GOM Player otvara web stranky

[Per]

Stava sa to za dvoch podmienok.
1.pri ukonceni programu
2.nie vzdy..stava sa to tak jeden z 10 ukonceni

netusim ci to je virus,alebo gomplayer samotny..alse tipujem na virus

nieco podobne sa riesilo tu,ale velmi mi to nepomohlo
https://www.bleepingcomputer.com/forums ... om-player/

preskenoval som to Malwarebytes antimalware,adwcleaner,Hitman ? Nic nenaslo


FRST

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2019
Ran by Percian (administrator) on PERCIAN-PC (12-03-2019 20:34:28)
Running from D:\Stiahnuté súbory
Loaded Profiles: Percian (Available Profiles: Percian)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wagnardsoft -> Wagnardsoft) C:\Program Files (x86)\ISLC v1.0.1.0\Intelligent standby list cleaner ISLC.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel Corporation) [File not signed] C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Percian\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(File-New-Project) [File not signed] C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Open Source Developer, Birunthan Mohanathas -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\SkWLUSB.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(TechPowerUp LLC -> techPowerUp (www.techpowerup.com)) C:\oc\GPU-Z.2.16.0.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Facebook, Inc. -> Facebook) C:\Users\Percian\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Facebook, Inc. -> The CefSharp Authors) C:\Users\Percian\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc -> Logitech Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [HP Business Slim Keyboard] => C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\SKWLUSB.exe [3513344 2015-09-16] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26252472 2018-12-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3113768 2019-03-05] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Magnify.exe [809472 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\Magnify.exe [809472 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.vorbis] => c:\windows\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => c:\windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => c:\windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => c:\windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-04] (Google LLC -> Google Inc.)
Startup: C:\Users\Percian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-12-04]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Percian\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
Startup: C:\Users\Percian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Origin.lnk [2016-12-27]
ShortcutTarget: Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts, Inc. -> Electronic Arts)
Startup: C:\Users\Percian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2018-01-10]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Open Source Developer, Birunthan Mohanathas -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{930ec9f4-b851-4952-9ef0-f8bd9bb054ad}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ea0f2e4e-dd5c-4293-99da-552612341ab9}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-3469067180-768828901-2224403390-1001 -> is enabled.
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.12.0_neutral__d55gg7py3s0m0 [not found]
Edge Extension: (Mouse Gestures) -> MouseGestures_MicrosoftMouseGestures_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.17136.0_neutral__8wekyb3d8bbwe [2017-05-17]

