Nějaký nepořádek se dostal do PC

[ptosek]

Dobrý den,

něco se dostalo do PC a asi to tam bylo už delší dobu. Něco jsem dokázal poodstranovat a pomazat, ale myslím si, že tam možná něco zůstalo. Posílam logy a děkuji za kontrolu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by Sayuri (administrator) on ROSEMARY (MSI MS-7850) (29-06-2019 13:34:27)
Running from C:\Users\Sayuri\Desktop
Loaded Profiles: Sayuri (Available Profiles: Sayuri)
Platform: Windows 10 Education Version 1903 18362.116 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x64__8wekyb3d8bbwe\YourPhone.exe
(A FOUR TECH CO., LTD. -> ) C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Discord Inc. -> Discord Inc.) C:\Users\Sayuri\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Sayuri\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Sayuri\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Sayuri\AppData\Local\Discord\app-0.0.305\Discord.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe
(Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8804608 2016-06-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5580608 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\...\Run: [Discord] => C:\Users\Sayuri\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7606344 2019-05-06] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\...\Run: [Spotify] => C:\Users\Sayuri\AppData\Roaming\Spotify\Spotify.exe [25901288 2019-06-08] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [16443120 2018-10-05] (A FOUR TECH CO., LTD. -> )
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-19] (Adobe Inc. -> Adobe)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-05-20]
ShortcutTarget: Twitch.lnk -> C:\Users\Sayuri\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C3EC2F-BD35-4AE4-92D9-41D2B4D8D350} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWoW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {027E395C-C902-401C-A09C-C5808C3420FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-05-20] (Google Inc -> Google Inc.)
Task: {085C14C3-AB88-4C29-9BCE-1CE0A297B06C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-19] (Adobe Inc. -> Adobe)
Task: {2861B8FE-2040-4ECA-AFEB-B1CCA35DCE85} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3787304 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28AC50A9-536F-40B9-8559-5C03C4096050} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {29B711A8-2E4B-48D1-97AA-1AEED8E6F967} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {326CE20D-838F-42EC-9B2C-F8E8C54699B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {381F01C4-E80D-4582-9613-017DCEDA3423} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {442658A4-82D6-42E5-B380-22BFEDF0940E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {467B7B7B-D253-413E-84DA-BE53BFCD5F8A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {49996130-51D9-4DEE-A860-20F9C9193B05} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {52DC8E83-F9DF-4C2E-A0FE-5C7906562DFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-05-20] (Google Inc -> Google Inc.)
Task: {57B8DD97-69AD-41E6-800D-B455159EBCEA} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-lalwen.terien@gmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6FA6B681-7E45-4DD3-9C5B-D79EF180EA97} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2367296 2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70128954-7C2C-4DB4-B6F7-E971DF689B6E} - System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset => {2755524D-68F2-4B39-A816-9DB31839C897}
Task: {73AE6E5D-5B60-4A5A-B6B1-010CC2027E21} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {786C3F66-CD66-4712-AA49-56D5B756D9F0} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7894271F-FF05-4736-9658-7BF829FB77B1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {79C49600-A99B-4C1A-9BD1-CDF2EFF46917} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [115280 2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B2FB0DA-93B1-4306-9F56-E7B9CD2EDFF2} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {952CC418-C898-4699-A7F9-190AC0187B85} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9BC7374E-6EFC-4037-BF2C-F7E718D6C207} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
Task: {A4051EA9-2C7F-4AC9-9416-16B302B86026} - System32\Tasks\Opera scheduled Autoupdate 1494753239 => C:\Program Files\Opera\launcher.exe [1493592 2019-06-14] (Opera Software AS -> Opera Software)
Task: {AA173BB7-D438-4289-8E4F-917D2A65F370} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {AB0E6559-DE4B-4152-86EE-5E69EB572785} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B6880E0E-0233-4638-8074-108736C47976} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {C051E5FA-9CDB-4AF5-BC3B-34769AE1BC21} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CADA61DF-A935-4844-B6A1-1F93B2DF57AD} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
Task: {CCA2D4C9-A2CA-4B9A-B9F8-8097B377EF0C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23949600 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF86B15F-6D6B-4DDC-AB28-283F0C98FA1E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3821352 2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D65F52AC-D417-4D40-9300-DF918C18A67B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DE50FE5E-FC7A-4FFA-B859-627695C27365} - System32\Tasks\{CAC6DF06-E8C9-48CA-8610-E999966E84A1} => C:\WINDOWS\system32\pcalua.exe -a "D:\Users\Sayuri\Downloads\Games\(1) Zoo Tycoon 2\SETUP.EXE" -d "D:\Users\Sayuri\Downloads\Games\(1) Zoo Tycoon 2"
Task: {E9CC7328-0257-49AA-AC0E-29FE755BF259} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F31FEC29-F4F9-4620-8EA7-A58E46EE4BAF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1097296 2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F96EF592-D327-4C06-84D4-35C5BC9991B1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130296 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FEA9936F-0FC4-42CA-858E-7A38ABC5C3D3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc -> Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3987403245-3258146571-1140679357-1001] => 8.8.8.8:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4f1e6fe9-5f8f-41d3-a962-f2a46a528eae}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a6500ee9-759e-494c-98b9-a9a9aa7092ee}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a6500ee9-759e-494c-98b9-a9a9aa7092ee}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3987403245-3258146571-1140679357-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-09-20] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF DefaultProfile: 5am20y1a.default-1517787225229
FF ProfilePath: C:\Users\Sayuri\AppData\Roaming\Mozilla\Firefox\Profiles\5am20y1a.default-1517787225229 [2019-06-21]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-13] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-01-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://twitch-contrast.firebaseapp.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default [2019-06-29]
