:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x1e90
Čas spuštění chybující aplikace: 0x01d4bf2a8f08703f
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 6edb1c09-e366-4f53-a65c-50638fea7320
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/11/2019 06:23:55 PM) (Source: DCOM) (EventID: 10016) (User: ZBYSEK)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli ZBYSEK\Zbyse (SID: S-1-5-21-2875399751-1358015588-351649890-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 06:23:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\NETWORK SERVICE (SID: S-1-5-20) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 06:22:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 06:22:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 06:22:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 06:22:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 06:19:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (02/11/2019 06:19:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Telemetry Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2019-02-11 18:22:59.748
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; file:_C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Obecný
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:22:59.464
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; file:_C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Obecný
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:22:59.421
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; process:_pid:10292,ProcessStart:131943793319566759
Původ zjišťování: Neznámý
Typ zjišťování: Konkrétní
Zdroj zjišťování: Neznámý
Uživatel:
Název procesu: C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:22:59.352
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; process:_pid:10292,ProcessStart:131943793319566759
Původ zjišťování: Neznámý
Typ zjišťování: Konkrétní
Zdroj zjišťování: Neznámý
Uživatel:
Název procesu: Unknown
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:19:57.606
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {4E9D37AB-884A-4762-97D6-C44471EDEFED}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: ZBYSEK\Zbyse

CodeIntegrity:
===================================

Date: 2019-02-11 15:30:41.400
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-11 15:30:41.397
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-11 15:30:41.393
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-05 21:33:21.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-05 21:33:21.712
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-05 21:33:21.709
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-29 21:41:13.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-29 21:41:13.908
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8159.14 MB
Available physical RAM: 5299.94 MB
Total Virtual: 9439.14 MB
Available Virtual: 5090.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.17 GB) (Free:5.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Dokumenty) (Fixed) (Total:1863.01 GB) (Free:410.37 GB) NTFS
Drive e: (Data Disc) (Fixed) (Total:2794.5 GB) (Free:498.69 GB) NTFS
Drive f: (Filmy) (Fixed) (Total:2794.5 GB) (Free:930.02 GB) NTFS

\\?\Volume{522522c6-0000-0000-0000-a0ca0e000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 38EBBD95)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 522522C6)
Partition 1: (Active) - (Size=59.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=470 MB) - (Type=27)

========================================================
Disk: 3 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nalezena virová infekce

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

cormack
Návštěvník
Návštěvník
Příspěvky: 74
Registrován: 02 kvě 2008 06:18

Re: Nalezena virová infekce

#3 Příspěvek od cormack »

Díky, zde je LOG:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-11-2019
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\2a99523785a2eab64c7f83716c95a207

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1372 octets] - [11/02/2019 18:18:46]
AdwCleaner[C00].txt - [1520 octets] - [11/02/2019 18:19:44]
AdwCleaner[S01].txt - [1372 octets] - [11/02/2019 18:22:22]
AdwCleaner[S02].txt - [1475 octets] - [11/02/2019 18:59:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nalezena virová infekce

#4 Příspěvek od Diallix »

Poprosim o novee logy FRST a ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