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (Electronic Arts -> EA Digital Illusions CE AB)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (Electronic Arts -> EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-3469067180-768828901-2224403390-1001: jpl.nasa.gov/NASAEyes -> C:\Users\Percian\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2018-05-02] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default [2019-03-12]
CHR Extension: (Prekladač Google) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-11-07]
CHR Extension: (Prezentácie) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-06]
CHR Extension: (Flash Video Downloader) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2019-03-03]
CHR Extension: (Dokumenty) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-06]
CHR Extension: (Disk Google) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-22]
CHR Extension: (YouTube) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-06]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-24]
CHR Extension: (Dark Reader) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2019-03-04]
CHR Extension: (Tabuľky) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-06]
CHR Extension: (I don't care about cookies) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2019-02-25]
CHR Extension: (Word Online) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2018-08-10]
CHR Extension: (Úpravy súborov Office v Dokumentoch Google) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2019-03-01]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Facebook Video Volume Sync) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\glhknbfninokkdmkemhahjldjilleenp [2018-01-15]
CHR Extension: (Tabs to the Front) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2018-01-14]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Mouse Gesture Events) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogjdgjefnddnjhkibmblgiofbjdgnahc [2017-11-06]
CHR Extension: (Gmail) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]
CHR Extension: (Password Checkup) - C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncabnpcffmalkkjpajodfhijclecjno [2019-02-16]
CHR Profile: C:\Users\Percian\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-12-01]
CHR Profile: C:\Users\Percian\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AsusStrixBox; C:\Program Files\ASUSTeKcomputer.Inc\nhAsusStrix\UserInterface\nhAsusStrixBoxSvc32.exe [300032 2016-01-20] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-09] (BattlEye Innovations e.K. -> )
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [505856 2018-01-31] (Intel Corporation) [File not signed]
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation -> Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc -> Logitech Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2191032 2018-11-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-03-05] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-03-05] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-02-21] (Even Balance, Inc. -> )
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-02-21] (Even Balance, Inc. -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665240 2019-02-26] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSSC150; C:\WINDOWS\system32\DRIVERS\ASUSSC150.sys [1319424 2015-08-17] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTeK)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [42792 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R3 GPU-Z; C:\Users\Percian\AppData\Local\Temp\GPU-Z.sys [27008 2019-03-12] (TechPowerUp -> ) <==== ATTENTION
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
S3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-07-10] (Logitech Inc -> Logitech Inc.)
S1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel(R) Technology Access -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a8e74171e1b8492\nvlddmkm.sys [20736208 2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-11-04] (PAIPTAC  Driver -> )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2018-01-11] (Intel Corporation -> )
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [181904 2017-12-14] (RH Software -> Ray Hinchliffe)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-12 20:34 - 2019-03-12 20:34 - 000000000 ____D C:\FRST
2019-03-11 11:28 - 2019-03-11 11:28 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-03-11 11:27 - 2019-03-02 03:29 - 020106384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 017434264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 010319696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 008784920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 001471632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 001152016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 001145752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 000915304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 000822792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-03-11 11:27 - 2019-03-02 03:29 - 000638392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-03-11 11:27 - 2019-03-01 23:32 - 001006800 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-03-11 11:27 - 2019-03-01 23:32 - 001006800 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-03-11 11:27 - 2019-03-01 23:32 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-03-11 11:27 - 2019-03-01 23:32 - 000870096 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-03-11 11:27 - 2019-03-01 23:32 - 000552328 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-03-11 11:27 - 2019-03-01 23:32 - 000456904 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-03-11 11:27 - 2019-03-01 23:32 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-03-11 11:27 - 2019-03-01 23:32 - 000286416 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-03-11 11:27 - 2019-03-01 23:32 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-03-11 11:27 - 2019-03-01 23:32 - 000260304 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-03-11 11:27 - 2019-03-01 23:30 - 005274368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 004625344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 002033032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 001734344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441935.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 001535744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 001467832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441935.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 001464520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 001130184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 000752520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 000668456 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 000631232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 000611720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 000534728 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-03-11 11:27 - 2019-03-01 23:30 - 000521928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-03-11 11:27 - 2019-03-01 23:29 - 040234704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-03-11 11:27 - 2019-03-01 23:29 - 035140488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-03-11 11:27 - 2019-03-01 11:36 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-03-11 09:22 - 2019-03-11 09:22 - 000000000 ___DC C:\Users\Percian\AppData\Roaming\NVIDIA
2019-03-09 17:48 - 2019-03-09 17:52 - 000000000 ____D C:\ProgramData\HitmanPro
2019-03-09 17:20 - 2019-03-09 17:20 - 000000000 ____D C:\ProgramData\Norton
2019-03-08 16:37 - 2019-03-11 11:28 - 000000000 ___DC C:\Users\Percian\AppData\Local\NVIDIA
2019-03-08 15:44 - 2019-03-08 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth1 v2.2.1.X
2019-03-01 23:34 - 2019-03-01 23:37 - 000000000 ____D C:\Users\Public\Documents\AutoPowerOn
2019-02-18 16:57 - 2019-03-06 18:54 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3469067180-768828901-2224403390-1001
2019-02-18 16:54 - 2019-02-18 16:59 - 000000000 ___RD C:\Users\Percian\OneDrive
2019-02-18 16:46 - 2019-03-06 18:54 - 000002417 ____C C:\Users\Percian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-18 16:46 - 2019-02-18 16:57 - 000002306 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-18 16:46 - 2019-02-18 16:57 - 000002306 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-18 16:46 - 2019-02-18 16:57 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2019-02-14 11:33 - 2019-02-14 12:25 - 000000000 ___DC C:\Users\Percian\AppData\Local\NVIDIA Corporation
2019-02-14 11:30 - 2019-03-12 12:45 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-14 11:30 - 2019-03-01 11:36 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-02-14 11:30 - 2019-03-01 08:15 - 005364592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-02-14 11:30 - 2019-03-01 08:15 - 002625008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-02-14 11:30 - 2019-03-01 08:15 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-02-14 11:30 - 2019-03-01 08:15 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-02-14 11:30 - 2019-03-01 08:15 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-02-14 11:30 - 2019-03-01 08:15 - 000125424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-02-14 11:30 - 2019-03-01 08:15 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-02-14 11:30 - 2019-02-27 17:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-02-14 11:30 - 2019-02-26 11:36 - 008514902 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-02-14 11:30 - 2019-02-14 11:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-02-14 11:30 - 2019-02-14 11:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-14 11:29 - 2019-03-02 03:29 - 005042904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-02-14 11:29 - 2019-03-02 03:28 - 004301480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-14 11:29 - 2019-03-01 11:36 - 001682392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-02-14 11:29 - 2019-03-01 11:36 - 000228768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-02-14 11:29 - 2019-03-01 11:36 - 000049834 _____ C:\WINDOWS\system32\nvinfo.pb
2019-02-14 11:29 - 2019-02-14 11:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-14 11:29 - 2019-01-12 05:04 - 002018392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441771.dll
2019-02-14 11:29 - 2019-01-12 05:04 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441771.dll
2019-02-14 11:28 - 2019-02-14 11:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-02-13 12:09 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 12:09 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 12:09 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 12:09 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 12:09 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 12:09 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 12:09 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 12:09 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 12:09 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 12:09 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 12:09 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 12:09 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 12:09 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 12:09 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 12:09 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 12:09 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 12:09 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 12:09 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 12:09 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 12:09 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 12:09 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 12:09 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 12:09 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 12:09 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 12:09 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 12:09 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 12:09 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 12:09 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 12:09 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 12:09 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 12:09 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 12:09 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 12:09 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 12:09 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 12:09 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 12:09 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 12:09 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 12:09 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 12:09 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 12:09 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 12:09 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 12:09 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 12:09 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 12:09 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 12:09 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 12:09 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 12:09 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 12:09 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 12:09 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 12:09 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 12:09 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 12:09 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 12:09 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 12:09 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 12:09 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 12:09 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 12:09 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 12:09 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 12:09 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 12:09 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 12:09 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 12:09 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 12:09 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 12:09 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 12:09 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 12:09 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 12:09 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 12:09 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 12:09 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 12:09 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 12:09 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 12:09 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 12:09 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 12:09 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 12:09 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 12:09 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 12:09 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 12:09 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 12:09 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 12:09 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 12:09 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 12:09 - 2019-01-09 18:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2019-02-13 12:09 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 12:09 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 12:09 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 12:09 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 12:09 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 12:09 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 12:09 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 12:09 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 12:09 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 12:09 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 12:09 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 12:09 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 12:09 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 12:09 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 12:09 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 12:09 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 12:09 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 12:09 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 12:09 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 12:09 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 12:09 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 12:09 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 12:09 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 12:09 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 12:09 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 12:09 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 12:09 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 12:09 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 12:09 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 12:09 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 12:09 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 12:09 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 12:09 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 12:09 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 12:09 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 12:09 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 12:09 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 12:09 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 12:09 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 12:09 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 12:09 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 12:09 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 12:09 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 12:09 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 12:09 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 12:09 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 12:09 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 12:09 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 12:09 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 12:09 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 12:09 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 12:09 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 12:09 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-10 15:53 - 2019-03-04 21:51 - 000001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-12 20:23 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-12 18:17 - 2018-05-12 11:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-12 15:38 - 2016-04-14 18:28 - 000000000 ____D C:\Games
2019-03-12 14:58 - 2017-03-05 18:38 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2019-03-12 14:54 - 2015-11-22 17:49 - 000000000 ___DC C:\Users\Percian\AppData\Roaming\XnView
2019-03-12 12:52 - 2018-05-12 11:57 - 000838602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-12 12:52 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-12 12:52 - 2015-09-12 11:15 - 000013362 _____ C:\WINDOWS\system32\perfh01B.dat
2019-03-12 12:52 - 2015-09-12 11:15 - 000004020 _____ C:\WINDOWS\system32\perfc01B.dat
2019-03-12 12:46 - 2015-09-10 15:58 - 000000000 ____D C:\Program Files (x86)\Steam
2019-03-12 12:46 - 2015-09-09 15:56 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-03-12 12:46 - 2015-09-09 15:54 - 000000000 ___DC C:\Users\Percian\AppData\Roaming\Origin
2019-03-12 12:46 - 2015-09-09 15:52 - 000000000 ____D C:\ProgramData\Origin
2019-03-12 12:45 - 2018-05-12 11:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-12 12:45 - 2017-12-23 23:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-03-12 08:38 - 2019-01-19 17:33 - 000003136 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2019-03-12 08:38 - 2018-04-11 22:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-03-11 22:18 - 2018-01-07 15:04 - 000000000 ___DC C:\Users\Percian\AppData\Local\CrashDumps
2019-03-11 21:45 - 2017-12-18 20:46 - 000000000 ____D C:\SWC.Layout.Manager.v.1.4.1
2019-03-11 11:28 - 2018-12-08 09:35 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-11 11:28 - 2018-12-08 09:35 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-11 11:28 - 2018-12-08 09:35 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-11 11:28 - 2018-12-08 09:35 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-11 11:28 - 2018-12-08 09:35 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-11 11:28 - 2018-12-08 09:35 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-11 11:28 - 2018-12-08 09:35 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-11 09:24 - 2018-12-14 19:07 - 000000000 ____D C:\oc
2019-03-10 23:17 - 2017-10-13 23:32 - 000000000 ___DC C:\Users\Percian\AppData\Local\JxBrowser
2019-03-10 20:23 - 2018-05-12 11:55 - 000000000 ___DC C:\Users\Percian\AppData\Local\D3DSCache
2019-03-10 08:23 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-10 08:23 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-10 08:23 - 2017-11-22 11:17 - 000000000 ___DC C:\Users\Percian\AppData\Local\Packages
2019-03-09 17:33 - 2015-09-09 01:43 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-09 17:32 - 2016-03-08 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2019-03-09 17:32 - 2016-03-08 20:53 - 000000000 ____D C:\Program Files (x86)\IK Multimedia
2019-03-09 17:19 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-09 17:19 - 2015-09-13 15:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-09 00:18 - 2015-09-13 12:15 - 000000000 ___DC C:\Users\Percian\AppData\Local\JDownloader v2.0
2019-03-08 15:44 - 2015-10-22 17:01 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2019-03-07 23:46 - 2016-04-11 22:16 - 000000000 ___DC C:\Users\Percian\AppData\Roaming\AIMP
2019-03-07 21:44 - 2015-09-09 17:55 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2019-03-05 23:39 - 2015-09-08 23:13 - 000007616 ____C C:\Users\Percian\AppData\Local\Resmon.ResmonCfg
2019-03-05 22:47 - 2019-01-19 17:38 - 000000000 ___DC C:\Users\Percian\AppData\LocalLow\uTorrent
2019-03-05 22:47 - 2015-09-25 17:50 - 000000000 ___DC C:\Users\Percian\AppData\Roaming\uTorrent
2019-03-05 18:03 - 2018-05-12 11:52 - 000000000 ____D C:\Users\Percian
2019-03-05 06:45 - 2015-10-16 17:51 - 000000000 ____D C:\Program Files (x86)\Origin
2019-03-04 22:05 - 2017-11-06 12:55 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-01 23:49 - 2018-11-16 17:14 - 000000000 ____D C:\Program Files\rempl
2019-02-27 01:32 - 2015-09-26 14:37 - 000000000 ___DC C:\Users\Percian\AppData\Roaming\TS3Client
2019-02-23 23:57 - 2019-01-30 14:38 - 000000000 ___DC C:\Users\Percian\Documents\The Witcher 3
2019-02-22 23:43 - 2018-02-27 16:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-20 13:17 - 2018-01-05 23:09 - 000000000 ___DC C:\Users\Percian\AppData\Local\PlaceholderTileLogoFolder
2019-02-18 16:49 - 2015-11-14 19:22 - 000000000 ___DC C:\Users\Percian\AppData\Local\PackageStaging
2019-02-16 16:56 - 2015-10-14 19:22 - 000000000 ___DC C:\Users\Percian\Documents\Knižnica Calibre
2019-02-16 16:45 - 2017-06-10 16:19 - 000000000 ___DC C:\Users\Percian\AppData\LocalLow\Unity
2019-02-15 20:40 - 2018-10-28 12:00 - 000000000 ___DC C:\Users\Percian\AppData\Roaming\Vortex
2019-02-14 11:30 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Help
2019-02-14 11:24 - 2017-11-26 19:36 - 001248914 _____ C:\WINDOWS\ntbtlog.txt
2019-02-14 11:24 - 2017-05-16 14:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-02-13 15:11 - 2018-12-12 00:51 - 000000000 ____D C:\ProgramData\TEMP
2019-02-13 14:39 - 2018-05-12 11:51 - 004924416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 12:20 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 12:20 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 12:20 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 12:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 12:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 12:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 12:10 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 12:09 - 2015-09-09 17:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 12:08 - 2015-09-09 17:16 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 18:21 - 2018-08-01 19:40 - 000004380 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-12 18:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-12 18:20 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2018-03-01 23:35 - 2018-03-01 23:35 - 000000048 _____ () C:\Program Files (x86)\bu17ocsslj.dat
2019-01-20 17:19 - 2019-01-20 17:19 - 000000000 ____C () C:\Users\Percian\AppData\Roaming\FC29FA0894FE.ini
2017-09-14 11:31 - 2017-09-14 11:31 - 000000016 ____C () C:\Users\Percian\AppData\Roaming\msregsvv.dll
2016-09-27 18:47 - 2016-09-27 18:47 - 000000104 ___HC () C:\Users\Percian\AppData\Roaming\WPVXAP.setting
2015-09-27 23:35 - 2018-12-21 18:01 - 002128896 ____C () C:\Users\Percian\AppData\Local\file__0.localstorage
2015-09-08 23:13 - 2019-03-05 23:39 - 000007616 ____C () C:\Users\Percian\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2019-03-10 23:17 - 2019-03-10 23:17 - 000040448 ____C () C:\Users\Percian\AppData\Local\Temp\proxy_vole8970070602118042166.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-12 11:51

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Per]

Toto som uz skusal,nenaslo to nic.