CHR Extension: (Prezentace) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-28]
CHR Extension: (BetterTTV) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2019-05-21]
CHR Extension: (Dokumenty) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-28]
CHR Extension: (Disk Google) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-28]
CHR Extension: (YouTube) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-11]
CHR Extension: (Tabulky) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-27]
CHR Extension: (AdBlock) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-28]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2019-06-12]
CHR Extension: (Enhanced Steam) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2019-05-21]
CHR Extension: (Gmail) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR Profile: C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-05-20]
CHR Extension: (Prezentace) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-20]
CHR Extension: (Dokumenty) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-20]
CHR Extension: (Disk Google) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-20]
CHR Extension: (YouTube) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-20]
CHR Extension: (Tabulky) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-05-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-20]
CHR Extension: (Gmail) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-20]
CHR Profile: C:\Users\Sayuri\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2018-01-18]
OPR Extension: (Translator) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2019-05-21]
OPR Extension: (BetterTTV) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2017-05-21]
OPR Extension: (Plná Peněženka Lištička) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\ecmgkhgjmodembdmiimbacpjgcdimiek [2019-03-28]
OPR Extension: (Notifier for Gmail™) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\flkijckbigolpahbkklilflpmkalfohc [2018-11-26]
OPR Extension: (Install Chrome Extensions) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-03-28]
OPR Extension: (Enhanced Steam) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\nocljnglnafkiegpgejigocoffiopoma [2017-11-20]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Sayuri\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2019-04-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [123000 2019-03-05] (Perfect World Entertainment Inc. -> Perfect World Entertainment Inc)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9662544 2019-05-30] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-05-08] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-08-02] (FUTUREMARK INC -> Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-05-06] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2019-03-07] (GOG Sp. z o.o. -> GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [13222040 2019-03-10] (Mail.Ru LLC -> LLC Mail.Ru)
S3 NGS; C:\WINDOWS\NGService.exe [3097648 2019-04-09] (NEXON Korea Corporation. -> NEXON Korea Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [8097064 2018-09-18] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-02-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2303792 2019-05-31] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3175728 2019-05-31] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5773592 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [974848 2019-06-29] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [290816 2019-06-29] (Microsoft Windows -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 TNTClientDaemonMS2; C:\Program Files (x86)\GameforgeLoginMS2\daemon.exe [406184 2019-02-28] (Gameforge 4D GmbH -> )
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2018-04-06] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2238408 2019-06-14] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 hidkmdf; C:\WINDOWS\System32\drivers\hidkmdf.sys [13776 2016-03-03] (Wacom Technology Corporation -> Windows (R) Win 7 DDK provider)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-29] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-06-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-06-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-06-29] (Malwarebytes Corporation -> Malwarebytes)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [12435016 2019-03-10] (Mail.Ru LLC -> LLC Mail.Ru)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_1642acd9c8774019\nvlddmkm.sys [21836896 2019-06-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-05-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-06-25] (Realtek Semiconductor Corp -> Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] (Intel(R) Code Signing External -> )
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-29] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-29] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [55704 2019-04-24] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-29 14:07 - 2019-06-29 13:17 - 000000000 ____D C:\Windows.old
2019-06-29 13:52 - 2019-06-29 14:07 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-06-29 13:51 - 2019-06-29 13:52 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-06-29 13:51 - 2019-06-29 13:51 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-06-29 13:49 - 2019-06-29 13:49 - 025903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 025444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 022611456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 019849728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 018007040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 009917968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 008010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 007887104 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 007831368 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 007759872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 007636608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 007275008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 007006720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 006538848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 006068328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 005939712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 005924864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 005499904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 004576768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 004562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 004306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 004128904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 003947520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 003734456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 003726336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 003682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 003591184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 