cormack
Návštěvník
Návštěvník
Příspěvky: 74
Registrován: 02 kvě 2008 06:18

Re: Nalezena virová infekce

#5 Příspěvek od cormack »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by Zbyse (administrator) on ZBYSEK (11-02-2019 19:12:10)
Running from C:\Users\Zbyse\Desktop
Loaded Profiles: Zbyse (Available Profiles: Zbyse)
Platform: Windows 10 Home Version 1803 17134.556 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Supgam\Coretemp\Core Temp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VIA TECH) C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543352 2012-11-23] (VIA Technologies Inc. -> VIA TECH)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110008 2015-07-13] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\MountPoints2: {1c1e4eac-e856-11e8-af18-c86000168fe3} - "J:\Setup.exe"
HKLM\...\Drivers32: [vidc.x264] => x264vfw.dll
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-09-29] ()
HKLM\...\Drivers32-x32: [vidc.x264] => x264vfw.dll
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [122880 2012-07-21] (fccHandler)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2008-12-06] (Hewlett-Packard Company -> Hewlett-Packard Company)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe [2019-02-09] ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2875399751-1358015588-351649890-1001] => Proxy is enabled.
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wlidNSP.dll [41984 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [41984 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [64512 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [64512 2018-04-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45617d57-14b1-4339-9374-988b6c3e4f85}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a300576b-445e-4aa4-908e-91d1fbd1944c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ebn21zf.default-1543520244075
FF ProfilePath: C:\Users\Zbyse\AppData\Roaming\Mozilla\Firefox\Profiles\1ebn21zf.default-1543520244075 [2019-02-06]
FF Homepage: Mozilla\Firefox\Profiles\1ebn21zf.default-1543520244075 -> hxxps://www.seznam.cz/
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Zbyse\AppData\Roaming\Mozilla\Firefox\Profiles\1ebn21zf.default-1543520244075\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-09]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default [2019-02-11]
CHR Extension: (Dokumenty) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (LIVESCORE SOCCER) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibfflggfgeemmkaifokfjanokokcjfg [2017-04-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Extension: (Browse Faster) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponhjlldbpnmeieenmaacddmlfpdielh [2018-02-18]
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-30]
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-09-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-19]
CHR Extension: (Chrome Media Router) - C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
CHR Profile: C:\Users\Zbyse\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation -> Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286720 2018-09-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\TEMP\ALSysIO64.sys [25064 2019-02-11] (CPUID -> Arthur Liberman)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2016-08-31] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink Corp. -> CyberLink)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2017-06-19] (Power Technology -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [472016 2017-01-04] (Intel(R) INTELNPG1 -> Intel Corporation)
R3 Envy24HFS; C:\WINDOWS\system32\drivers\Envy24HF.sys [228368 2012-10-25] (VIA Technologies Inc. -> VIA - IC Ensemble, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [26528 2017-01-04] (Martin Malik - REALiX -> REALiX(tm))
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaki.inf_amd64_d73a9f0b898ab879\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz139; \??\C:\WINDOWS\TEMP\cpuz139\cpuz139_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-11 18:58 - 2019-02-11 18:15 - 007316688 ____C (Malwarebytes) C:\Users\Zbyse\Desktop\adwcleaner_7.2.7.0.exe
2019-02-11 18:26 - 2019-02-11 19:12 - 000018310 ____C C:\Users\Zbyse\Desktop\FRST.txt
2019-02-11 18:26 - 2019-02-11 19:12 - 000000000 ____D C:\FRST
2019-02-11 18:26 - 2019-02-11 18:25 - 002434048 ____C (Farbar) C:\Users\Zbyse\Desktop\FRST64.exe
2019-02-11 18:18 - 2019-02-11 18:19 - 000000000 ____D C:\AdwCleaner
2019-02-07 16:35 - 2019-02-07 16:35 - 000000000 ____D C:\WINDOWS\Panther
2019-02-06 16:51 - 2019-02-06 16:53 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-02-06 16:45 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000456640 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-06 16:45 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-06 16:45 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-06 16:45 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-06 16:45 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-06 16:45 - 2019-02-01 02:38 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 009254696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 005273048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 004624184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 002031896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001534912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001464008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 001129352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000752440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-06 16:45 - 2019-02-01 02:38 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 040235120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 035140696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 020101600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 017428328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001471816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001152200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000915120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-06 16:45 - 2019-02-01 02:37 - 000638200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-06 16:45 - 2019-02-01 02:36 - 004296808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-06 16:45 - 2019-01-31 07:09 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-02-04 20:39 - 2019-02-04 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2019-01-30 21:51 - 2019-01-30 21:51 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-29 18:14 - 2019-01-29 18:20 - 000000000 ___DC C:\Users\Zbyse\Documents\PcSetup
2019-01-29 18:14 - 2019-01-29 18:14 - 000000000 ____D C:\Program Files (x86)\Goland
2019-01-29 18:14 - 2019-01-29 18:14 - 000000000 _____ C:\WINDOWS\AudioDVD.INI
2019-01-29 18:09 - 2019-01-29 18:09 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dvda-author-gui-10.05
2019-01-20 22:44 - 2019-01-20 22:44 - 000000000 ____D C:\ProgramData\LightScribe
2019-01-20 22:43 - 2019-01-20 22:43 - 000002110 _____ C:\Users\Public\Desktop\LightScribe.lnk
2019-01-20 22:39 - 2019-01-20 22:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2019-01-20 22:39 - 2019-01-20 22:39 - 000000000 ____D C:\Program Files (x86)\LightScribe
2019-01-19 22:54 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-01-19 22:54 - 2019-01-09 18:57 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-01-19 22:54 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-01-19 22:54 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-01-19 22:54 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-19 22:54 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-19 22:54 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-01-19 22:54 - 2019-01-09 18:36 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-01-19 22:54 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-01-19 22:54 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-01-19 22:54 - 2019-01-09 18:35 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-19 22:54 - 2019-01-09 15:50 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-01-19 22:54 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-01-19 22:54 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-19 22:54 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-01-19 22:54 - 2019-01-09 10:51 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-01-19 22:54 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-01-19 22:54 - 2019-01-09 09:50 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-19 22:54 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-01-19 22:54 - 2019-01-09 09:46 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-01-19 22:54 - 2019-01-09 09:46 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-01-19 22:54 - 2019-01-09 09:44 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-19 22:54 - 2019-01-09 09:24 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-19 22:54 - 2019-01-09 09:11 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-19 22:54 - 2019-01-09 09:06 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-19 22:54 - 2019-01-09 08:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-19 22:54 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-01-19 22:54 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 006567768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-01-19 22:54 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-01-19 22:54 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-01-19 22:54 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-01-19 22:54 - 2019-01-09 06:41 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-01-19 22:54 - 2019-01-09 06:41 - 000983120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-01-19 22:54 - 2019-01-09 06:41 - 000076296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-19 22:54 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-19 22:54 - 2019-01-09 06:40 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-19 22:54 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-19 22:54 - 2019-01-09 06:40 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-19 22:54 - 2019-01-09 06:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-19 22:54 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-01-19 22:54 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-01-19 22:54 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-01-19 22:54 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-01-19 22:54 - 2019-01-09 06:39 - 000144072 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-01-19 22:54 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-01-19 22:54 - 2019-01-09 06:34 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-19 22:54 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-01-19 22:54 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-01-19 22:54 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-01-19 22:54 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-01-19 22:54 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-01-19 22:54 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-19 22:54 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-01-19 22:54 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-01-19 22:54 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-01-19 22:54 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-01-19 22:54 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-01-19 22:54 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-01-19 22:54 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-01-19 22:54 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-01-19 22:54 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-19 22:54 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-01-19 22:54 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 004940288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-01-19 22:54 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-01-19 22:54 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-19 22:54 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-01-19 22:54 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-01-19 22:54 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-01-19 22:54 - 2019-01-09 05:34 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-16 17:16 - 2019-01-12 05:04 - 002018392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441771.dll
2019-01-16 17:16 - 2019-01-12 05:04 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441771.dll
2019-01-15 22:03 - 2019-01-15 22:03 - 000001286 ____C C:\Users\Zbyse\Desktop\HQPlayer-HiFi.lnk
2019-01-15 22:01 - 2019-01-15 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HQPlayer Desktop 3
2019-01-15 21:58 - 2019-01-15 21:58 - 000000375 _____ C:\Users\Zbyse\Downloads\file