[Rudy]

OK. Tak ještě přidejte log Addition (je v souboru addition.txt v D:\Stiahnuté súbory) a dočistíme ručně.

[Per]

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019
Ran by Percian (12-03-2019 20:35:09)
Running from D:\Stiahnuté súbory
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-12 10:55:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3469067180-768828901-2224403390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3469067180-768828901-2224403390-503 - Limited - Disabled)
Guest (S-1-5-21-3469067180-768828901-2224403390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3469067180-768828901-2224403390-1006 - Limited - Enabled)
Percian (S-1-5-21-3469067180-768828901-2224403390-1001 - Administrator - Enabled) => C:\Users\Percian
WDAGUtilityAccount (S-1-5-21-3469067180-768828901-2224403390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version:  - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version:  - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version:  - Microsoft)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.4 - Electronic Arts, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.57.44284 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
calibre (HKLM-x32\...\{5AD205E9-E80E-4F4B-88A5-C6B5CC12BBE4}) (Version: 2.48.0 - Kovid Goyal)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Crucial Storage Executive (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\Crucial Storage Executive 3.20.042015.06) (Version: 3.60.082018.04 - Crucial)
Česká lokalizace hry Star Wars Battlefront II (2017) (HKLM-x32\...\Lokalizace SWBFII) (Version: 1.0 - )
Dead Cells (HKLM\...\SKIDROW - Dead Cells) (Version:  - SKIDROW)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.35 - NVIDIA Corporation) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Driver Sweeper verzia 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version:  - )
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Facebook Gameroom 1.21.6907.27509 (HKLM-x32\...\{E34773A0-158F-4322-8849-2C13BBCD6C68}) (Version: 1.21.6907.27509 - Facebook)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.38.5300 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
HP Business Slim Keyboard (HKLM-x32\...\{E9D7FD0D-CF46-4FEB-9C57-7AACCFBF6C36}) (Version: 1.07 - Hewlett-Packard)
HWiNFO64 Version 5.24 (HKLM\...\HWiNFO64_is1) (Version: 5.24 - Martin Malík - REALiX)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation)
Intel(R) Network Connections 23.1.100.0 (HKLM\...\PROSetDX) (Version: 23.1.100.0 - Intel)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Media Feature Pack for Windows 10 N and KN (HKLM-x32\...\{ef11e192-acd9-485d-8860-ee2102cc2a69}) (Version: 1.0.0 - Microsoft) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Afterburner 4.6.0 Beta 9 (HKLM-x32\...\Afterburner) (Version: 4.6.0 Beta 9 - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.49 - MSI)
Mutant Year Zero - Road To Eden (HKLM-x32\...\{4DF4741F-8465-4AA8-9ABA-4B081F05FCAA}_is1) (Version:  - The Bearded Ladies)
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
NVIDIA Grafický ovládač 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.35 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.35.22222 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 419.35 - NVIDIA Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Překlad Pillars of Eternity verze 3.06 (HKLM-x32\...\{0FB1CAE7-E632-4A88-98D7-4BBAE6069783}_is1) (Version: 3.06 - Překlady her)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 r2989 - Rainmeter)
RivaTuner Statistics Server 7.2.0 Beta 5 (HKLM-x32\...\RTSS) (Version: 7.2.0 Beta 5 - Unwinder)
Shadow Of The Tomb Raider (HKLM-x32\...\{96F650BA-50B7-4E7B-B026-8C847F45ED92}_is1) (Version:  - SQUARENIX)
Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrixBoxServiceSetup (HKLM\...\{AD439AEF-B458-48EE-A005-3069FD98B7CA}) (Version: 1.0.9 - ASUSTeKcomputer.Inc) Hidden
Sylenth1 version 2.2.1.X (HKLM-x32\...\{3A739C30-3D3D-4B91-B82E-15874763FD86}_is1) (Version: 2.2.1.X - Lennar Digital)
TeamSpeak 3 Client (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.18533 - TeamViewer)
The Witcher 3: GotY Edition (HKLM-x32\...\The Witcher 3: GotY Edition_is1) (Version:  - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
T-RackS CS version 4.9.0 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.9.0 - IK Multimedia)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.17.3 - Black Tree Gaming Ltd.)
WhoCrashed 6.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows IP Over USB (HKLM-x32\...\{FF0EA481-42DB-A8AE-8356-48C09F7D953D}) (Version: 10.1.10586.15 - Microsoft Corporation)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
XnView 2.40 (HKLM-x32\...\XnView_is1) (Version: 2.40 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3469067180-768828901-2224403390-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-12-07] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-12-07] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EBD8C7-4CB3-4CE2-BCBE-FAC7EAE7A8B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {11C87778-0B56-41C7-9477-2AFD5C778255} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16961762-D898-46FB-A120-F622A962D9D4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {1D363393-E523-4F31-948B-10C6CF581E54} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {469C7231-15F7-44AF-B319-E39E6380F463} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {54E86EEC-36A4-459C-8B16-5615B1F0BC60} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {71EE06C9-E581-436F-9126-F1F5EBA2A390} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7AE1E0AD-6A60-4A5F-AE7B-F11DA7FC6D85} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7E43BCFB-802A-42FC-B9A7-53653F20862E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8032D6A9-80D9-44E3-BD3B-A063340FAEA9} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8916F6EA-F371-454D-A77D-40D2500A9A0E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8F46CFAD-BD9B-48B2-9A90-6F5F4A87BC09} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93B0CEA8-24F3-4C3B-858D-0169CDF21238} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {962005D5-D3F4-4CA0-AC53-CDB2E6E17548} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {A3D0BECC-8379-45F3-805A-3F2251205222} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7A6395D-9BBC-489B-A500-C2D48F99917D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AB3081C4-098A-4467-87C4-FE7E3999FD94} - System32\Tasks\EmptyStandbyList => C:\Program Files (x86)\ISLC v1.0.1.0\Intelligent standby list cleaner ISLC.exe (Wagnardsoft -> Wagnardsoft)
Task: {AC7C1CBA-3E59-455C-A519-A8A15CA3EDBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B375AF12-8CDE-413F-967C-8011AF889501} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {B87FEA9A-35AA-44DB-9AFE-1B884BFBFE7A} - System32\Tasks\S-1-5-21-3469067180-768828901-2224403390-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {E0B71AA4-92CE-441F-A180-0BD039534308} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EF07B53E-9801-45C8-BBC9-350B25278A5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {FA02A121-FD91-42EA-8CDB-66196FFFC563} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-10-08 16:53 - 2012-10-08 16:53 - 000423424 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
2018-01-31 13:42 - 2018-01-31 13:42 - 000505856 _____ (Intel Corporation) [File not signed] C:\WINDOWS\system32\IProsetMonitor.exe
2018-01-25 11:10 - 2018-01-25 11:10 - 000349696 _____ (Intel(R) Corporation) [File not signed] C:\WINDOWS\system32\NCS2Setp.dll
2006-10-26 12:40 - 2006-10-26 12:40 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2019-02-22 00:17 - 2019-02-22 00:17 - 000986624 _____ (File-New-Project) [File not signed] C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
2014-11-24 16:53 - 2014-11-24 16:53 - 000877056 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
2015-09-16 13:18 - 2015-09-16 13:18 - 003513344 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\SkWLUSB.exe
2016-03-18 10:03 - 2016-03-18 10:03 - 000335360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2003-03-18 21:23 - 2003-03-18 21:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1051\mdmui.dll
2006-10-26 12:40 - 2006-10-26 12:40 - 000192512 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2015-11-19 20:03 - 2015-11-19 20:03 - 000247808 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2018-12-20 11:24 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000357888 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2018-09-22 16:51 - 2018-09-22 16:51 - 000605184 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2018-09-04 16:02 - 2018-09-04 16:02 - 000353792 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2018-09-04 16:02 - 2018-09-04 16:02 - 000055808 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2018-09-04 16:02 - 2018-09-04 16:02 - 000072704 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 001177600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2017-09-02 14:35 - 2019-03-05 06:44 - 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\SSLEAY32.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 003515904 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 054063616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2017-09-02 14:35 - 2019-03-05 06:44 - 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2016-09-10 22:22 - 2019-03-05 06:44 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL.DLL
2016-09-10 22:22 - 2019-03-05 06:44 - 003090944 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000256512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-10-16 17:52 - 2016-06-09 22:44 - 000266240 _____ () [File not signed] C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000305152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000278016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\mediaservice\dsengine.dll
2011-09-16 17:04 - 2011-09-16 17:04 - 000238080 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\CTLoadRs.dll
2013-02-27 11:29 - 2013-02-27 11:29 - 000251904 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\HKDetect.dll
2014-07-03 17:22 - 2014-07-03 17:22 - 000555008 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\CTAudEp.dll
2018-03-15 10:47 - 2009-03-18 16:00 - 000151552 ____N (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\ShareDLL\CADI\CTCadiEP.dll
2014-12-23 08:11 - 2014-12-23 08:11 - 000055808 _____ (LITE-ON Corp.) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\skhooks.dll
2014-11-06 14:02 - 2014-11-06 14:02 - 000049664 _____ (LITE-ON TECHNOLOGY CORP.) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\SKHidKbd.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 001184256 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 071641088 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\libcef.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\chrome_elf.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000774656 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 003149824 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\libglesv2.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000078848 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [183]
AlternateDataStreams: C:\Users\Percian\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\.exe:  =>  <==== ATTENTION
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2017-11-26 15:49 - 000001531 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: c:\program files (x86)\intel\intel(r) management engine components\icls\;c:\program files\intel\intel(r) management engine components\icls\;c:\program files (x86)\common files\oracle\java\javapath;c:\programdata\oracle\java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\program files (x86)\ati technologies\ati.ace\core-static;c:\program files (x86)\amd\ati.ace\core-static;c:\program files (x86)\calibre2\;c:\program files\crucial\crucial storage executive;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\users\percian\appdata\local\microsoft\windowsapps;c:\adb;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;c:\program files (x86)\intel\intel(r) management engine components\dal;c:\program files\intel\intel(r) management engine components\dal;c:\program files (x86)\intel\intel(r) management engine components\ipt;c:\program files\intel\intel(r) management engine components\ipt;c:\program files (x86)\universal extractor;c:\program files (x86)\universal extractor\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Control Panel\Desktop\\Wallpaper -> c:\users\percian\appdata\local\microsoft\windows\themes\footpaths\desktopbackground\paths1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "RoccatKone+"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\StartupFolder: => "firefox – odkaz.lnk"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\StartupFolder: => "Origin.lnk"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\Run: => ""