003485696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002990600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 002769976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002762472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 002699280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 002550584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002449216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002420736 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 002081464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001999656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001830416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001784832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001753000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-29 13:49 - 2019-06-29 13:49 - 001745408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001689600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001633648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001608704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001508912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001435136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 001418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 001395600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001392136 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001258496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001149928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001071928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-06-29 13:49 - 2019-06-29 13:49 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000879576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-06-29 13:49 - 2019-06-29 13:49 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000824832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000811192 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-06-29 13:49 - 2019-06-29 13:49 - 000811192 _____ C:\WINDOWS\system32\locale.nls
2019-06-29 13:49 - 2019-06-29 13:49 - 000804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000781096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000680760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000613688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000568120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000515896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-06-29 13:49 - 2019-06-29 13:49 - 000466624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000358944 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2019-06-29 13:49 - 2019-06-29 13:49 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-06-29 13:49 - 2019-06-29 13:49 - 000223248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000201256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000199688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000199184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-06-29 13:49 - 2019-06-29 13:49 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-06-29 13:49 - 2019-06-29 13:49 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000136720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-06-29 13:49 - 2019-06-29 13:49 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-29 13:49 - 2019-06-29 13:49 - 000066360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-06-29 13:49 - 2019-06-29 13:49 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-06-29 13:49 - 2019-06-29 13:49 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-06-29 13:46 - 2019-06-29 13:46 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 001359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 001166488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000637952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdp.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000516648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftWebDriver.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 000393768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftWebDriver.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 000124568 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperSetupCSP.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2019-06-29 13:46 - 2019-06-29 13:46 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2019-06-29 13:46 - 2019-06-29 13:46 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-06-29 13:46 - 2019-06-29 13:46 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 __RSD C:\WINDOWS\SysWOW64\WindowsDevicePortal
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 ___RD C:\WINDOWS\WebManagement
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 ____D C:\Program Files\MSBuild
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-06-29 13:46 - 2019-06-29 13:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-06-29 13:45 - 2019-06-29 13:45 - 006359552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2019-06-29 13:45 - 2019-06-29 13:45 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2019-06-29 13:45 - 2019-06-29 13:45 - 005496832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2019-06-29 13:45 - 2019-06-29 13:45 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2019-06-29 13:34 - 2019-06-29 13:35 - 000041615 _____ C:\Users\Sayuri\Desktop\FRST.txt
2019-06-29 13:34 - 2019-06-29 13:34 - 000000000 ____D C:\FRST
2019-06-29 13:29 - 2019-06-29 13:29 - 002418688 _____ (Farbar) C:\Users\Sayuri\Desktop\FRST64.exe
2019-06-29 13:19 - 2019-06-29 13:19 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-06-29 13:17 - 2019-06-29 13:17 - 001693636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-29 13:17 - 2019-06-29 13:17 - 000003830 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-06-29 13:17 - 2019-06-29 13:17 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-06-29 13:17 - 2019-06-29 13:17 - 000003440 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-06-29 13:17 - 2019-06-29 13:17 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-29 13:17 - 2019-06-29 13:17 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000003356 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6666D66B-DD7B-46FB-8A5B-82F8E9E47183}
2019-06-29 13:17 - 2019-06-29 13:17 - 000003292 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1494753239
2019-06-29 13:17 - 2019-06-29 13:17 - 000003216 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-06-29 13:17 - 2019-06-29 13:17 - 000003196 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-06-29 13:17 - 2019-06-29 13:17 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-29 13:17 - 2019-06-29 13:17 - 000003152 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002948 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002948 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002948 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002948 _____ C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3987403245-3258146571-1140679357-1001
2019-06-29 13:17 - 2019-06-29 13:17 - 000002858 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-lalwen.terien@gmail.com