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-11 19:12 - 2018-03-28 20:09 - 000000000 ____D C:\TEMP
2019-02-11 19:10 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-11 19:06 - 2018-04-30 21:30 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-11 19:06 - 2018-04-12 16:50 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-11 19:06 - 2018-04-12 16:50 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-11 19:06 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-11 19:02 - 2017-04-06 17:42 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-11 19:00 - 2018-04-30 21:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-11 19:00 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-11 18:51 - 2017-06-29 17:29 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\uTorrent
2019-02-11 17:56 - 2016-12-06 18:02 - 000000000 ____D C:\Program Files (x86)\Steam
2019-02-11 17:51 - 2018-04-30 21:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-11 14:49 - 2018-04-30 21:30 - 000003696 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-zbysek1968@outlook.cz
2019-02-10 23:20 - 2016-11-26 20:05 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\foobar2000
2019-02-10 23:17 - 2016-11-26 20:36 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\vlc
2019-02-10 20:14 - 2017-05-17 20:11 - 000000000 ___DC C:\Users\Zbyse\Documents\Euro Truck Simulator 2
2019-02-10 11:29 - 2018-04-30 21:30 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2875399751-1358015588-351649890-1001
2019-02-10 11:29 - 2018-04-30 21:22 - 000002387 ____C C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 11:29 - 2016-11-26 19:10 - 000000000 ___RD C:\Users\Zbyse\OneDrive
2019-02-09 11:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-08 17:42 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 17:41 - 2018-07-11 16:56 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 14:14 - 2016-11-26 19:16 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-08 00:47 - 2018-04-30 21:22 - 000000000 ____D C:\Users\Zbyse
2019-02-07 20:08 - 2017-06-30 14:08 - 000000000 ___DC C:\Users\Zbyse\AppData\Roaming\AIMP
2019-02-07 16:39 - 2018-02-13 20:56 - 000000000 ___DC C:\Users\Zbyse\Documents\AquaMark3
2019-02-07 16:38 - 2018-02-04 16:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-07 16:38 - 2018-02-04 16:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-07 16:35 - 2016-11-26 19:08 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-05 16:40 - 2016-11-26 19:48 - 000000600 ____C C:\Users\Zbyse\AppData\Roaming\winscp.rnd
2019-02-04 20:39 - 2018-10-24 21:51 - 000002553 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-04 20:39 - 2018-10-24 21:51 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-04 20:39 - 2016-12-08 22:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-01 02:37 - 2018-10-05 15:23 - 005036824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-01-31 07:09 - 2017-04-06 23:12 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-01-30 21:53 - 2018-02-04 16:04 - 000000000 ___DC C:\Users\Zbyse\AppData\LocalLow\Mozilla
2019-01-30 21:51 - 2018-02-04 16:04 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-01-30 21:09 - 2017-04-06 17:42 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000450600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000124968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-30 21:09 - 2017-04-06 17:42 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-30 14:15 - 2017-04-06 17:42 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-28 00:17 - 2018-06-25 21:48 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-01-27 18:20 - 2017-02-05 21:08 - 000000000 ____D C:\Program Files (x86)\Ulozto File Manager
2019-01-27 18:20 - 2016-12-06 17:35 - 000001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2019-01-27 18:20 - 2016-12-06 17:35 - 000001122 _____ C:\Users\Public\Desktop\Ulož.to FileManager.lnk
2019-01-27 13:57 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-26 15:03 - 2017-04-06 17:42 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-01-20 10:07 - 2018-04-30 21:19 - 000420496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-01-20 01:34 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-19 23:00 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-18 21:45 - 2018-11-16 19:30 - 000000000 ____D C:\Program Files\rempl
2019-01-18 17:41 - 2017-02-24 23:59 - 000002145 ____C C:\Users\Zbyse\Desktop\JDownloader 2.lnk
2019-01-14 01:08 - 2018-02-02 19:28 - 000000832 ____C C:\Users\Zbyse\Desktop\Subnautica.lnk
2019-01-14 01:07 - 2018-04-24 21:10 - 000000595 ____C C:\Users\Zbyse\Desktop\Far Cry 5.lnk
2019-01-14 01:06 - 2018-09-02 22:13 - 000001597 ____C C:\Users\Zbyse\Desktop\Chess Ultra.lnk
2019-01-13 20:41 - 2016-12-28 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2019-01-13 20:41 - 2016-12-28 21:04 - 000000000 ____D C:\Program Files (x86)\Futuremark
2019-01-13 20:40 - 2016-11-26 19:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-01-13 20:40 - 2016-11-26 19:22 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2018-05-11 17:02 - 2018-05-11 17:02 - 000000171 ____C () C:\Users\Zbyse\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-05-11 17:02 - 2018-05-11 17:02 - 000000304 ____C () C:\Users\Zbyse\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2017-04-01 21:36 - 2017-04-01 21:36 - 000000132 ____C () C:\Users\Zbyse\AppData\Roaming\Adobe Formát AIFF CS6 – předvolby
2018-05-11 17:02 - 2018-05-11 17:02 - 000000175 ____C () C:\Users\Zbyse\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2018-04-16 17:47 - 2018-04-18 17:29 - 000009728 ____C () C:\Users\Zbyse\AppData\Roaming\Launcher_01.exe
2018-03-13 23:31 - 2018-03-13 23:40 - 000015814 ____C () C:\Users\Zbyse\AppData\Roaming\log_031318_233106.txt
2018-03-16 00:53 - 2018-03-16 00:58 - 000007812 ____C () C:\Users\Zbyse\AppData\Roaming\log_031618_005340.txt
2017-10-12 17:52 - 2017-10-12 17:52 - 000000080 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_185219.txt
2017-10-12 17:52 - 2017-10-12 17:52 - 000000080 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_185230.txt
2017-10-12 17:53 - 2017-10-12 18:32 - 000036912 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_185304.txt
2017-10-12 19:54 - 2017-10-12 20:28 - 000035652 ____C () C:\Users\Zbyse\AppData\Roaming\log_101217_205402.txt
2017-11-21 21:40 - 2017-11-21 21:42 - 000003314 ____C () C:\Users\Zbyse\AppData\Roaming\log_112117_214050.txt
2016-11-26 19:48 - 2019-02-05 16:40 - 000000600 ____C () C:\Users\Zbyse\AppData\Roaming\winscp.rnd
2018-04-26 22:23 - 2019-02-07 20:25 - 000044544 ____C () C:\Users\Zbyse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-15 17:58 - 2018-11-09 16:39 - 000003523 ____C () C:\Users\Zbyse\AppData\Local\FSDownloader.err
2016-12-15 17:57 - 2018-11-09 16:39 - 000001168 ____C () C:\Users\Zbyse\AppData\Local\FSDownloader.nast
2017-05-27 21:15 - 2017-05-27 21:15 - 000140800 ____C () C:\Users\Zbyse\AppData\Local\installer.dat
2018-09-28 17:30 - 2018-09-28 17:30 - 000000000 ____C () C:\Users\Zbyse\AppData\Local\oobelibMkey.log
2017-01-03 17:01 - 2018-10-15 09:16 - 000007656 ____C () C:\Users\Zbyse\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-30 21:19

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by Zbyse (11-02-2019 19:12:50)
Running from C:\Users\Zbyse\Desktop
Windows 10 Home Version 1803 17134.556 (X64) (2018-04-30 20:31:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2875399751-1358015588-351649890-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2875399751-1358015588-351649890-503 - Limited - Disabled)
Guest (S-1-5-21-2875399751-1358015588-351649890-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2875399751-1358015588-351649890-504 - Limited - Disabled)
Zbyse (S-1-5-21-2875399751-1358015588-351649890-1001 - Administrator - Enabled) => C:\Users\Zbyse