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{51958CEF-22FF-4C8F-905C-A18B3D40B850}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{686CD88E-FFE5-40AD-8459-A1E6D5890E38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1D11927B-F546-4C10-A669-C75EC930352E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{BB960BE9-784A-49B0-BCCD-010E9DFA7804}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{6DF767A1-C72D-4783-9C6B-9005A0CA8CA3}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{7A2F452E-AACA-4E16-A6C2-4685F48BD287}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{418C6314-DC3E-4F95-8B87-7F2A194DF13D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{000207F1-B114-45C1-86D8-A30CD157AC75}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{D91AE63F-E7AA-4F07-A147-01144025F91B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{DB233399-E0F2-4AC7-934A-769674EF18FE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{88277956-4651-4D7D-9EA2-6F18A16D26A8}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8530EE8C-E8A8-4AB9-ACA0-E466C9FFACA7}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F6FB1DBC-F032-44BC-BC33-FED8EC70E748}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [{006C0278-EA20-4B8C-B907-A2DD700A4F66}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [UDP Query User{03469E64-3960-4AE4-ADFF-16DBEE7AFED1}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{D3360F51-B2AD-474A-A8F2-DD35352E4F7F}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{7698C141-AAF0-4885-B404-CC02698618A4}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4594CA27-B06C-4659-BFD3-8CBBC44CB17D}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{27F0D1DD-5023-4AFF-98D6-E72D39C4CB18}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CC8BAEB0-1F2E-4747-BDB8-CE8F1DF18608}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{374424D1-17B8-41A6-A3FC-F51CA84EF9AA}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6BBC1143-FB63-4629-BFA4-1ECA34C7C8F9}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CD9F7705-5CD7-4218-BB88-D5899C0A3BBA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D5F84F4E-919F-4749-9BAB-74674800D31B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8F48C70B-6E29-4C5D-ADCA-5C1C6524E106}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{702EAA35-4B92-44E3-9F94-8164443E09D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9BBE4636-A17D-401E-A321-131F3D6B32FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{EAF5C283-564F-4F33-9370-0E7F7BE9A9BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{FF58327B-E3CE-4AEC-80ED-91F4365698BA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{C697216D-36F5-4C3D-856B-815218056527}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [TCP Query User{1332A1F0-9D1D-4340-B392-A17F3930DE64}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [UDP Query User{F4049E33-F4E3-47AD-8940-BC5D20A881DF}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [TCP Query User{F61BEC69-3609-4CCB-B88C-DE376B757826}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{FB416D16-1D23-4A94-954C-6892345A383E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{8414FF91-1DB2-49E1-826E-8DF08D5981F1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{605F722E-54BA-458A-87F2-B3D67F8D1A0C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{88327499-FC3E-4CA1-AA95-F2B37321E2F1}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [UDP Query User{C24BD3DB-FBC1-458F-8CD6-08979AFC3F85}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [{E51917CC-1E9D-478D-BA34-6ED1A0D52905}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{90C0C4B6-8443-4F5B-8BEE-A57312D7C690}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BC8757CB-E75D-4AC4-95CA-4687708F6983}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{E6AFFBB9-BCA3-49E0-9E3B-339ECB65F8B6}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{5BAF1D7C-6F54-4820-8C31-E18A124A40EB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{DF0D71A5-0E63-41A4-B408-DBEECE37974F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{9C2F250D-607F-4EF5-BAAA-1C5E1434A598}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{623FF412-8E00-4D57-B8CE-72871ABB6212}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{4E58F81E-E1EB-4A73-B24B-0391DC75FBB5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{309A0BA1-8033-4487-8A21-10B97AFB29BA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{CDA30AC4-6BE0-4D29-ACA3-6B3AE3655F39}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{B0C74D4B-5D9F-4B5D-8D9C-2ED5B09041E8}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{B19A22F2-DF2F-4AFE-AA72-A2A28763D29C}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{BC5B9ADB-0900-40D5-AB15-4DF317DB01AF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{841075E9-7BEB-418E-9912-18E15CB248BF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{E3494819-9245-4E49-8EB3-10F7DB35E980}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{3A6E2002-9897-44D4-8B4E-991C986230BB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{EC3B3561-5896-41C8-8B45-C17FEEE8A5CB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{6CEB024A-6F87-4A91-B3CC-18427CA8C80A}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{02542FA1-6C0C-4CF4-84B8-2C8A45E8FC5D}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{99159FC9-3346-4828-B9ED-98F666CBD134}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{2AC5D4C2-F08A-46CC-BD5D-966AFA37C479}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{5D6FA177-3D81-45B2-9377-FE6A8486F041}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{926CA51A-9B64-434C-BD2E-1829B810617E}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{90AE16A5-40A5-4FED-A935-AD1906DEC049}] => (Allow) C:\Users\Percian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{533DB173-D467-4938-B66F-1A7E34F3F83A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A46733F7-E0EA-4DA7-9DBF-5ED62D773ADD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1F5244B7-3883-48F7-B2F8-4262325EB2A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{43BC2861-9717-4835-9E79-41DF5A403EEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{23A33BD8-34A6-4A6F-B77C-36E5C3974D06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{12AB71B4-B4F8-49AA-B73D-071920222BED}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{6AE0710B-80B4-4A43-A898-9DA0D4ED3D01}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