2019-06-29 13:17 - 2019-06-29 13:17 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002372 _____ C:\WINDOWS\System32\Tasks\{CAC6DF06-E8C9-48CA-8610-E999966E84A1}
2019-06-29 13:17 - 2019-06-29 13:17 - 000002222 _____ C:\WINDOWS\System32\Tasks\MSIOSDx86_Host
2019-06-29 13:17 - 2019-06-29 13:17 - 000002222 _____ C:\WINDOWS\System32\Tasks\MSIOSDx64_Host
2019-06-29 13:17 - 2019-06-29 13:17 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-06-29 13:17 - 2019-06-29 13:17 - 000002148 _____ C:\WINDOWS\System32\Tasks\MSISW_Host
2019-06-29 13:17 - 2019-06-29 13:17 - 000000270 __RSH C:\Users\Sayuri\ntuser.pol
2019-06-29 13:17 - 2019-06-29 13:17 - 000000020 ___SH C:\Users\Sayuri\ntuser.ini
2019-06-29 13:17 - 2019-06-29 13:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-29 13:17 - 2019-06-29 13:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-06-29 13:17 - 2019-06-29 13:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2019-06-29 13:16 - 2019-06-29 13:17 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2019-06-29 13:16 - 2019-06-29 13:17 - 000007623 _____ C:\WINDOWS\diagerr.xml
2019-06-29 13:12 - 2019-06-29 13:12 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-06-29 13:12 - 2019-06-29 13:12 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-06-29 13:12 - 2019-06-29 13:12 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-06-29 13:11 - 2019-06-29 13:11 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-29 13:10 - 2019-06-29 13:17 - 000000000 ____D C:\Users\Sayuri
2019-06-29 13:10 - 2019-06-29 13:10 - 000000000 ____D C:\ProgramData\USOShared
2019-06-29 13:10 - 2019-03-19 06:46 - 000001105 _____ C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-29 13:10 - 2019-03-19 06:43 - 002873856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-06-29 13:08 - 2019-06-29 13:11 - 000688208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-29 13:08 - 2019-06-29 13:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-29 12:23 - 2019-06-29 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-29 12:23 - 2019-06-29 12:23 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-06-29 12:23 - 2019-06-29 12:23 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-29 12:23 - 2019-06-29 12:23 - 000000000 ____D C:\Users\Sayuri\AppData\Local\mbamtray
2019-06-29 12:23 - 2019-06-29 12:23 - 000000000 ____D C:\Users\Sayuri\AppData\Local\mbam
2019-06-29 12:23 - 2019-06-29 12:23 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-29 12:23 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-06-29 12:23 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-06-29 12:01 - 2019-06-29 13:17 - 000000000 ___DC C:\WINDOWS\Panther
2019-06-26 09:28 - 2019-06-29 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-06-24 14:12 - 2019-06-24 14:12 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-06-24 14:12 - 2019-06-24 14:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-06-24 14:12 - 2019-06-24 14:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-06-24 14:12 - 2019-06-24 14:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-06-23 10:37 - 2019-06-29 14:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2019-06-21 20:07 - 2019-06-21 20:07 - 000000000 ____D C:\ProgramData\Mozilla
2019-06-20 13:06 - 2019-06-20 13:06 - 000177152 _____ C:\Users\Sayuri\Desktop\prikrmy_tabulky.xls
2019-06-18 08:17 - 2019-06-18 08:17 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2019-06-17 10:44 - 2019-06-17 10:44 - 000000000 ____D C:\Users\Sayuri\AppData\Local\Tempzxpsign65500cdbcd078060
2019-06-17 10:43 - 2019-06-17 10:43 - 000000000 ____D C:\Users\Sayuri\AppData\Local\Tempzxpsign98bfe0ac745b27e7
2019-06-17 10:42 - 2019-06-17 10:42 - 000000000 ____D C:\Users\Sayuri\AppData\Local\Tempzxpsign9eed573d66ae4e7f
2019-06-17 10:42 - 2019-06-17 10:42 - 000000000 ____D C:\Users\Sayuri\AppData\Local\Tempzxpsign02556b72f4154b1e
2019-06-07 17:34 - 2019-06-23 12:10 - 000000989 _____ C:\Users\Public\Desktop\Affinity Photo.lnk
2019-06-07 14:45 - 2019-06-29 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baldur's Gate - Enhanced Edition [GOG.com]
2019-06-04 00:28 - 2019-06-04 00:28 - 000260928 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-06-04 00:28 - 2019-06-04 00:28 - 000260928 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-06-04 00:27 - 2019-06-04 00:27 - 011052584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 009487856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 001007424 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 001007424 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 000870720 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 000870720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 000552760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 000457720 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-06-04 00:27 - 2019-06-04 00:27 - 000287040 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-06-04 00:27 - 2019-06-04 00:27 - 000287040 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-06-04 00:26 - 2019-06-04 00:26 - 002040392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 001691800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 001542856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 001471688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 001162824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 001134664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000913096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000821960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000809032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000675856 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000632064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000542736 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000522952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-06-04 00:26 - 2019-06-04 00:26 - 000238040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-06-04 00:26 - 2019-06-04 00:26 - 000056288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 040413200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 035270000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 020191432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 017467648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 005422656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 004760264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 001723080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443086.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 001468512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443086.dll
2019-06-04 00:25 - 2019-06-04 00:25 - 000655400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-06-04 00:24 - 2019-06-04 00:24 - 005086296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-06-04 00:24 - 2019-06-04 00:24 - 004341104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-06-01 13:05 - 2019-06-01 13:05 - 000000263 _____ C:\Users\Sayuri\Desktop\Transistor.url