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC-3 ACM Codec 2.2 (HKLM-x32\...\AC3ACM) (Version: 2.2 - fccHandler)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_0) (Version: 17.0.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Aktualizace NVIDIA 34.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 34.0.0.0 - NVIDIA Corporation) Hidden
Altap Salamander 3.0 (x64) (HKLM\...\Altap Salamander 3.0 (x64)) (Version: 3.0 - ALTAP)
Aperio ImageScope (HKLM-x32\...\{A5856584-F090-4FD3-BA95-34E6D85546B1}) (Version: 9.01 - )
AquaMark3 (HKLM-x32\...\AquaMark3) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Aurora (HKLM-x32\...\{396a1805-d31e-419f-839d-7f041740f826}) (Version: 1.0.1.682 - Macphun)
Aurora (HKLM-x32\...\{57F1980E-883E-449D-BDAE-C9F0A35E2C5C}) (Version: 1.0.1.682 - Macphun) Hidden
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Balíček ovladače systému Windows - Microsoft USBDevice (02/19/2016 1.0.0.0) (HKLM\...\01D4AA89568B59E5941907D403E3B682EE413AB7) (Version: 02/19/2016 1.0.0.0 - Microsoft)
BenVista PhotoZoom Pro 7.1 (HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\PhotoZoom Pro 7) (Version: 7.1 - BenVista Ltd.)
Black Mesa verze 0.2.1 (HKLM-x32\...\Black Mesa_is1) (Version: 0.2.1 - Tomi2k9)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
CrystalDiskMark 5.2.0 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.2.0 - Crystal Dew World)
CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.1913.0 - CyberLink Corp.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
DSD Transcoder ASIO Driver (HKLM-x32\...\DSDTranscoder) (Version: 1.0.6 - Maxim V.Anisiutkin)
DVDFab (x64) 10.0.9.0 (20/04/2018) (HKLM-x32\...\DVDFab 10(x64)) (Version: 10.0.9.0 - Fengtao Software Inc.)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
Far Cry 5 (HKLM-x32\...\Far Cry 5_is1) (Version: - )
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version: - Ubisoft)
Farming Simulator 17 (HKLM\...\ZmFybWluZ3NpbXVsYXRvcjE3_is1) (Version: 1 - )
Farming Simulator 19 v.1.1.0.0 (HKLM-x32\...\Farming Simulator 19_is1) (Version: - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FFU Loader Driver 1.0.0 (HKLM-x32\...\{7209d085-ed88-4a08-beb2-c49db2b9e838}) (Version: 1.0.0 - Microsoft)
FFU Loader Driver 1.0.0 (HKLM-x32\...\{CA839C49-B3D1-4EA6-BB8A-21937B808771}) (Version: 1.0.0 - Microsoft) Hidden
foobar2000 v1.3.14 (HKLM-x32\...\foobar2000) (Version: 1.3.14 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Half.Life.2.Prospekt.REPACK-KaOs Uninstaller v3.0 (HKLM-x32\...\Half.Life.2.Prospekt.REPACK-KaOs_is1) (Version: 3.0 - KaOsKrew)
Chess Ultra (HKLM-x32\...\Chess Ultra_is1) (Version: - )
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version: - )
Just Cause 4 (HKLM-x32\...\{D1F33AFE-757B-4A27-9F96-D507177C3E40}_is1) (Version: - Avalanche Studios)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
MadOnion.com/3DMark2001 SE (HKLM-x32\...\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}) (Version: - )
MediaInfo 0.7.95 (HKLM\...\MediaInfo) (Version: 0.7.95 - MediaArea.net)
Microsoft Office Professional 2019 - cs-cz (HKLM\...\Professional2019Retail - cs-cz) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 30.1.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 30.1.0 - Moritz Bunkus)
Mozilla Firefox 65.0 (x64 cs) (HKLM\...\Mozilla Firefox 65.0 (x64 cs)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 418.81 - NVIDIA Corporation) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
RarmaRadio 2.71.6 (HKLM-x32\...\RarmaRadio_is1) (Version: - RaimerSoft)
Serious Sam 2 verze 2.070 (HKLM-x32\...\{C5E4298B-3581-4AAD-9FAF-2FE76C07EFC8}_is1) (Version: 2.070 - Croteam)
Serious Sam 3 (HKLM-x32\...\Serious Sam 3_is1) (Version: 249955 - Croteam)
Signalyst HQPlayer Desktop 3 (HKLM-x32\...\HQPlayer Desktop 3) (Version: - Signalyst)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM-x32\...\Subnautica_is1) (Version: - )
Ulož.to FileManager verze 2.71 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.71 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Will Rock (HKLM-x32\...\{58DB5417-E1FF-4EF6-A93C-592D35F01E84}) (Version: 1.0 - )
Windows IP Over USB (HKLM-x32\...\{FF0EA481-42DB-A8AE-8356-48C09F7D953D}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Phone IP Over USB (HKLM-x32\...\{E7C8E5D3-9EDC-4430-8AEF-FD590937F55F}) (Version: 10.0.10240.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSCP 5.13.4 (HKLM-x32\...\winscp3_is1) (Version: 5.13.4 - Martin Prikryl)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net)
CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{C78B6146-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)
CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{C78B614C-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Supgam\Altap Salamander 3.06 (x86 x64) 2015 CZ (Ml) Portable\utils\salextx64.dll (ALTAP)
CustomCLSID: HKU\S-1-5-21-2875399751-1358015588-351649890-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-03] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [CLVDShellExt10] -> {4682CEF2-C2F9-457B-83E0-3D6EBA418565} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt10.dll [2015-07-14] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [EzCddax] -> {31415D58-4750-4413-A95B-83D151F50040} => C:\Program Files\Easy CD-DA Extractor 16\ezcddax64.dll [2012-01-24] (Poikosoft -> Poikosoft)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt10] -> {4682CEF2-C2F9-457B-83E0-3D6EBA418565} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt10.dll [2015-07-14] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2018-12-03] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [EzCddax] -> {31415D58-4750-4413-A95B-83D151F50040} => C:\Program Files\Easy CD-DA Extractor 16\ezcddax64.dll [2012-01-24] (Poikosoft -> Poikosoft)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0105F4F7-D6E5-46EE-86DC-62EE4CFA939D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0130DB69-E68A-43DD-A429-09CE9D99107E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {04855FF4-F63E-4C3C-AF78-26BC5ED63A8B} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {077AF0CC-F99C-4E88-B7A5-875B6C63EB8E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {089F6D34-BFE8-4945-8009-43582A854767} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0D5CEDB2-5213-4692-9EA0-C20B277B93B6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {118E7548-AFE1-4413-8056-13B0548007B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {12C9494F-9ED4-4E69-B115-06AB3B9D42B6} - System32\Tasks\S-1-5-21-2875399751-1358015588-351649890-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {1A0FE8ED-E57F-49A0-BCE6-73B533814ECF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1A39F4F9-5794-4B25-94AA-E57AD16547DD} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-zbysek1968@outlook.cz => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {2513B2D4-E82C-4C92-B6BF-EC9351568A6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {284E036A-A67C-4971-8A38-6A657DB9F381} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2902EDC2-6F23-4967-8608-BEC7E8F7169D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {39ABB5D5-8745-4940-A0BA-1237279E140E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6D2F381F-4D4C-4DE3-8D6B-8DE20C74FC28} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {770CADAA-9804-4DD5-BC23-314FFC99E0B7} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7D927A96-73D5-4F79-80F1-AE3C55B344AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {916DCAAE-A7F6-476D-828B-896E9C8E682B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9247A19E-87E5-4BC9-895B-FCE6D2E9128E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {927590D8-095F-4C89-BBFB-171BD4963612} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {97D3A525-E03A-4B28-A304-B2701C732381} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9C6B73FF-7FF6-4184-9CAF-5E86716BE74B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A360A19E-4D85-4BE2-9087-03BC28A7FF55} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5E932E0-7F16-42C2-A292-AD4ECB3E813A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E953B8EB-2912-42DC-BC66-07E5506ECD89} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F52A5316-F6F8-4A53-A72A-322D671DEDC1} - System32\Tasks\Core Temp Autostart Zbyse => C:\Supgam\Coretemp\Core Temp.exe () [File not signed]
Task: {F6F2B74B-B1E9-4FB2-A617-3E9F90C3C541} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION

Shortcut: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10 (x64)\DVDFab (x64) Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab10&p=x64&v=10.0.9.