==================== Restore Points =========================

09-03-2019 17:23:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2019 10:18:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: StaRTS-standalonewindows-production-320-production.exe, verzia: 2017.2.1.37537, časová značka: 0x5a7a1784
Názov chybujúceho modulu: mono.dll_unloaded, verzia: 1.0.0.1, časová značka: 0x5a2fead2
Kód výnimky: 0xc0000005
Odstup chyby: 0x000f8ff3
Identifikácia chybujúceho procesu: 0x1b34
Čas spustenia chybujúcej aplikácie: 0x01d4d84b7838dbef
Cesta chybujúcej aplikácie: C:\Users\Percian\AppData\Local\Facebook\Games\Games\518856528223038\27\StaRTS-standalonewindows-production-320-production.exe
Cesta chybujúceho modulu: mono.dll
Identifikácia hlásenia: 3c318c70-6f77-40f9-8c4a-f621ba75e769
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (03/08/2019 07:43:08 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/08/2019 05:58:53 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/08/2019 12:07:37 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/08/2019 11:53:06 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/06/2019 08:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: dwm.exe, verzia: 10.0.17134.1, časová značka: 0xf5178e97
Názov chybujúceho modulu: dwmcore.dll, verzia: 10.0.17134.441, časová značka: 0x8b352f6e
Kód výnimky: 0xc00001ad
Odstup chyby: 0x00000000001cdff2
Identifikácia chybujúceho procesu: 0x3270
Čas spustenia chybujúcej aplikácie: 0x01d4d4549b67116e
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\dwm.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\dwmcore.dll
Identifikácia hlásenia: 6feba475-9695-491e-86ed-ae112369fb84
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (03/06/2019 08:41:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: dwm.exe, verzia: 10.0.17134.1, časová značka: 0xf5178e97
Názov chybujúceho modulu: dwmcore.dll, verzia: 10.0.17134.441, časová značka: 0x8b352f6e
Kód výnimky: 0xc00001ad
Odstup chyby: 0x00000000001cdff2
Identifikácia chybujúceho procesu: 0x1668
Čas spustenia chybujúcej aplikácie: 0x01d4d4549b30a944
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\dwm.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\dwmcore.dll
Identifikácia hlásenia: 563f730d-06e3-4320-b85a-04f49de4d76b
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (03/06/2019 08:41:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: dwm.exe, verzia: 10.0.17134.1, časová značka: 0xf5178e97
Názov chybujúceho modulu: dwmcore.dll, verzia: 10.0.17134.441, časová značka: 0x8b352f6e
Kód výnimky: 0xc00001ad
Odstup chyby: 0x00000000001cdff2
Identifikácia chybujúceho procesu: 0x1930
Čas spustenia chybujúcej aplikácie: 0x01d4d4549aef3a79
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\dwm.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\dwmcore.dll
Identifikácia hlásenia: 6b01b8c4-bb12-4e85-9295-da19bfe9cd16
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (03/12/2019 12:48:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:48:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:23 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID 
Unavailable
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:18 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:11 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:05 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:04 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:45:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby iocbios2 zlyhalo kvôli nasledujúcej chybe: 
The system cannot find the path specified.


Windows Defender:
===================================
Date: 2019-03-12 13:55:40.377
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {16BDA54E-971D-417C-BE81-0F3B6309AA59}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-09 22:44:03.853
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DFDA78D7-C666-467C-9161-43FE224CC26B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-09 22:17:04.820
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A32F6593-4CE5-447E-98A8-84564BEF3932}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-08 15:35:20.747
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {89B75C70-0CA2-4418-9AAE-B81E98B2A76A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-04 21:52:54.348
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ECE0D77D-5F19-46D9-AA8D-1C309415E921}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-14 11:23:54.308
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-08-11 18:43:33.862
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 33%
Total physical RAM: 16346.65 MB
Available physical RAM: 10899.5 MB
Total Virtual: 19346.65 MB
Available Virtual: 10251.98 MB

==================== Drives ================================

Drive c: (Nod) (Fixed) (Total:418.64 GB) (Free:93.23 GB) NTFS
Drive d: (data) (Fixed) (Total:449.22 GB) (Free:115.57 GB) NTFS
Drive e: (Volume) (Fixed) (Total:146.95 GB) (Free:35.01 GB) NTFS

\\?\Volume{e1d14b9f-b8b3-4a6e-b454-f867b23fc093}\ (Obnovenie) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{ceb55c30-b0eb-42f2-a75e-b78c7adf7f04}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 4C91AFED)
Partition 1: (Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

[Per]