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-29 14:07 - 2019-05-12 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 __RHD C:\Users\Public\Libraries
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\spool
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ServiceState
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Help
2019-06-29 14:07 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-06-29 14:07 - 2019-03-19 06:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-06-29 14:07 - 2019-03-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DawnOfMan [GOG.com]
2019-06-29 14:07 - 2019-01-30 15:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monster Hunter World
2019-06-29 14:07 - 2018-12-15 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return of the Obra Dinn [GOG.com]
2019-06-29 14:07 - 2018-11-12 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Colonists [GOG.com]
2019-06-29 14:07 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-06-29 14:07 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-06-29 14:07 - 2018-09-06 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-06-29 14:07 - 2018-07-28 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2019-06-29 14:07 - 2018-07-26 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-06-29 14:07 - 2018-06-24 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Nightmares
2019-06-29 14:07 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2019-06-29 14:07 - 2017-12-25 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-ndi
2019-06-29 14:07 - 2017-11-13 12:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2019-06-29 14:07 - 2017-11-02 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pattern Maker for cross stitch - v4
2019-06-29 14:07 - 2017-10-08 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
2019-06-29 14:07 - 2017-09-22 14:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2019-06-29 14:07 - 2017-06-04 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2019-06-29 14:07 - 2017-05-12 19:18 - 000000000 ____D C:\Program Files\UNP
2019-06-29 14:07 - 2017-04-26 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2019-06-29 14:07 - 2017-04-21 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-06-29 14:07 - 2017-04-21 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2019-06-29 14:07 - 2017-01-16 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-06-29 14:07 - 2016-12-24 14:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PoS_prototype
2019-06-29 14:07 - 2016-11-05 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snaz
2019-06-29 14:07 - 2016-10-28 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2019-06-29 14:07 - 2016-10-23 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2019-06-29 14:07 - 2016-09-07 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-06-29 14:07 - 2016-09-03 13:44 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-06-29 14:07 - 2016-08-14 11:12 - 000000000 ____D C:\Program Files\Intel
2019-06-29 14:07 - 2016-07-27 16:42 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-06-29 14:07 - 2016-06-30 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2019-06-29 14:07 - 2016-06-26 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2019-06-29 14:07 - 2016-06-26 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-06-29 14:07 - 2015-10-30 09:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-06-29 13:52 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Resources
2019-06-29 13:52 - 2019-03-06 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2019-06-29 13:52 - 2019-01-25 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody
2019-06-29 13:52 - 2018-10-31 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Circle Empires [GOG.com]
2019-06-29 13:52 - 2018-09-06 18:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-06-29 13:52 - 2018-06-12 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2019-06-29 13:52 - 2017-12-20 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2019-06-29 13:52 - 2016-09-10 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnkhHeart
2019-06-29 13:52 - 2016-09-02 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2019-06-29 13:52 - 2016-08-14 11:12 - 000000000 ____D C:\Program Files\Realtek
2019-06-29 13:52 - 2016-06-25 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2019-06-29 13:51 - 2019-03-19 06:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-06-29 13:51 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-06-29 13:51 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-29 13:51 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-29 13:47 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-06-29 13:47 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-06-29 13:47 - 2019-03-19 13:59 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-06-29 13:47 - 2019-03-19 13:57 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-06-29 13:47 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-06-29 13:46 - 2019-03-19 13:59 - 000000000 ____D C:\WINDOWS\OCR
2019-06-29 13:46 - 2019-03-19 13:58 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\SystemApps
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2019-06-29 13:46 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-06-29 13:45 - 2019-03-19 06:56 - 000000000 ____D C:\WINDOWS\Setup
2019-06-29 13:34 - 2019-03-19 06:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-06-29 13:34 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-29 13:34 - 2017-12-06 14:06 - 000000000 ____D C:\Users\Sayuri\AppData\Local\Packages
2019-06-29 13:31 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\servicing
2019-06-29 13:31 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-29 13:31 - 2018-03-01 13:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-06-29 13:30 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-29 13:23 - 2019-03-19 06:56 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-06-29 13:23 - 2019-03-19 06:56 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-29 13:22 - 2019-03-19 06:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-06-29 13:19 - 2017-11-13 12:58 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-29 13:19 - 2016-09-03 13:45 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-29 13:18 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\USOPrivate
2019-06-29 13:18 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2019-06-29 13:17 - 2019-03-19 13:57 - 000716780 _____ C:\WINDOWS\system32\perfh005.dat
2019-06-29 13:17 - 2019-03-19 13:57 - 000144860 _____ C:\WINDOWS\system32\perfc005.dat
2019-06-29 13:17 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\Registration