==================== Loaded Modules (Whitelisted) ==============

2018-05-27 21:31 - 2018-12-06 11:14 - 001315312 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-11-26 19:43 - 2012-01-25 13:59 - 000848336 _____ () C:\Supgam\Coretemp\Core Temp.exe
2016-06-10 01:41 - 2016-06-10 01:41 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 22:01 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 101252592 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 004620272 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 000109040 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2019-01-19 22:54 - 2019-01-09 09:10 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-07 16:47 - 2019-02-07 16:47 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-07 16:47 - 2019-02-07 16:47 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 14:56 - 2017-12-01 14:56 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 19:54 - 2018-11-28 19:54 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-07 16:47 - 2019-02-07 16:47 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-07 16:47 - 2019-02-07 16:47 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-05-27 21:31 - 2018-12-06 11:14 - 001033200 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-26 19:33 - 2012-11-23 10:18 - 000174712 _____ () C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\Envy24Api.dll
2016-11-26 19:33 - 2012-11-23 10:18 - 000076408 _____ () C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\QsApoApi.dll
2016-11-26 22:16 - 2015-07-13 08:39 - 000626104 _____ () C:\Program Files (x86)\CyberLink\Power2Go10\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2018-03-28 21:18 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2875399751-1358015588-351649890-1001\Control Panel\Desktop\\Wallpaper -> c:\users\zbyse\appdata\roaming\irfanview\irfanview_wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\StartupApproved\StartupFolder: => "ahmedatef.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BB8A3D20-5818-40F7-B8CE-B26A4DF298AA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{364CEDB1-CAE3-44A4-B6E7-3E7434451658}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{99522F0D-7992-4E01-9B03-913C9305BF4A}D:\games\subnautica\subnautica.exe] => (Allow) D:\games\subnautica\subnautica.exe ()
FirewallRules: [TCP Query User{45D3FB68-FAD4-4286-8FFE-AF272195E4CD}D:\games\subnautica\subnautica.exe] => (Allow) D:\games\subnautica\subnautica.exe ()
FirewallRules: [UDP Query User{1A8A2734-E7D6-4626-B0AE-5D557E8F338C}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe (Adobe Systems Incorporated -> Joyent, Inc)
FirewallRules: [TCP Query User{B8FD429C-3213-493B-AE9D-9F2139F4FBC1}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe (Adobe Systems Incorporated -> Joyent, Inc)
FirewallRules: [UDP Query User{A2C0553A-0DFC-4AF9-9401-A02F796F3F01}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{D6C48BE8-AE7A-43DA-AA18-71B8C222F8E2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{0973985C-165E-4FEF-AA70-DC27032424A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{42B1DB2B-7DDF-42B5-919B-391D11C12089}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C88961B-0B13-48DD-8BA1-603456AD35F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6381FEFC-1F40-4F01-9B73-6670150D0121}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6973C9C0-1170-4218-9D52-7808D7812986}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A9B77D98-D068-415A-8B05-765533A49A3D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{64DED886-8AB1-4830-AAC5-8467A8398C2E}C:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) C:\program files (x86)\foobar2000\foobar2000.exe (Piotr Pawlowski)
FirewallRules: [UDP Query User{DCCD96AF-007F-4561-91A0-9C0C4B6C550D}C:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) C:\program files (x86)\foobar2000\foobar2000.exe (Piotr Pawlowski)
FirewallRules: [{928616B1-637D-4716-8E89-2CD18C140BEE}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A0BDFADE-F5A9-4C29-8D7D-1284D342E2F9}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E8F3B9E3-38D4-4248-9001-18D0B5F460D0}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{65D09A16-44DC-4B80-B7DC-19C8B86287B2}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{8C957F18-3011-4599-A607-A799FF1DA23B}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{15D38564-3182-42A5-88A6-F5AD786DD424}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{84F92791-7DC3-4CB3-AC22-D53E86076F1C}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{7E77C551-BEF5-45F4-B7D8-C6929B728703}] => (Allow) D:\Programy\Steam\steamapps\common\Doom 3\Doom3.exe (id Software)
FirewallRules: [{08339AC4-9D35-407C-99F0-01ACBC808DF7}] => (Allow) D:\Programy\Steam\steamapps\common\Doom 3\Doom3.exe (id Software)
FirewallRules: [{08012CB5-BCF5-44E2-90BB-0EBAEC5731C6}] => (Allow) D:\Programy\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (QLOC S.A. -> Bethesda Softworks)
FirewallRules: [{182045B1-949F-45CA-A0F3-1E22A08A01D5}] => (Allow) D:\Programy\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (QLOC S.A. -> Bethesda Softworks)
FirewallRules: [{5498C9DC-48DB-46B9-970A-3BC9B4874243}] => (Allow) D:\Programy\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe ()
FirewallRules: [{440876A6-2557-4A35-A5C1-16AFC8AF3B99}] => (Allow) D:\Programy\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe ()
FirewallRules: [TCP Query User{C9260197-8D6B-4BE4-84C8-DAD7FC228454}D:\hry\far cry primal\bin\fcprimal.exe] => (Allow) D:\hry\far cry primal\bin\fcprimal.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{68DA5C68-DEB7-46F4-99CC-636E126087F5}D:\hry\far cry primal\bin\fcprimal.exe] => (Allow) D:\hry\far cry primal\bin\fcprimal.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{795AB50D-7701-4DA2-A493-AFD7207C6FAF}C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{96200E0D-732E-47C4-BD26-6D88B452C97C}C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{4FC24BDB-DA80-4146-A34A-C46E5ADA841D}] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{98227891-53FB-4C11-967B-5E145C051395}] => (Allow) C:\users\zbyse\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{5ACBA4FB-8747-425F-B98A-F3FA4912D735}] => (Allow) C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [{CA6BAA19-1814-47A0-A0FB-8F79A673FB34}] => (Allow) C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{4DD73704-9EA9-4F68-BC3A-FB2850FD7646}D:\programy\ioquake3&ta\ioquake3.x86.exe] => (Allow) D:\programy\ioquake3&ta\ioquake3.x86.exe ()
FirewallRules: [UDP Query User{DD3DFF6F-2CBB-407D-B4D2-83FA5780A349}D:\programy\ioquake3&ta\ioquake3.x86.exe] => (Allow) D:\programy\ioquake3&ta\ioquake3.x86.exe ()
FirewallRules: [{A6139397-CB40-429D-AA92-38B13E3607D5}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 3\JustCause3.exe ()
FirewallRules: [{96884CDB-47BE-455D-ADBE-9331FC149D87}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 3\JustCause3.exe ()
FirewallRules: [TCP Query User{3E6BD9A5-A1E9-43D6-95C0-89930CCA6BB1}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File
FirewallRules: [UDP Query User{A42D851B-B23A-4B2B-8349-F6DA60AD5454}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [TCP Query User{DF79153D-6F9B-4783-A246-6C8E3093E61A}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe (Raimersoft)
FirewallRules: [UDP Query User{ECD26B94-D4DF-465F-9DCF-C73754CB1430}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe (Raimersoft)
FirewallRules: [TCP Query User{1553784E-F293-43B1-8E46-77F0B952E914}C:\program files\dvdfab 10\dvdfab64.exe] => (Allow) C:\program files\dvdfab 10\dvdfab64.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [UDP Query User{30C14A58-C986-4C67-BDE0-FF809140D19F}C:\program files\dvdfab 10\dvdfab64.exe] => (Allow) C:\program files\dvdfab 10\dvdfab64.exe (Fengtao Software Inc. -> FengTao Software Inc.)
FirewallRules: [{524C1475-1AA6-4C74-A327-CEC89F1E0867}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{79911ABD-54BD-4782-93E8-B9958E6661C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{B54AA642-893E-445C-842E-5B1C7B2EABD2}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [UDP Query User{B7A43E40-DBDD-4B7A-9181-7DF9E7FA766E}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [TCP Query User{A9B5161B-CBAF-4A9F-9049-9FBA2631300C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [UDP Query User{A873F73E-B2CE-4AC5-9D74-E061E6C25C6C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [TCP Query User{BECC35D9-5A10-4BD1-9A4D-D690907EBD29}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [UDP Query User{E5398C38-FC27-4E1F-8AEA-F1B4FBFDD788}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [{D5FBD69D-C4E3-4E8B-A521-4FDDA5E334C9}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 2\JustCause2.exe (Valve Corp. -> Avalanche Studios)