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019
Ran by Percian (12-03-2019 20:35:09)
Running from D:\Stiahnuté súbory
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-12 10:55:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3469067180-768828901-2224403390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3469067180-768828901-2224403390-503 - Limited - Disabled)
Guest (S-1-5-21-3469067180-768828901-2224403390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3469067180-768828901-2224403390-1006 - Limited - Enabled)
Percian (S-1-5-21-3469067180-768828901-2224403390-1001 - Administrator - Enabled) => C:\Users\Percian
WDAGUtilityAccount (S-1-5-21-3469067180-768828901-2224403390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version:  - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version:  - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version:  - Microsoft)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.4 - Electronic Arts, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.57.44284 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
calibre (HKLM-x32\...\{5AD205E9-E80E-4F4B-88A5-C6B5CC12BBE4}) (Version: 2.48.0 - Kovid Goyal)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
Core Temp 1.12.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.12.1 - ALCPU)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Crucial Storage Executive (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\Crucial Storage Executive 3.20.042015.06) (Version: 3.60.082018.04 - Crucial)
Česká lokalizace hry Star Wars Battlefront II (2017) (HKLM-x32\...\Lokalizace SWBFII) (Version: 1.0 - )
Dead Cells (HKLM\...\SKIDROW - Dead Cells) (Version:  - SKIDROW)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.35 - NVIDIA Corporation) Hidden
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Driver Sweeper verzia 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version:  - )
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Facebook Gameroom 1.21.6907.27509 (HKLM-x32\...\{E34773A0-158F-4322-8849-2C13BBCD6C68}) (Version: 1.21.6907.27509 - Facebook)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.38.5300 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
HP Business Slim Keyboard (HKLM-x32\...\{E9D7FD0D-CF46-4FEB-9C57-7AACCFBF6C36}) (Version: 1.07 - Hewlett-Packard)
HWiNFO64 Version 5.24 (HKLM\...\HWiNFO64_is1) (Version: 5.24 - Martin Malík - REALiX)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation)
Intel(R) Network Connections 23.1.100.0 (HKLM\...\PROSetDX) (Version: 23.1.100.0 - Intel)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
Media Feature Pack for Windows 10 N and KN (HKLM-x32\...\{ef11e192-acd9-485d-8860-ee2102cc2a69}) (Version: 1.0.0 - Microsoft) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Afterburner 4.6.0 Beta 9 (HKLM-x32\...\Afterburner) (Version: 4.6.0 Beta 9 - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.49 - MSI)
Mutant Year Zero - Road To Eden (HKLM-x32\...\{4DF4741F-8465-4AA8-9ABA-4B081F05FCAA}_is1) (Version:  - The Bearded Ladies)
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
NVIDIA Grafický ovládač 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.35 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.35.22222 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 419.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 419.35 - NVIDIA Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Překlad Pillars of Eternity verze 3.06 (HKLM-x32\...\{0FB1CAE7-E632-4A88-98D7-4BBAE6069783}_is1) (Version: 3.06 - Překlady her)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 r2989 - Rainmeter)
RivaTuner Statistics Server 7.2.0 Beta 5 (HKLM-x32\...\RTSS) (Version: 7.2.0 Beta 5 - Unwinder)
Shadow Of The Tomb Raider (HKLM-x32\...\{96F650BA-50B7-4E7B-B026-8C847F45ED92}_is1) (Version:  - SQUARENIX)
Sound Blaster Z-Series (HKLM-x32\...\{DAB64FB1-0BBB-486E-9C57-A3E34F463AEB}) (Version: 1.01.10 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrixBoxServiceSetup (HKLM\...\{AD439AEF-B458-48EE-A005-3069FD98B7CA}) (Version: 1.0.9 - ASUSTeKcomputer.Inc) Hidden
Sylenth1 version 2.2.1.X (HKLM-x32\...\{3A739C30-3D3D-4B91-B82E-15874763FD86}_is1) (Version: 2.2.1.X - Lennar Digital)
TeamSpeak 3 Client (HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.18533 - TeamViewer)
The Witcher 3: GotY Edition (HKLM-x32\...\The Witcher 3: GotY Edition_is1) (Version:  - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
T-RackS CS version 4.9.0 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.9.0 - IK Multimedia)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 0.17.3 - Black Tree Gaming Ltd.)
WhoCrashed 6.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows IP Over USB (HKLM-x32\...\{FF0EA481-42DB-A8AE-8356-48C09F7D953D}) (Version: 10.1.10586.15 - Microsoft Corporation)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
XnView 2.40 (HKLM-x32\...\XnView_is1) (Version: 2.40 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3469067180-768828901-2224403390-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-12-07] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2018-12-07] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-03-01] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EBD8C7-4CB3-4CE2-BCBE-FAC7EAE7A8B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {11C87778-0B56-41C7-9477-2AFD5C778255} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16961762-D898-46FB-A120-F622A962D9D4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {1D363393-E523-4F31-948B-10C6CF581E54} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {469C7231-15F7-44AF-B319-E39E6380F463} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {54E86EEC-36A4-459C-8B16-5615B1F0BC60} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {71EE06C9-E581-436F-9126-F1F5EBA2A390} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7AE1E0AD-6A60-4A5F-AE7B-F11DA7FC6D85} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7E43BCFB-802A-42FC-B9A7-53653F20862E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8032D6A9-80D9-44E3-BD3B-A063340FAEA9} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8916F6EA-F371-454D-A77D-40D2500A9A0E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8F46CFAD-BD9B-48B2-9A90-6F5F4A87BC09} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93B0CEA8-24F3-4C3B-858D-0169CDF21238} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {962005D5-D3F4-4CA0-AC53-CDB2E6E17548} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {A3D0BECC-8379-45F3-805A-3F2251205222} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7A6395D-9BBC-489B-A500-C2D48F99917D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AB3081C4-098A-4467-87C4-FE7E3999FD94} - System32\Tasks\EmptyStandbyList => C:\Program Files (x86)\ISLC v1.0.1.0\Intelligent standby list cleaner ISLC.exe (Wagnardsoft -> Wagnardsoft)
Task: {AC7C1CBA-3E59-455C-A519-A8A15CA3EDBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B375AF12-8CDE-413F-967C-8011AF889501} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {B87FEA9A-35AA-44DB-9AFE-1B884BFBFE7A} - System32\Tasks\S-1-5-21-3469067180-768828901-2224403390-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {E0B71AA4-92CE-441F-A180-0BD039534308} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EF07B53E-9801-45C8-BBC9-350B25278A5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {FA02A121-FD91-42EA-8CDB-66196FFFC563} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-10-08 16:53 - 2012-10-08 16:53 - 000423424 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
2018-01-31 13:42 - 2018-01-31 13:42 - 000505856 _____ (Intel Corporation) [File not signed] C:\WINDOWS\system32\IProsetMonitor.exe
2018-01-25 11:10 - 2018-01-25 11:10 - 000349696 _____ (Intel(R) Corporation) [File not signed] C:\WINDOWS\system32\NCS2Setp.dll
2006-10-26 12:40 - 2006-10-26 12:40 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2019-02-22 00:17 - 2019-02-22 00:17 - 000986624 _____ (File-New-Project) [File not signed] C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
2014-11-24 16:53 - 2014-11-24 16:53 - 000877056 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
2015-09-16 13:18 - 2015-09-16 13:18 - 003513344 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\SkWLUSB.exe
2016-03-18 10:03 - 2016-03-18 10:03 - 000335360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2003-03-18 21:23 - 2003-03-18 21:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1051\mdmui.dll
2006-10-26 12:40 - 2006-10-26 12:40 - 000192512 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2015-11-19 20:03 - 2015-11-19 20:03 - 000247808 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2018-12-20 11:24 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2018-09-22 16:50 - 2018-09-22 16:50 - 000357888 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2018-09-22 16:51 - 2018-09-22 16:51 - 000605184 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2018-09-04 16:02 - 2018-09-04 16:02 - 000353792 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2018-09-04 16:02 - 2018-09-04 16:02 - 000055808 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2018-09-04 16:02 - 2018-09-04 16:02 - 000072704 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 001177600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2017-09-02 14:35 - 2019-03-05 06:44 - 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\SSLEAY32.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 003515904 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 054063616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2018-03-28 10:37 - 2019-03-05 06:44 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2017-09-02 14:35 - 2019-03-05 06:44 - 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2016-09-10 22:22 - 2019-03-05 06:44 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL.DLL
2016-09-10 22:22 - 2019-03-05 06:44 - 003090944 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000256512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-10-16 17:52 - 2016-06-09 22:44 - 000266240 _____ () [File not signed] C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000305152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-10-16 17:52 - 2019-03-05 06:44 - 000278016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\mediaservice\dsengine.dll
2011-09-16 17:04 - 2011-09-16 17:04 - 000238080 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\CTLoadRs.dll
2013-02-27 11:29 - 2013-02-27 11:29 - 000251904 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\HKDetect.dll
2014-07-03 17:22 - 2014-07-03 17:22 - 000555008 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\CTAudEp.dll
2018-03-15 10:47 - 2009-03-18 16:00 - 000151552 ____N (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\ShareDLL\CADI\CTCadiEP.dll
2014-12-23 08:11 - 2014-12-23 08:11 - 000055808 _____ (LITE-ON Corp.) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\skhooks.dll
2014-11-06 14:02 - 2014-11-06 14:02 - 000049664 _____ (LITE-ON TECHNOLOGY CORP.) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Business Slim Keyboard\SKHidKbd.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 001184256 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 071641088 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\libcef.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\chrome_elf.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000774656 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 003149824 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\libglesv2.dll
2018-11-29 15:19 - 2018-11-29 15:19 - 000078848 _____ () [File not signed] C:\Users\Percian\AppData\Local\Facebook\Games\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [183]
AlternateDataStreams: C:\Users\Percian\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\.exe:  =>  <==== ATTENTION
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2017-11-26 15:49 - 000001531 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: c:\program files (x86)\intel\intel(r) management engine components\icls\;c:\program files\intel\intel(r) management engine components\icls\;c:\program files (x86)\common files\oracle\java\javapath;c:\programdata\oracle\java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\program files (x86)\ati technologies\ati.ace\core-static;c:\program files (x86)\amd\ati.ace\core-static;c:\program files (x86)\calibre2\;c:\program files\crucial\crucial storage executive;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\users\percian\appdata\local\microsoft\windowsapps;c:\adb;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;c:\program files (x86)\intel\intel(r) management engine components\dal;c:\program files\intel\intel(r) management engine components\dal;c:\program files (x86)\intel\intel(r) management engine components\ipt;c:\program files\intel\intel(r) management engine components\ipt;c:\program files (x86)\universal extractor;c:\program files (x86)\universal extractor\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Control Panel\Desktop\\Wallpaper -> c:\users\percian\appdata\local\microsoft\windows\themes\footpaths\desktopbackground\paths1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "RoccatKone+"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\StartupFolder: => "firefox – odkaz.lnk"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\StartupFolder: => "Origin.lnk"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\...\StartupApproved\Run: => ""

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{51958CEF-22FF-4C8F-905C-A18B3D40B850}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{686CD88E-FFE5-40AD-8459-A1E6D5890E38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1D11927B-F546-4C10-A669-C75EC930352E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{BB960BE9-784A-49B0-BCCD-010E9DFA7804}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{6DF767A1-C72D-4783-9C6B-9005A0CA8CA3}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{7A2F452E-AACA-4E16-A6C2-4685F48BD287}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{418C6314-DC3E-4F95-8B87-7F2A194DF13D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{000207F1-B114-45C1-86D8-A30CD157AC75}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{D91AE63F-E7AA-4F07-A147-01144025F91B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{DB233399-E0F2-4AC7-934A-769674EF18FE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{88277956-4651-4D7D-9EA2-6F18A16D26A8}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8530EE8C-E8A8-4AB9-ACA0-E466C9FFACA7}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F6FB1DBC-F032-44BC-BC33-FED8EC70E748}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [{006C0278-EA20-4B8C-B907-A2DD700A4F66}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [UDP Query User{03469E64-3960-4AE4-ADFF-16DBEE7AFED1}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{D3360F51-B2AD-474A-A8F2-DD35352E4F7F}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{7698C141-AAF0-4885-B404-CC02698618A4}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4594CA27-B06C-4659-BFD3-8CBBC44CB17D}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{27F0D1DD-5023-4AFF-98D6-E72D39C4CB18}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CC8BAEB0-1F2E-4747-BDB8-CE8F1DF18608}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{374424D1-17B8-41A6-A3FC-F51CA84EF9AA}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6BBC1143-FB63-4629-BFA4-1ECA34C7C8F9}] => (Allow) C:\Users\Percian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CD9F7705-5CD7-4218-BB88-D5899C0A3BBA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D5F84F4E-919F-4749-9BAB-74674800D31B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8F48C70B-6E29-4C5D-ADCA-5C1C6524E106}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{702EAA35-4B92-44E3-9F94-8164443E09D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9BBE4636-A17D-401E-A321-131F3D6B32FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{EAF5C283-564F-4F33-9370-0E7F7BE9A9BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{FF58327B-E3CE-4AEC-80ED-91F4365698BA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{C697216D-36F5-4C3D-856B-815218056527}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [TCP Query User{1332A1F0-9D1D-4340-B392-A17F3930DE64}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [UDP Query User{F4049E33-F4E3-47AD-8940-BC5D20A881DF}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [TCP Query User{F61BEC69-3609-4CCB-B88C-DE376B757826}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{FB416D16-1D23-4A94-954C-6892345A383E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{8414FF91-1DB2-49E1-826E-8DF08D5981F1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{605F722E-54BA-458A-87F2-B3D67F8D1A0C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{88327499-FC3E-4CA1-AA95-F2B37321E2F1}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [UDP Query User{C24BD3DB-FBC1-458F-8CD6-08979AFC3F85}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [{E51917CC-1E9D-478D-BA34-6ED1A0D52905}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{90C0C4B6-8443-4F5B-8BEE-A57312D7C690}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BC8757CB-E75D-4AC4-95CA-4687708F6983}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{E6AFFBB9-BCA3-49E0-9E3B-339ECB65F8B6}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{5BAF1D7C-6F54-4820-8C31-E18A124A40EB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{DF0D71A5-0E63-41A4-B408-DBEECE37974F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{9C2F250D-607F-4EF5-BAAA-1C5E1434A598}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{623FF412-8E00-4D57-B8CE-72871ABB6212}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{4E58F81E-E1EB-4A73-B24B-0391DC75FBB5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{309A0BA1-8033-4487-8A21-10B97AFB29BA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{CDA30AC4-6BE0-4D29-ACA3-6B3AE3655F39}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{B0C74D4B-5D9F-4B5D-8D9C-2ED5B09041E8}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{B19A22F2-DF2F-4AFE-AA72-A2A28763D29C}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{BC5B9ADB-0900-40D5-AB15-4DF317DB01AF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{841075E9-7BEB-418E-9912-18E15CB248BF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{E3494819-9245-4E49-8EB3-10F7DB35E980}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{3A6E2002-9897-44D4-8B4E-991C986230BB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{EC3B3561-5896-41C8-8B45-C17FEEE8A5CB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{6CEB024A-6F87-4A91-B3CC-18427CA8C80A}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{02542FA1-6C0C-4CF4-84B8-2C8A45E8FC5D}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{99159FC9-3346-4828-B9ED-98F666CBD134}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{2AC5D4C2-F08A-46CC-BD5D-966AFA37C479}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{5D6FA177-3D81-45B2-9377-FE6A8486F041}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{926CA51A-9B64-434C-BD2E-1829B810617E}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{90AE16A5-40A5-4FED-A935-AD1906DEC049}] => (Allow) C:\Users\Percian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{533DB173-D467-4938-B66F-1A7E34F3F83A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A46733F7-E0EA-4DA7-9DBF-5ED62D773ADD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1F5244B7-3883-48F7-B2F8-4262325EB2A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{43BC2861-9717-4835-9E79-41DF5A403EEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{23A33BD8-34A6-4A6F-B77C-36E5C3974D06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{12AB71B4-B4F8-49AA-B73D-071920222BED}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{6AE0710B-80B4-4A43-A898-9DA0D4ED3D01}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