2019-06-29 13:17 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Windows Defender
2019-06-29 13:17 - 2018-02-02 12:55 - 000004580 __RSH C:\ProgramData\ntuser.pol
2019-06-29 13:17 - 2016-11-20 18:03 - 000000000 ___RD C:\Users\Sayuri\3D Objects
2019-06-29 13:17 - 2016-06-26 12:35 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\WTablet
2019-06-29 13:17 - 2016-04-27 07:48 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-29 13:16 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-29 13:14 - 2018-05-20 11:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-29 13:14 - 2018-05-20 11:37 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-29 13:14 - 2016-08-14 11:16 - 000023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2019-06-29 13:11 - 2019-04-10 13:01 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
2019-06-29 13:11 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-06-29 13:11 - 2019-03-03 11:55 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burning SoulWorker
2019-06-29 13:11 - 2018-12-16 12:21 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2019-06-29 13:11 - 2018-09-18 11:36 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NEKO WORKs
2019-06-29 13:11 - 2018-08-13 16:27 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RetroArch
2019-06-29 13:11 - 2018-06-05 22:02 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2019-06-29 13:11 - 2018-03-28 15:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-06-29 13:11 - 2017-12-24 17:58 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2019-06-29 13:11 - 2016-09-02 22:56 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2019-06-29 13:11 - 2016-09-02 22:46 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2019-06-29 13:11 - 2016-09-02 22:43 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2019-06-29 13:11 - 2016-06-30 19:17 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2019-06-29 13:11 - 2016-06-26 12:15 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2019-06-29 13:10 - 2019-03-10 13:50 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2019-06-29 13:10 - 2016-11-18 21:05 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2019-06-29 13:10 - 2016-06-25 21:08 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2019-06-29 13:09 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\appcompat
2019-06-29 13:09 - 2016-09-03 13:43 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-06-29 13:09 - 2016-08-14 11:12 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-06-29 12:33 - 2016-09-02 21:15 - 000000000 ____D C:\Users\Sayuri\AppData\Local\CrashDumps
2019-06-29 12:23 - 2016-11-18 10:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-29 12:13 - 2016-06-25 17:21 - 000592616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-06-29 11:59 - 2019-05-20 11:30 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Twitch
2019-06-29 11:37 - 2017-11-03 12:51 - 000000000 ____D C:\Program Files\rempl
2019-06-29 11:37 - 2016-11-16 20:21 - 000000000 ____D C:\Program Files (x86)\WinCDEmu
2019-06-29 11:33 - 2016-07-04 20:10 - 000000000 ____D C:\Program Files (x86)\Easy Paint Tool SAI
2019-06-28 19:43 - 2017-04-21 17:11 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\.minecraft
2019-06-26 09:28 - 2016-07-12 18:31 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-06-26 09:27 - 2016-11-18 21:05 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\discord
2019-06-23 12:10 - 2018-10-23 15:18 - 000001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Affinity Photo.lnk
2019-06-23 12:10 - 2018-01-29 15:31 - 000000000 ____D C:\Program Files\Affinity
2019-06-23 10:37 - 2016-06-26 12:15 - 000000000 ____D C:\Program Files\Tablet
2019-06-22 08:42 - 2018-02-05 01:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-21 22:46 - 2017-12-18 02:26 - 000000000 ____D C:\Users\Sayuri\AppData\LocalLow\Mozilla
2019-06-21 20:07 - 2018-02-05 01:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-06-21 20:07 - 2017-12-18 02:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-19 15:17 - 2018-05-20 14:37 - 000000000 ____D C:\Users\Sayuri\AppData\Local\D3DSCache
2019-06-19 08:13 - 2017-05-14 11:13 - 000000000 ____D C:\Program Files\Opera
2019-06-18 08:17 - 2016-06-26 12:14 - 000000000 ____D C:\Program Files\Microsoft Office
2019-06-17 17:52 - 2019-05-02 11:59 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2019-06-17 17:51 - 2019-01-31 11:30 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Games
2019-06-14 23:46 - 2016-06-26 12:15 - 002627528 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2019-06-14 23:46 - 2016-06-26 12:15 - 002620360 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2019-06-14 23:46 - 2016-06-26 12:15 - 002497480 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2019-06-14 23:46 - 2016-06-26 12:15 - 002454984 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2019-06-14 23:46 - 2016-06-26 12:15 - 002038728 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2019-06-14 23:46 - 2016-06-26 12:15 - 002032072 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2019-06-14 23:46 - 2016-06-26 12:15 - 001890248 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2019-06-14 23:46 - 2016-06-26 12:15 - 001859528 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2019-06-14 15:58 - 2017-02-01 21:17 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-12 08:03 - 2016-06-25 17:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 08:00 - 2016-06-25 17:20 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-11 13:13 - 2019-05-08 09:16 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Amazon Games
2019-06-10 20:34 - 2016-06-25 21:08 - 000000000 ____D C:\Users\Sayuri\AppData\Local\Ubisoft Game Launcher
2019-06-10 17:13 - 2016-10-23 16:21 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\obs-studio
2019-06-08 16:09 - 2016-06-26 11:24 - 000000000 ____D C:\ProgramData\Origin
2019-06-08 16:08 - 2016-06-26 11:26 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Origin
2019-06-08 13:22 - 2016-10-21 18:48 - 000000000 ____D C:\Users\Sayuri\AppData\Local\Spotify
2019-06-08 10:26 - 2016-10-21 18:47 - 000000000 ____D C:\Users\Sayuri\AppData\Roaming\Spotify
2019-06-07 14:45 - 2018-06-12 14:09 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2019-06-07 14:45 - 2016-12-25 13:52 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2019-06-07 14:45 - 2016-12-25 13:52 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2019-06-07 14:45 - 2016-12-25 13:52 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2019-06-07 14:45 - 2016-12-25 13:52 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2019-06-04 08:24 - 2018-07-10 19:18 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ================