FirewallRules: [{92C3B664-8F36-4AD0-B861-C122479C1126}] => (Allow) D:\Programy\Steam\steamapps\common\Just Cause 2\JustCause2.exe (Valve Corp. -> Avalanche Studios)
FirewallRules: [{B5F6EF0A-9E85-4EFB-A1B8-0C34AB7A915A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4E13A86-374C-4242-893F-7AB96207B76D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{DE1734B0-FBDB-447B-87C2-6273A7F1F518}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [UDP Query User{9798F0C0-F2FB-406B-8BD7-ADB85EB04D64}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [TCP Query User{2E8FF68B-1EDF-43F5-BDC6-CAE679F4EE48}D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe] => (Allow) D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe (GHI Media LLC -> Croteam)
FirewallRules: [UDP Query User{B90F4A10-2C46-4894-811E-4CAD9E244D3C}D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe] => (Allow) D:\hry\serious sam 3\steamapps\common\serious sam 3\bin\sam3.exe (GHI Media LLC -> Croteam)
FirewallRules: [{F7B47109-6750-4793-9BCB-5C26A8B10E91}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF68FFD6-0C03-43C7-8014-967166C23DAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{13A3CE8D-CE1F-45F2-AB67-CEA299225B5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B477961C-EB66-4C2E-8680-325AE8E21B00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{798CE178-F83E-4CBC-B197-4261E602BD4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{5C853D52-DA6F-4D23-A1F0-9D6889C6932C}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [UDP Query User{21CE5442-BEF4-480F-81DC-726689B6E2E1}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [TCP Query User{17D98705-371D-47DC-9EEB-6631F887627C}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [UDP Query User{84C4474B-4414-4FDB-A944-25899307745D}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [TCP Query User{43AEFBB9-31E4-419F-86D6-F01F529EED5F}C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe] => (Allow) C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe (Signalyst -> )
FirewallRules: [UDP Query User{D490C34A-DC79-4EDC-9781-F79C60DB6CE8}C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe] => (Allow) C:\program files\signalyst\hqplayer desktop 3\hqplayer-desktop.exe (Signalyst -> )
FirewallRules: [TCP Query User{CEBEA942-4AF0-444B-BFED-986CA996C758}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [UDP Query User{FE4A9144-224E-40A0-8C6B-2B8918C45A63}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [TCP Query User{2934D463-88C9-46AB-90F2-D4022B1BB84C}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [UDP Query User{62F6849D-4FFB-4097-9CDF-BF42C6EF1B60}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [{847E82CD-33C3-431B-A2B3-22E935D30255}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe (GHI Media LLC -> Croteam)
FirewallRules: [{BB60B626-50C4-466D-9E27-1A0DC55CECE2}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe (GHI Media LLC -> Croteam)
FirewallRules: [{43E46FA3-4546-46DB-8FB8-974BE5648828}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{1CB1A0A0-856D-49F6-A20C-D679F622EE0F}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{1BEC376D-3966-490F-9B52-5CEFC0B608B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{F1A4FB1C-2A18-4DF4-8BD2-12D7068BB899}D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe] => (Allow) D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe ()
FirewallRules: [UDP Query User{CB400FD0-ED85-443B-99AA-8FCF8156B7D5}D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe] => (Allow) D:\hry\hl2 umc-2014\steamapps\engine_215_2009\hl2.exe ()
FirewallRules: [{2CACE3F9-9FA6-445D-9ABB-0F65E4D06AF6}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{D69940AF-7592-496D-A803-5484BE5D05C0}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{99D2FAB0-E9B7-44EA-B947-81C372D246F0}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{2B660282-5FC0-4AAC-A3E8-DDAC9E791B34}] => (Allow) D:\Programy\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6854938F-2E5B-4A33-9AE6-28857CF5392E}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File
FirewallRules: [{F3C7F2AA-76B7-49DE-A3DC-8B1DCD0CECC1}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: VSO Software class ...
Description: VSO Software class ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2019 05:59:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x15ac
Čas spuštění chybující aplikace: 0x01d4c21039203f16
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: cf2976de-cbdf-4fc4-b0da-661597683b87
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/10/2019 07:27:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x32b8
Čas spuštění chybující aplikace: 0x01d4c168b3424569
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 1de52df2-aa17-486c-a33d-56b3a4085f12
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/10/2019 04:22:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0xdfc
Čas spuštění chybující aplikace: 0x01d4c14d5da1d0db
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: e891c97f-e940-43b0-9536-43351301b867
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/10/2019 03:29:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x4f4
Čas spuštění chybující aplikace: 0x01d4c12b5bb430dd
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: ed8a7167-57aa-4d91-a986-e3af8fcca04a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/09/2019 07:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x30d8
Čas spuštění chybující aplikace: 0x01d4c091a7bca698
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 04b44d25-1979-4677-9167-0b8a5e1271f3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/09/2019 11:47:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x222c
Čas spuštění chybující aplikace: 0x01d4c0624670870c
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 08149fea-0898-4bcb-9146-85f9c4a064b5
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/09/2019 03:34:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x2dd0
Čas spuštění chybující aplikace: 0x01d4bfafe1512a54
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: e8946b67-1c0b-42a0-a188-f3e0fb8a3240
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/08/2019 12:46:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x1e90
Čas spuštění chybující aplikace: 0x01d4bf2a8f08703f
Cesta k chybující aplikaci: C:\Users\Zbyse\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 6edb1c09-e366-4f53-a65c-50638fea7320
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/11/2019 07:02:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\NETWORK SERVICE (SID: S-1-5-20) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 07:02:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 07:01:51 PM) (Source: DCOM) (EventID: 10016) (User: ZBYSEK)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli ZBYSEK\Zbyse (SID: S-1-5-21-2875399751-1358015588-351649890-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/11/2019 06:59:54 PM) (Source: DCOM) (EventID: 10010) (User: ZBYSEK)
Description: Server Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy!App se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/11/2019 06:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (02/11/2019 06:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/11/2019 06:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Telemetry Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (02/11/2019 06:59:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2019-02-11 18:22:59.748
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; file:_C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Obecný
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:22:59.464
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; file:_C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Obecný
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:22:59.421
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; process:_pid:10292,ProcessStart:131943793319566759
Původ zjišťování: Neznámý
Typ zjišťování: Konkrétní
Zdroj zjišťování: Neznámý
Uživatel:
Název procesu: C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:22:59.352
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Bladabindi.gen
ID: 2147685721
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10292:53549372658802; process:_pid:10292,ProcessStart:131943793319566759
Původ zjišťování: Neznámý
Typ zjišťování: Konkrétní
Zdroj zjišťování: Neznámý
Uživatel:
Název procesu: Unknown
Verze podpisu: AV: 1.285.1371.0, AS: 1.285.1371.0, NIS: 1.285.1371.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 18:19:57.606
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {4E9D37AB-884A-4762-97D6-C44471EDEFED}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: ZBYSEK\Zbyse