==================== Restore Points =========================

09-03-2019 17:23:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2019 10:18:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: StaRTS-standalonewindows-production-320-production.exe, verzia: 2017.2.1.37537, časová značka: 0x5a7a1784
Názov chybujúceho modulu: mono.dll_unloaded, verzia: 1.0.0.1, časová značka: 0x5a2fead2
Kód výnimky: 0xc0000005
Odstup chyby: 0x000f8ff3
Identifikácia chybujúceho procesu: 0x1b34
Čas spustenia chybujúcej aplikácie: 0x01d4d84b7838dbef
Cesta chybujúcej aplikácie: C:\Users\Percian\AppData\Local\Facebook\Games\Games\518856528223038\27\StaRTS-standalonewindows-production-320-production.exe
Cesta chybujúceho modulu: mono.dll
Identifikácia hlásenia: 3c318c70-6f77-40f9-8c4a-f621ba75e769
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (03/08/2019 07:43:08 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/08/2019 05:58:53 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/08/2019 12:07:37 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/08/2019 11:53:06 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: PERCIAN-PC)
Description: httphttp-2147467263

Error: (03/06/2019 08:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: dwm.exe, verzia: 10.0.17134.1, časová značka: 0xf5178e97
Názov chybujúceho modulu: dwmcore.dll, verzia: 10.0.17134.441, časová značka: 0x8b352f6e
Kód výnimky: 0xc00001ad
Odstup chyby: 0x00000000001cdff2
Identifikácia chybujúceho procesu: 0x3270
Čas spustenia chybujúcej aplikácie: 0x01d4d4549b67116e
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\dwm.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\dwmcore.dll
Identifikácia hlásenia: 6feba475-9695-491e-86ed-ae112369fb84
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (03/06/2019 08:41:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: dwm.exe, verzia: 10.0.17134.1, časová značka: 0xf5178e97
Názov chybujúceho modulu: dwmcore.dll, verzia: 10.0.17134.441, časová značka: 0x8b352f6e
Kód výnimky: 0xc00001ad
Odstup chyby: 0x00000000001cdff2
Identifikácia chybujúceho procesu: 0x1668
Čas spustenia chybujúcej aplikácie: 0x01d4d4549b30a944
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\dwm.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\dwmcore.dll
Identifikácia hlásenia: 563f730d-06e3-4320-b85a-04f49de4d76b
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (03/06/2019 08:41:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: dwm.exe, verzia: 10.0.17134.1, časová značka: 0xf5178e97
Názov chybujúceho modulu: dwmcore.dll, verzia: 10.0.17134.441, časová značka: 0x8b352f6e
Kód výnimky: 0xc00001ad
Odstup chyby: 0x00000000001cdff2
Identifikácia chybujúceho procesu: 0x1930
Čas spustenia chybujúcej aplikácie: 0x01d4d4549aef3a79
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\dwm.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\dwmcore.dll
Identifikácia hlásenia: 6b01b8c4-bb12-4e85-9295-da19bfe9cd16
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (03/12/2019 12:48:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:48:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:23 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID 
Unavailable
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:18 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:11 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:05 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:46:04 PM) (Source: DCOM) (EventID: 10016) (User: PERCIAN-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user PERCIAN-PC\Percian SID (S-1-5-21-3469067180-768828901-2224403390-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:45:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby iocbios2 zlyhalo kvôli nasledujúcej chybe: 
The system cannot find the path specified.


Windows Defender:
===================================
Date: 2019-03-12 13:55:40.377
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {16BDA54E-971D-417C-BE81-0F3B6309AA59}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-09 22:44:03.853
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DFDA78D7-C666-467C-9161-43FE224CC26B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-09 22:17:04.820
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A32F6593-4CE5-447E-98A8-84564BEF3932}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-08 15:35:20.747
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {89B75C70-0CA2-4418-9AAE-B81E98B2A76A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-04 21:52:54.348
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ECE0D77D-5F19-46D9-AA8D-1C309415E921}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-02-14 11:23:54.308
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-08-11 18:43:33.862
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 33%
Total physical RAM: 16346.65 MB
Available physical RAM: 10899.5 MB
Total Virtual: 19346.65 MB
Available Virtual: 10251.98 MB

==================== Drives ================================

Drive c: (Nod) (Fixed) (Total:418.64 GB) (Free:93.23 GB) NTFS
Drive d: (data) (Fixed) (Total:449.22 GB) (Free:115.57 GB) NTFS
Drive e: (Volume) (Fixed) (Total:146.95 GB) (Free:35.01 GB) NTFS

\\?\Volume{e1d14b9f-b8b3-4a6e-b454-f867b23fc093}\ (Obnovenie) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{ceb55c30-b0eb-42f2-a75e-b78c7adf7f04}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 4C91AFED)
Partition 1: (Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
Task: {A7A6395D-9BBC-489B-A500-C2D48F99917D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AC7C1CBA-3E59-455C-A519-A8A15CA3EDBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EF07B53E-9801-45C8-BBC9-350B25278A5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [183]
AlternateDataStreams: C:\Users\Percian\AppData\Local\Temp:$DATA​ [16]
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
FirewallRules: [{8F48C70B-6E29-4C5D-ADCA-5C1C6524E106}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{702EAA35-4B92-44E3-9F94-8164443E09D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9BBE4636-A17D-401E-A321-131F3D6B32FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{EAF5C283-564F-4F33-9370-0E7F7BE9A9BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{1332A1F0-9D1D-4340-B392-A17F3930DE64}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [UDP Query User{F4049E33-F4E3-47AD-8940-BC5D20A881DF}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [TCP Query User{88327499-FC3E-4CA1-AA95-F2B37321E2F1}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [UDP Query User{C24BD3DB-FBC1-458F-8CD6-08979AFC3F85}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [{9C2F250D-607F-4EF5-BAAA-1C5E1434A598}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{623FF412-8E00-4D57-B8CE-72871ABB6212}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{4E58F81E-E1EB-4A73-B24B-0391DC75FBB5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{309A0BA1-8033-4487-8A21-10B97AFB29BA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{CDA30AC4-6BE0-4D29-ACA3-6B3AE3655F39}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{B0C74D4B-5D9F-4B5D-8D9C-2ED5B09041E8}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{B19A22F2-DF2F-4AFE-AA72-A2A28763D29C}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{BC5B9ADB-0900-40D5-AB15-4DF317DB01AF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{841075E9-7BEB-418E-9912-18E15CB248BF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{E3494819-9245-4E49-8EB3-10F7DB35E980}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{3A6E2002-9897-44D4-8B4E-991C986230BB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{EC3B3561-5896-41C8-8B45-C17FEEE8A5CB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{6CEB024A-6F87-4A91-B3CC-18427CA8C80A}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{02542FA1-6C0C-4CF4-84B8-2C8A45E8FC5D}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{99159FC9-3346-4828-B9ED-98F666CBD134}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{2AC5D4C2-F08A-46CC-BD5D-966AFA37C479}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{90AE16A5-40A5-4FED-A935-AD1906DEC049}] => (Allow) C:\Users\Percian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\LastGood.Tmp
C:\Users\Percian\AppData\Roaming\FC29FA0894FE.ini
C:\Users\Percian\AppData\Local\Temp