2017-10-07 18:06 - 2018-12-09 17:29 - 000000033 _____ () C:\Users\Sayuri\AppData\Roaming\AdobeWLCMCache.dat
2017-10-05 13:32 - 2018-04-02 16:42 - 000001456 _____ () C:\Users\Sayuri\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-10-31 12:26 - 2017-10-31 12:26 - 000000067 _____ () C:\Users\Sayuri\AppData\Local\emaildefaults
2016-12-22 15:29 - 2018-09-01 19:51 - 001307648 _____ () C:\Users\Sayuri\AppData\Local\file__0.localstorage
2018-02-02 12:53 - 2018-02-02 12:53 - 000140800 _____ () C:\Users\Sayuri\AppData\Local\installer.dat
2018-07-20 13:58 - 2018-07-20 13:58 - 000000109 _____ () C:\Users\Sayuri\AppData\Local\kritadisplayrc
2017-10-31 12:24 - 2018-07-20 13:58 - 000020248 _____ () C:\Users\Sayuri\AppData\Local\kritarc
2018-09-28 10:05 - 2018-09-28 10:05 - 000000000 _____ () C:\Users\Sayuri\AppData\Local\oobelibMkey.log
2017-10-11 18:14 - 2017-10-11 18:14 - 000000218 _____ () C:\Users\Sayuri\AppData\Local\recently-used.xbel
2018-11-05 20:40 - 2018-11-18 20:55 - 000007637 _____ () C:\Users\Sayuri\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition v přiloze