CodeIntegrity:
===================================

Date: 2019-02-11 15:30:41.400
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-11 15:30:41.397
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-11 15:30:41.393
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-05 21:33:21.715
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-05 21:33:21.712
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-05 21:33:21.709
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-29 21:41:13.912
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-29 21:41:13.908
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 8159.14 MB
Available physical RAM: 5809.12 MB
Total Virtual: 9439.14 MB
Available Virtual: 5526.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.17 GB) (Free:5.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Dokumenty) (Fixed) (Total:1863.01 GB) (Free:410.37 GB) NTFS
Drive e: (Data Disc) (Fixed) (Total:2794.5 GB) (Free:522.24 GB) NTFS
Drive f: (Filmy) (Fixed) (Total:2794.5 GB) (Free:930.02 GB) NTFS

\\?\Volume{522522c6-0000-0000-0000-a0ca0e000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 38EBBD95)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 522522C6)
Partition 1: (Active) - (Size=59.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=470 MB) - (Type=27)

========================================================
Disk: 3 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nalezena virová infekce

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe
C:\WINDOWS\TEMP\cpuz139
C:\WINDOWS\TEMP\GPUZ.sys

2019-01-30 14:15 - 2017-04-06 17:42 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\MountPoints2: {1c1e4eac-e856-11e8-af18-c86000168fe3} - "J:\Setup.exe" 
Startup: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe [2019-02-09] ()
S3 cpuz139; \??\C:\WINDOWS\TEMP\cpuz139\cpuz139_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]

Task: {0105F4F7-D6E5-46EE-86DC-62EE4CFA939D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {089F6D34-BFE8-4945-8009-43582A854767} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION

Shortcut: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10 (x64)\DVDFab (x64) Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab10&p=x64&v=10.0.9.

FirewallRules: [{6854938F-2E5B-4A33-9AE6-28857CF5392E}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File
FirewallRules: [{F3C7F2AA-76B7-49DE-A3DC-8B1DCD0CECC1}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File
FirewallRules: [TCP Query User{CEBEA942-4AF0-444B-BFED-986CA996C758}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [UDP Query User{FE4A9144-224E-40A0-8C6B-2B8918C45A63}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [TCP Query User{2934D463-88C9-46AB-90F2-D4022B1BB84C}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [UDP Query User{62F6849D-4FFB-4097-9CDF-BF42C6EF1B60}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [TCP Query User{5C853D52-DA6F-4D23-A1F0-9D6889C6932C}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [UDP Query User{21CE5442-BEF4-480F-81DC-726689B6E2E1}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [TCP Query User{17D98705-371D-47DC-9EEB-6631F887627C}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [UDP Query User{84C4474B-4414-4FDB-A944-25899307745D}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [TCP Query User{DE1734B0-FBDB-447B-87C2-6273A7F1F518}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [UDP Query User{9798F0C0-F2FB-406B-8BD7-ADB85EB04D64}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [TCP Query User{B54AA642-893E-445C-842E-5B1C7B2EABD2}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [UDP Query User{B7A43E40-DBDD-4B7A-9181-7DF9E7FA766E}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [TCP Query User{A9B5161B-CBAF-4A9F-9049-9FBA2631300C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [UDP Query User{A873F73E-B2CE-4AC5-9D74-E061E6C25C6C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [TCP Query User{BECC35D9-5A10-4BD1-9A4D-D690907EBD29}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [UDP Query User{E5398C38-FC27-4E1F-8AEA-F1B4FBFDD788}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [TCP Query User{3E6BD9A5-A1E9-43D6-95C0-89930CCA6BB1}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File
FirewallRules: [UDP Query User{A42D851B-B23A-4B2B-8349-F6DA60AD5454}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

cormack
Návštěvník
Návštěvník
Příspěvky: 74
Registrován: 02 kvě 2008 06:18

Re: Nalezena virová infekce

#7 Příspěvek od cormack »

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by Zbyse (12-02-2019 17:36:01) Run:1
Running from C:\Users\Zbyse\Desktop
Loaded Profiles: Zbyse (Available Profiles: Zbyse)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe
C:\WINDOWS\TEMP\cpuz139
C:\WINDOWS\TEMP\GPUZ.sys

2019-01-30 14:15 - 2017-04-06 17:42 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
HKU\S-1-5-21-2875399751-1358015588-351649890-1001\...\MountPoints2: {1c1e4eac-e856-11e8-af18-c86000168fe3} - "J:\Setup.exe"
Startup: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe [2019-02-09] ()
S3 cpuz139; \??\C:\WINDOWS\TEMP\cpuz139\cpuz139_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]

Task: {0105F4F7-D6E5-46EE-86DC-62EE4CFA939D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {089F6D34-BFE8-4945-8009-43582A854767} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

WMI:subscription\__TimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__IntervalTimerInstruction->SethomePage Interval Timer:: <==== ATTENTION
WMI:subscription\__EventFilter->EventFilter sethomePage2::[Query => Select * From __timerevent Where TimerId = "SethomePage Interval Timer"] <==== ATTENTION

Shortcut: C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10 (x64)\DVDFab (x64) Online.lnk -> hxxp://www.dvdfab.cn/?s=dvdfab10&p=x64&v=10.0.9.