EmptyTemp:
Hosts:
End

Uložte do D:\Stiahnuté súbory jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Per]

preco?
kde je chyba? sice sa do toho nerozumiem,ale vidim tam kopu veci co pouzivam

[Rudy]

No file znamená "není soubor", ATTENTION - pozor (položka je buď malware, nebo zbytečnost. tmp se maže vždy, AlternateDataStreams také a prázdné položky rovněž. Opravdu vás nenutím akceptovat mé rady, ale v prvé řadě musí být PC vyčištěn. To, co smažete, nijak neovlivní žádnou z funkcí PC.

[Per]

ma to nejaky vypliv na HOSTS ?

[Rudy]

Má. Příkaz Hosts: uvede hosts soubor do výchozího nastavení. Běžně to děláme v případě, že ve výchozím nastavení není. Je to prevence před automatickým připojením k nekorektním webům.

[Per]

hosts mam nastaveny ako potrebujem,tj mam tam adresy,na ktore som zakazal pristupovat
zmena na default je neziaduca

[Rudy]

OK. V tom případě příkaz Hosts: po zkopírování smažte. Reset pak nebude proveden.

[Per]

ahoj,mam mensi update..Uz pred ficom to zacalo presmerovavat na stranky gomlab.com co je vlastne na stranky vyrobcu playere
Po fixe sa myslim nic nezmenilo..po zavreti gomplayer sa ma okamih pretoci koliesko pri kurzore..cize nieco sa udeje..akurat to nie vzdy skonci hodenim na stranku..

fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Percian (28-03-2019 15:53:04) Run:3
Running from D:\Stiahnuté súbory
Loaded Profiles: Percian (Available Profiles: Percian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
Task: {A7A6395D-9BBC-489B-A500-C2D48F99917D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AC7C1CBA-3E59-455C-A519-A8A15CA3EDBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EF07B53E-9801-45C8-BBC9-350B25278A5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [183]
AlternateDataStreams: C:\Users\Percian\AppData\Local\Temp:$DATA? [16]
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
FirewallRules: [{8F48C70B-6E29-4C5D-ADCA-5C1C6524E106}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{702EAA35-4B92-44E3-9F94-8164443E09D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{9BBE4636-A17D-401E-A321-131F3D6B32FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{EAF5C283-564F-4F33-9370-0E7F7BE9A9BE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{1332A1F0-9D1D-4340-B392-A17F3930DE64}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [UDP Query User{F4049E33-F4E3-47AD-8940-BC5D20A881DF}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe] => (Block) F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe No File
FirewallRules: [TCP Query User{88327499-FC3E-4CA1-AA95-F2B37321E2F1}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [UDP Query User{C24BD3DB-FBC1-458F-8CD6-08979AFC3F85}F:\rapid\sin episodes 1 emergence\sinepisodes.exe] => (Block) F:\rapid\sin episodes 1 emergence\sinepisodes.exe No File
FirewallRules: [{9C2F250D-607F-4EF5-BAAA-1C5E1434A598}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{623FF412-8E00-4D57-B8CE-72871ABB6212}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe No File
FirewallRules: [{4E58F81E-E1EB-4A73-B24B-0391DC75FBB5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{309A0BA1-8033-4487-8A21-10B97AFB29BA}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe No File
FirewallRules: [{CDA30AC4-6BE0-4D29-ACA3-6B3AE3655F39}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{B0C74D4B-5D9F-4B5D-8D9C-2ED5B09041E8}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{B19A22F2-DF2F-4AFE-AA72-A2A28763D29C}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{BC5B9ADB-0900-40D5-AB15-4DF317DB01AF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{841075E9-7BEB-418E-9912-18E15CB248BF}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{E3494819-9245-4E49-8EB3-10F7DB35E980}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{3A6E2002-9897-44D4-8B4E-991C986230BB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{EC3B3561-5896-41C8-8B45-C17FEEE8A5CB}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{6CEB024A-6F87-4A91-B3CC-18427CA8C80A}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.exe No File
FirewallRules: [{02542FA1-6C0C-4CF4-84B8-2C8A45E8FC5D}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{99159FC9-3346-4828-B9ED-98F666CBD134}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{2AC5D4C2-F08A-46CC-BD5D-966AFA37C479}] => (Allow) C:\Users\Percian\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{90AE16A5-40A5-4FED-A935-AD1906DEC049}] => (Allow) C:\Users\Percian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\LastGood.Tmp
C:\Users\Percian\AppData\Roaming\FC29FA0894FE.ini
C:\Users\Percian\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7A6395D-9BBC-489B-A500-C2D48F99917D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7A6395D-9BBC-489B-A500-C2D48F99917D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC7C1CBA-3E59-455C-A519-A8A15CA3EDBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC7C1CBA-3E59-455C-A519-A8A15CA3EDBE}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EF07B53E-9801-45C8-BBC9-350B25278A5D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF07B53E-9801-45C8-BBC9-350B25278A5D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\ProgramData\TEMP => ":1AAB2E68" ADS removed successfully
"C:\Users\Percian\AppData\Local\Temp" => ":$DATA?" ADS not found.
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\.exe => removed successfully
HKU\S-1-5-21-3469067180-768828901-2224403390-1001\Software\Classes\regfile => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F48C70B-6E29-4C5D-ADCA-5C1C6524E106}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{702EAA35-4B92-44E3-9F94-8164443E09D6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BBE4636-A17D-401E-A321-131F3D6B32FF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAF5C283-564F-4F33-9370-0E7F7BE9A9BE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1332A1F0-9D1D-4340-B392-A17F3930DE64}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F4049E33-F4E3-47AD-8940-BC5D20A881DF}F:\downloads\tor\prey.steamrip-fisher\prey\binaries\danielle\x64\release\prey.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{88327499-FC3E-4CA1-AA95-F2B37321E2F1}F:\rapid\sin episodes 1 emergence\sinepisodes.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C24BD3DB-FBC1-458F-8CD6-08979AFC3F85}F:\rapid\sin episodes 1 emergence\sinepisodes.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C2F250D-607F-4EF5-BAAA-1C5E1434A598}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{623FF412-8E00-4D57-B8CE-72871ABB6212}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E58F81E-E1EB-4A73-B24B-0391DC75FBB5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{309A0BA1-8033-4487-8A21-10B97AFB29BA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDA30AC4-6BE0-4D29-ACA3-6B3AE3655F39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0C74D4B-5D9F-4B5D-8D9C-2ED5B09041E8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B19A22F2-DF2F-4AFE-AA72-A2A28763D29C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC5B9ADB-0900-40D5-AB15-4DF317DB01AF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{841075E9-7BEB-418E-9912-18E15CB248BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3494819-9245-4E49-8EB3-10F7DB35E980}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A6E2002-9897-44D4-8B4E-991C986230BB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC3B3561-5896-41C8-8B45-C17FEEE8A5CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CEB024A-6F87-4A91-B3CC-18427CA8C80A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02542FA1-6C0C-4CF4-84B8-2C8A45E8FC5D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99159FC9-3346-4828-B9ED-98F666CBD134}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AC5D4C2-F08A-46CC-BD5D-966AFA37C479}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90AE16A5-40A5-4FED-A935-AD1906DEC049}" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"C:\WINDOWS\LastGood.Tmp" => not found
C:\Users\Percian\AppData\Roaming\FC29FA0894FE.ini => moved successfully
C:\Users\Percian\AppData\Local\Temp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28692670 B
Java, Flash, Steam htmlcache => 174169818 B
Windows/system/drivers => 2807597 B
Edge => 2959879 B
Chrome => 406255408 B
Firefox => 27073231 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 34522 B
NetworkService => 0 B
Percian => 10024316 B

RecycleBin => 1031857729 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:54:01 ====

[Rudy]

Smazáno. Ještě zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.