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[ptosek]

Tady to je.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-29-2019
# Duration: 00:00:01
# OS: Windows 10 Education
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

Deleted Update service

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1B38C1FB-453F-4D5D-A376-BA18E688A710}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{505B49D7-81EC-4CFB-BF5A-2A41B46A222A}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1801 octets] - [29/06/2019 15:22:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Dejte nové logy FRST+Addition.

[ptosek]

Oboje v příloze

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {027E395C-C902-401C-A09C-C5808C3420FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-05-20] (Google Inc -> Google Inc.)
Task: {52DC8E83-F9DF-4C2E-A0FE-5C7906562DFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-05-20] (Google Inc -> Google Inc.)
Task: {7894271F-FF05-4736-9658-7BF829FB77B1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DE50FE5E-FC7A-4FFA-B859-627695C27365} - System32\Tasks\{CAC6DF06-E8C9-48CA-8610-E999966E84A1} => C:\WINDOWS\system32\pcalua.exe -a "D:\Users\Sayuri\Downloads\Games\(1) Zoo Tycoon 2\SETUP.EXE" -d "D:\Users\Sayuri\Downloads\Games\(1) Zoo Tycoon 2"
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [not found]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[ptosek]

Tady to je

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by Sayuri (29-06-2019 17:10:41) Run:1
Running from C:\Users\Sayuri\Desktop
Loaded Profiles: Sayuri (Available Profiles: Sayuri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {027E395C-C902-401C-A09C-C5808C3420FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-05-20] (Google Inc -> Google Inc.)
Task: {52DC8E83-F9DF-4C2E-A0FE-5C7906562DFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-05-20] (Google Inc -> Google Inc.)
Task: {7894271F-FF05-4736-9658-7BF829FB77B1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DE50FE5E-FC7A-4FFA-B859-627695C27365} - System32\Tasks\{CAC6DF06-E8C9-48CA-8610-E999966E84A1} => C:\WINDOWS\system32\pcalua.exe -a "D:\Users\Sayuri\Downloads\Games\(1) Zoo Tycoon 2\SETUP.EXE" -d "D:\Users\Sayuri\Downloads\Games\(1) Zoo Tycoon 2"
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [not found]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{027E395C-C902-401C-A09C-C5808C3420FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{027E395C-C902-401C-A09C-C5808C3420FD}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52DC8E83-F9DF-4C2E-A0FE-5C7906562DFF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52DC8E83-F9DF-4C2E-A0FE-5C7906562DFF}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7894271F-FF05-4736-9658-7BF829FB77B1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7894271F-FF05-4736-9658-7BF829FB77B1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE50FE5E-FC7A-4FFA-B859-627695C27365}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE50FE5E-FC7A-4FFA-B859-627695C27365}" => removed successfully
C:\WINDOWS\System32\Tasks\{CAC6DF06-E8C9-48CA-8610-E999966E84A1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CAC6DF06-E8C9-48CA-8610-E999966E84A1}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => path removed successfully
HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 46525087 B
Java, Flash, Steam htmlcache => 259841139 B
Windows/system/drivers => 388600538 B
Edge => 158221 B
Chrome => 254579923 B
Firefox => 20500698 B
Opera => 73753846 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 13790 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Sayuri => 12126215 B

RecycleBin => 0 B
EmptyTemp: => 1016.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:11:10 ====

[Rudy]

Smazáno, log by již měl být OK.

[ptosek]

Super. Děkuji. A přeji hezký zbytek dne.

[Rudy]

Hezký den i vám a nemáte zač!