FirewallRules: [{6854938F-2E5B-4A33-9AE6-28857CF5392E}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File
FirewallRules: [{F3C7F2AA-76B7-49DE-A3DC-8B1DCD0CECC1}] => (Allow) C:\Users\Zbyse\AppData\Roaming\WinUpdate.exe No File
FirewallRules: [TCP Query User{CEBEA942-4AF0-444B-BFED-986CA996C758}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [UDP Query User{FE4A9144-224E-40A0-8C6B-2B8918C45A63}E:\download\ij152-win-java8\imagej\imagej.exe] => (Allow) E:\download\ij152-win-java8\imagej\imagej.exe No File
FirewallRules: [TCP Query User{2934D463-88C9-46AB-90F2-D4022B1BB84C}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [UDP Query User{62F6849D-4FFB-4097-9CDF-BF42C6EF1B60}D:\programy\imagej\imagej.exe] => (Allow) D:\programy\imagej\imagej.exe ()
FirewallRules: [TCP Query User{5C853D52-DA6F-4D23-A1F0-9D6889C6932C}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [UDP Query User{21CE5442-BEF4-480F-81DC-726689B6E2E1}C:\users\zbyse\appdata\local\roon\application\roon.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\roon.exe No File
FirewallRules: [TCP Query User{17D98705-371D-47DC-9EEB-6631F887627C}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [UDP Query User{84C4474B-4414-4FDB-A944-25899307745D}C:\users\zbyse\appdata\local\roon\application\raatserver.exe] => (Allow) C:\users\zbyse\appdata\local\roon\application\raatserver.exe No File
FirewallRules: [TCP Query User{DE1734B0-FBDB-447B-87C2-6273A7F1F518}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [UDP Query User{9798F0C0-F2FB-406B-8BD7-ADB85EB04D64}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe] => (Allow) D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe No File
FirewallRules: [TCP Query User{B54AA642-893E-445C-842E-5B1C7B2EABD2}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [UDP Query User{B7A43E40-DBDD-4B7A-9181-7DF9E7FA766E}D:\hry\quake\darkplaces.exe] => (Allow) D:\hry\quake\darkplaces.exe No File
FirewallRules: [TCP Query User{A9B5161B-CBAF-4A9F-9049-9FBA2631300C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [UDP Query User{A873F73E-B2CE-4AC5-9D74-E061E6C25C6C}D:\hry\quake\darkplaces-sdl.exe] => (Block) D:\hry\quake\darkplaces-sdl.exe No File
FirewallRules: [TCP Query User{BECC35D9-5A10-4BD1-9A4D-D690907EBD29}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [UDP Query User{E5398C38-FC27-4E1F-8AEA-F1B4FBFDD788}D:\hry\quake\winquake.exe] => (Allow) D:\hry\quake\winquake.exe No File
FirewallRules: [TCP Query User{3E6BD9A5-A1E9-43D6-95C0-89930CCA6BB1}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File
FirewallRules: [UDP Query User{A42D851B-B23A-4B2B-8349-F6DA60AD5454}D:\hry\call od duty 2\cod2mp_s.exe] => (Allow) D:\hry\call od duty 2\cod2mp_s.exe No File
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe => moved successfully
"C:\WINDOWS\TEMP\cpuz139" => not found
"C:\WINDOWS\TEMP\GPUZ.sys" => not found
C:\WINDOWS\system32\nvcoproc.bin => moved successfully
HKU\S-1-5-21-2875399751-1358015588-351649890-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c1e4eac-e856-11e8-af18-c86000168fe3} => removed successfully
HKLM\Software\Classes\CLSID\{1c1e4eac-e856-11e8-af18-c86000168fe3} => not found
"C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ahmedatef.exe" => not found
HKLM\System\CurrentControlSet\Services\cpuz139 => removed successfully
cpuz139 => service removed successfully
HKLM\System\CurrentControlSet\Services\GPUZ => removed successfully
GPUZ => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0105F4F7-D6E5-46EE-86DC-62EE4CFA939D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0105F4F7-D6E5-46EE-86DC-62EE4CFA939D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{089F6D34-BFE8-4945-8009-43582A854767}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{089F6D34-BFE8-4945-8009-43582A854767}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"SethomePage Interval Timer" => removed successfully
"SethomePage Interval Timer" => not found
"EventFilter sethomePage2" => removed successfully
C:\Users\Zbyse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10 (x64)\DVDFab (x64) Online.lnk => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6854938F-2E5B-4A33-9AE6-28857CF5392E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3C7F2AA-76B7-49DE-A3DC-8B1DCD0CECC1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CEBEA942-4AF0-444B-BFED-986CA996C758}E:\download\ij152-win-java8\imagej\imagej.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FE4A9144-224E-40A0-8C6B-2B8918C45A63}E:\download\ij152-win-java8\imagej\imagej.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2934D463-88C9-46AB-90F2-D4022B1BB84C}D:\programy\imagej\imagej.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{62F6849D-4FFB-4097-9CDF-BF42C6EF1B60}D:\programy\imagej\imagej.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5C853D52-DA6F-4D23-A1F0-9D6889C6932C}C:\users\zbyse\appdata\local\roon\application\roon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{21CE5442-BEF4-480F-81DC-726689B6E2E1}C:\users\zbyse\appdata\local\roon\application\roon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{17D98705-371D-47DC-9EEB-6631F887627C}C:\users\zbyse\appdata\local\roon\application\raatserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{84C4474B-4414-4FDB-A944-25899307745D}C:\users\zbyse\appdata\local\roon\application\raatserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DE1734B0-FBDB-447B-87C2-6273A7F1F518}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9798F0C0-F2FB-406B-8BD7-ADB85EB04D64}D:\games\thehunter call of the wild vurhonga savanna\thehuntercotw_f.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B54AA642-893E-445C-842E-5B1C7B2EABD2}D:\hry\quake\darkplaces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B7A43E40-DBDD-4B7A-9181-7DF9E7FA766E}D:\hry\quake\darkplaces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A9B5161B-CBAF-4A9F-9049-9FBA2631300C}D:\hry\quake\darkplaces-sdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A873F73E-B2CE-4AC5-9D74-E061E6C25C6C}D:\hry\quake\darkplaces-sdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BECC35D9-5A10-4BD1-9A4D-D690907EBD29}D:\hry\quake\winquake.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E5398C38-FC27-4E1F-8AEA-F1B4FBFDD788}D:\hry\quake\winquake.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3E6BD9A5-A1E9-43D6-95C0-89930CCA6BB1}D:\hry\call od duty 2\cod2mp_s.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A42D851B-B23A-4B2B-8349-F6DA60AD5454}D:\hry\call od duty 2\cod2mp_s.exe" => removed successfully


The system needed a reboot.

==== End of Fixlog 17:36:03 ====

cormack
Návštěvník
Návštěvník
Příspěvky: 74
Registrován: 02 kvě 2008 06:18

Re: Nalezena virová infekce

#8 Příspěvek od cormack »

díky.....

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nalezena virová infekce

#9 Příspěvek od Diallix »

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

cormack
Návštěvník
Návštěvník
Příspěvky: 74
Registrován: 02 kvě 2008 06:18

Re: Nalezena virová infekce

#10 Příspěvek od cormack »

Už je vše v pořádku.

Moc Vám děkuji za pomoc!!!

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nalezena virová infekce

#11 Příspěvek od Diallix »

Este skuste spustit body obnovy systemu podla tohto nvodu: https://www.thewindowsclub.com/system-r ... re-windows
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

cormack
Návštěvník
Návštěvník
Příspěvky: 74
Registrován: 02 kvě 2008 06:18

Re: Nalezena virová infekce

#12 Příspěvek od cormack »

PC jede v pořádku.

Ještě jednou děkuji za pomoc!!!!

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nalezena virová infekce

#13 Příspěvek od Diallix »

za malicko :)
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno