Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

100% využití procesoru, zablokovaný Windows Defender atd.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

100% využití procesoru, zablokovaný Windows Defender atd.

#1 Příspěvek od WhySoSad »

Zdravím, poseldní dcca 2 týdny jsem si všiml, že mi okamžitě po spuštění PC vyskočí využití procesoru na 100%, zjistil jsem to tím, že se PC jednoduše zpomalil, v okamžiku kdy zapnu správce úloh, tak se virus, který je schovaný pod různými názvy imitující zřejmě služby WIN jako windows logon services atp. okamžite sám ukončí a využití procesoru zase klesne na normální hodnoty. Problémem je, že zřejmě přebral kontrolu nad antivirovými službami, takže mi nejde zapnout Windows Defender, respektive z lišty nelze ani zapnout, když ho zapnu ze složky C:\Program Files\Windows Defender\MSASCuiL.exe jako správce, tak vidím že virus protection je dissabled a nejde provést scan ani nic zapnout. Stáhl jsem Malwarebytes, ale nelze u něj sputit scan. V registru mi chybí hodnota
KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService a vůbec nevím kudy dál. Přidávám log s RSIT a FRST

Logfile of random's system information tool 1.10 (written by random/random)
Run by WSS at 2019-10-25 12:43:16
Microsoft Windows 10 Pro
System drive C: has 77 GB (34%) free of 228 GB
Total RAM: 8132 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:22 PM, on 10/25/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0371)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
C:\Program Files\trend micro\WSS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\Office\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [HKLM] C:\Windows\servicing\Skype.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Discord] C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [Steam] "D:\Programy\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\WSS\AppData\Local\Discord\app-0.0.305\Discord.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "D:\Programy\Daemon Tools\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [HKCU] C:\Windows\servicing\Skype.exe
O4 - HKCU\..\Run: [World of Tanks] "D:\Hry\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [Spotify] C:\Users\WSS\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [CCXProcess] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe --enable-dom-distiller --disable-domain-reliability --disable-chrome-google-url-tracking-client --no-pings --extensions-install-verification=enforce_strict --enable-features=NewExtensionUpdaterService,WebUIDarkMode,SimplifyHttpsIndicator --disable-features=AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,AudioServiceOutOfProcess,UnifiedConsent,TranslateUI --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe --enable-dom-distiller --disable-domain-reliability --disable-chrome-google-url-tracking-client --no-pings --extension-content-verification=enforce_strict --extensions-install-verification=enforce --enable-features=NewExtensionUpdaterService,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,UnifiedConsent,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [HKCU] C:\Windows\servicing\Skype.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [HKCU] C:\Windows\servicing\Skype.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programy\Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
O23 - Service: Brave Update Service (brave) (brave) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: Brave Elevation Service (BraveElevationService) - Unknown owner - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe (file missing)
O23 - Service: Brave Update Service (bravem) (bravem) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programy\Hamachi\x64\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: RemoteMouseService - Unknown owner - C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Serviio - Unknown owner - D:\Programy\Serviio\bin\ServiioService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows Updates Services - Unknown owner - C:\Windows\servicing\starter.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 15036 bytes

======Listing Processes======








C:\Windows\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s nsi
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc

c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
dashost.exe {14247b64-a378-4844-9bff5383eed7b1fb}
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
"c:\program files (x86)\blizzard\bonjour service\mdnsresponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc -p
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
D:\Programy\Hamachi\x64\hamachi-2.exe -s
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
"C:\Program Files (x86)\Origin\OriginWebHelperService.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Windows\system32\wbem\wmiprvse.exe
D:\Programy\Serviio\bin\ServiioService.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
"D:\Programy\Hamachi\x64\LMIGuardianSvc.exe" /escort 3664 /CUSTOM Hamachi
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
D:\Programy\Serviio\bin\ServiioService.exe Serviio __i4j_restart
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe"
"C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe"
rundll32.exe "c:\program files\nvidia corporation\nvstreamsrv\rxdiag.dll" RxDiagSetRuntimeMessagePump
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=gpu-process --field-trial-handle=1892,18009588181325439030,15305857347430530026,131072 --disable-features=VizDisplayCompositor --no-sandbox --log-file="C:\Users\WSS\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\WSS\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --service-request-channel-token=7422973221362142468 --mojo-platform-channel-handle=1964 /prefetch:2
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\WSS\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --field-trial-handle=1892,18009588181325439030,15305857347430530026,131072 --disable-features=VizDisplayCompositor --service-pipe-token=17320020808045838151 --lang=en-US --log-file="C:\Users\WSS\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17320020808045838151 --renderer-client-id=3 --mojo-platform-channel-handle=2488 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" "-launchedbyvulcan-4068 C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationHelper.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe" "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\js\main.js"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --onOSstartup=true --showwindow=false --waitForRegistration=true
"C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --log-file="C:\Users\WSS\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --use-gl=swiftshader-webgl --field-trial-handle=2472,9209849222832843519,17685660182488020804,131072 --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --disable-gpu-compositing --service-pipe-token=4370970495865247031 --lang=en-US --locales-dir-path="C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\WSS\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36 CreativeCloud/5.0.0.354" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4370970495865247031 --renderer-client-id=3 --mojo-platform-channel-handle=2488 /prefetch:1
"C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe"
"C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe" "C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\js\server.js"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\ClamWin\bin\ClamTray.exe" --logon
C:\Windows\system32\AUDIODG.EXE 0x508
C:\Windows\system32\DllHost.exe /Processid:{A4B07E49-6567-4FB8-8D39-01920E3B2357}
"D:\Programy\Daemon Tools\DTShellHlp.exe"
"D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe"
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=crashpad-handler "--user-data-dir=C:\Users\WSS\AppData\Local\BraveSoftware\Brave-Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\WSS\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crashpad" "--metrics-dir=C:\Users\WSS\AppData\Local\BraveSoftware\Brave-Browser\User Data" --url=https://laptop-updates.brave.com/1/bc-crashes --annotation=plat=Win64 --annotation=prod=Brave --annotation=ver=78.0.70.121 --initial-client-data=0x90,0x94,0x98,0x88,0x9c,0x7ffb3850ed68,0x7ffb3850ed78,0x7ffb3850ed88
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=gpu-process --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=2424892819819547918 --mojo-platform-channel-handle=1468 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --service-sandbox-type=network --service-request-channel-token=1061476078175423885 --mojo-platform-channel-handle=1820 /prefetch:8
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --no-sandbox --service-request-channel-token=13580846425982979675 --mojo-platform-channel-handle=2364 /prefetch:8
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=utility --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3122226738328198946 --mojo-platform-channel-handle=2456 --ignored=" --type=renderer " /prefetch:8
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10725925889167585168 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4481322277879703955 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13703953944860688773 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8432873322074220677 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16940642416416023779 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7671616475607991764 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Windows\regedit.exe"
"C:\Program Files\rempl\sedsvc.exe"
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15333594529193905788 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Users\WSS\Desktop\Windows 8 and above\RegOwnershipEx.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7662598872896084639 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6115618034200644596 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2646779117021950621 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6112128387970092414 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14284872667015783102 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9174070169045938168 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
"C:\Users\WSS\Desktop\RSITx64.exe"
"C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --field-trial-handle=1464,6485546101186714738,6282920972062672034,131072 --enable-features=NewExtensionUpdaterService,PasswordImport,SimplifyHttpsIndicator,WebUIDarkMode --disable-features=AudioServiceOutOfProcess,AutofillServerCommunication,LookalikeUrlNavigationSuggestionsUI,NotificationTriggers,SmsReceiver,SyncUSSBookmarks,UnifiedConsent --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10093213483236238892 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\Programy\Office\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2019-10-10 193024]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11 509936]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2019-10-08 2872400]
"winlogui"=C:\Windows\system32\winlogui.exe [2019-10-12 1803776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Programy\Steam\steam.exe [2019-10-02 3211040]
"Discord"=C:\Users\WSS\AppData\Local\Discord\app-0.0.305\Discord.exe [2019-03-07 81780056]
"DAEMON Tools Lite Automount"=D:\Programy\Daemon Tools\DTAgent.exe [2018-09-13 731240]
"GalaxyClient"=C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [2018-12-21 7415880]
"HKCU"=C:\Windows\servicing\Skype.exe [2018-08-04 53104]
"World of Tanks"=D:\Hry\World_of_Tanks\WargamingGameUpdater.exe [2018-06-25 3139936]
"Spotify"=C:\Users\WSS\AppData\Roaming\Spotify\Spotify.exe [2019-10-12 21348768]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"CCXProcess"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [2019-10-22 144008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #2"=C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2019-10-23 1988240]
"Application Restart #1"=C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2019-10-23 1988240]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2018-05-17 638352]
"Redirector"=C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [2018-05-17 407440]
"HKLM"=C:\Windows\servicing\Skype.exe [2018-08-04 53104]
"LogMeIn Hamachi Ui"=D:\Programy\Hamachi\hamachi-2-ui.exe [2019-04-02 5890504]
"Adobe Creative Cloud"=C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2019-09-27 2084920]
"Discord"=C:\ProgramData\SquirrelMachineInstalls\Discord.exe [2019-08-18 61370712]
"ClamWin"=C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [2018-03-03 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-10-25 12:43:16 ----D---- C:\rsit
2019-10-25 12:43:16 ----D---- C:\Program Files\trend micro
2019-10-21 18:35:16 ----D---- C:\Users\WSS\AppData\Roaming\.clamwin
2019-10-21 18:34:57 ----D---- C:\ProgramData\.clamwin
2019-10-21 18:34:57 ----D---- C:\Program Files (x86)\ClamWin
2019-10-12 20:46:57 ----A---- C:\Windows\system32\winscomrssrv.dll
2019-10-12 20:46:48 ----A---- C:\Windows\system32\WinUpdates105.dat
2019-10-12 20:46:48 ----A---- C:\Windows\system32\wdbcache.tmp
2019-10-10 09:15:34 ----A---- C:\Windows\system32\winlogui.exe
2019-10-10 09:15:34 ----A---- C:\Windows\system32\StartupCheckLibrary.dll
2019-10-09 21:18:46 ----A---- C:\Windows\SYSWOW64\vulkaninfo-1-999-0-0-0.exe
2019-10-09 21:18:46 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2019-10-09 21:18:46 ----A---- C:\Windows\SYSWOW64\vulkan-1-999-0-0-0.dll
2019-10-09 21:18:46 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2019-10-09 21:18:46 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2019-10-09 21:18:46 ----A---- C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-10-09 21:18:46 ----A---- C:\Windows\system32\vulkaninfo.exe
2019-10-09 21:18:46 ----A---- C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-10-09 21:18:46 ----A---- C:\Windows\system32\vulkan-1.dll
2019-10-09 21:18:46 ----A---- C:\Windows\system32\OpenCL.dll
2019-10-09 21:18:46 ----A---- C:\Windows\system32\nvhdap64.dll
2019-10-09 21:18:45 ----A---- C:\Windows\SYSWOW64\nvptxJitCompiler.dll
2019-10-09 21:18:45 ----A---- C:\Windows\SYSWOW64\nvofapi.dll
2019-10-09 21:18:45 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2019-10-09 21:18:45 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2019-10-09 21:18:45 ----A---- C:\Windows\system32\nvptxJitCompiler.dll
2019-10-09 21:18:45 ----A---- C:\Windows\system32\nvofapi64.dll
2019-10-09 21:18:45 ----A---- C:\Windows\system32\nvmcumd.dll
2019-10-09 21:18:45 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2019-10-09 21:18:45 ----A---- C:\Windows\system32\NvIFR64.dll
2019-10-09 21:18:44 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2019-10-09 21:18:44 ----A---- C:\Windows\SYSWOW64\nvfatbinaryLoader.dll
2019-10-09 21:18:44 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2019-10-09 21:18:44 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2019-10-09 21:18:44 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2019-10-09 21:18:44 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2019-10-09 21:18:44 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\NvFBC64.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\nvfatbinaryLoader.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\nvdispgenco6443648.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\nvdispco6443648.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\nvcuvid.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\nvcuda.dll
2019-10-09 21:18:44 ----A---- C:\Windows\system32\nvcompiler.dll
2019-10-07 20:41:58 ----D---- C:\Program Files (x86)\Remote Mouse
2019-09-28 15:39:06 ----A---- C:\Windows\system32\setup4.2.6.tmp

======List of files/folders modified in the last 1 month======

2019-10-25 12:43:16 ----RD---- C:\Program Files
2019-10-25 12:42:05 ----D---- C:\Windows\Prefetch
2019-10-25 12:28:52 ----D---- C:\Windows\Temp
2019-10-25 12:28:51 ----D---- C:\Windows\System32
2019-10-25 12:28:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-10-25 12:25:21 ----D---- C:\ProgramData\NVIDIA
2019-10-25 12:23:46 ----D---- C:\Windows\system32\Tasks
2019-10-25 12:22:28 ----D---- C:\Windows\system32\sru
2019-10-25 12:15:04 ----HD---- C:\ProgramData
2019-10-25 12:10:26 ----D---- C:\Windows\system32\LogFiles
2019-10-25 12:10:19 ----RD---- C:\Windows\Microsoft.NET
2019-10-25 11:25:02 ----D---- C:\Users\WSS\AppData\Roaming\Battle.net
2019-10-25 11:25:02 ----D---- C:\Program Files (x86)\Battle.net
2019-10-25 11:21:22 ----D---- C:\Program Files\Common Files\Adobe
2019-10-23 10:53:27 ----D---- C:\Windows\system32\SleepStudy
2019-10-22 22:52:23 ----D---- C:\Windows\system32\catroot2
2019-10-22 22:50:33 ----D---- C:\Users\WSS\AppData\Roaming\qBittorrent
2019-10-22 15:25:02 ----D---- C:\Windows\Logs
2019-10-22 11:04:05 ----SHD---- C:\System Volume Information
2019-10-21 21:53:32 ----D---- C:\Users\WSS\AppData\Roaming\TS3Client
2019-10-21 20:28:09 ----RSD---- C:\Windows\assembly
2019-10-21 18:34:57 ----RD---- C:\Program Files (x86)
2019-10-21 18:32:36 ----D---- C:\Windows\system32\drivers
2019-10-21 18:32:35 ----HD---- C:\Windows\ELAMBKUP
2019-10-20 20:03:00 ----D---- C:\Users\WSS\AppData\Roaming\vlc
2019-10-20 17:09:22 ----D---- C:\Users\WSS\AppData\Roaming\RenPy
2019-10-20 16:54:30 ----SHD---- C:\Windows\Installer
2019-10-20 16:54:19 ----D---- C:\Windows\SysWOW64
2019-10-16 18:33:18 ----D---- C:\Program Files (x86)\Origin
2019-10-16 18:32:26 ----D---- C:\Windows
2019-10-12 22:25:35 ----D---- C:\Users\WSS\AppData\Roaming\Spotify
2019-10-10 09:15:33 ----RD---- C:\Program Files\Windows Defender
2019-10-09 21:36:32 ----D---- C:\Windows\DeliveryOptimization
2019-10-09 21:21:29 ----D---- C:\Windows\system32\DriverStore
2019-10-09 21:21:29 ----D---- C:\Windows\INF
2019-10-09 21:21:23 ----D---- C:\ProgramData\NVIDIA Corporation
2019-10-09 21:20:30 ----D---- C:\Program Files\NVIDIA Corporation
2019-10-09 21:20:26 ----D---- C:\Windows\LastGood
2019-10-09 20:43:47 ----D---- C:\Windows\system32\Macromed
2019-10-09 20:43:46 ----D---- C:\Windows\SYSWOW64\Macromed
2019-10-08 17:25:28 ----D---- C:\Program Files (x86)\Google
2019-10-06 21:31:59 ----D---- C:\Users\WSS\AppData\Roaming\discord
2019-10-06 18:55:54 ----D---- C:\Program Files\Adobe
2019-10-06 18:55:48 ----D---- C:\Program Files (x86)\Adobe
2019-10-02 18:41:20 ----D---- C:\Windows\system32\drivers\wd
2019-09-27 23:09:28 ----A---- C:\Windows\system32\nvapi64.dll
2019-09-27 20:19:45 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2019-09-27 01:23:18 ----A---- C:\Windows\system32\nvsvc64.dll
2019-09-27 01:23:18 ----A---- C:\Windows\system32\nvcpl.dll
2019-09-27 01:23:07 ----A---- C:\Windows\system32\nvsvcr.dll
2019-09-27 01:23:07 ----A---- C:\Windows\system32\nvshext.dll
2019-09-27 01:23:07 ----A---- C:\Windows\system32\nvmctray.dll
2019-09-27 01:23:07 ----A---- C:\Windows\system32\nv3dappshextr.dll
2019-09-27 01:23:07 ----A---- C:\Windows\system32\nv3dappshext.dll
2019-09-26 18:36:14 ----D---- C:\Windows\system32\config
2019-09-26 18:32:31 ----D---- C:\Users\WSS\AppData\Roaming\Adobe
2019-09-26 00:02:54 ----A---- C:\Windows\NvContainerRecovery.bat

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys [2017-09-29 56728]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\Windows\system32\drivers\mssecflt.sys [2017-09-29 293272]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys [2018-03-30 59808]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2018-05-17 139888]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2018-03-30 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys [2018-05-11 385536]
R2 hfFilter;hfFilter; C:\Windows\system32\drivers\hfFilter.sys [2017-02-05 34400]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2017-09-29 43520]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\Windows\system32\drivers\storqosflt.sys [2018-03-30 79872]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2017-09-29 105472]
R3 bthl2cap;@bthl2cap.inf,%bthl2cap_desc%;Microsoft Bluetooth Protocol Support Driver; C:\Windows\system32\DRIVERS\bthl2cap.sys [2017-09-29 83968]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-09-29 78848]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2018-04-15 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\drivers\BTHUSB.sys [2017-09-29 85504]
R3 dtlitescsibus;@oem16.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\System32\drivers\dtlitescsibus.sys [2018-09-26 30264]
R3 dtliteusbbus;@oem17.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\Windows\System32\drivers\dtliteusbbus.sys [2018-09-26 47672]
R3 Hamachi;@oem24.inf,%Hamachi.Service.DispName%;LogMeIn Hamachi Virtual Miniport); C:\Windows\system32\DRIVERS\Hamdrv.sys [2019-02-11 45680]
R3 iaLPSS2_UART2;@oem6.inf,%iaLPSS2_UART2.SVCDESC%;Intel(R) Serial IO UART Driver v2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [2017-06-28 310944]
R3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
R3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
R3 KillerEth;@e2xw10x64.inf,%RIVET.Service.DispName%;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller; C:\Windows\System32\drivers\e2xw10x64.sys [2017-09-29 145920]
R3 MEIx64;@oem8.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverW8x64.sys [2017-10-17 206496]
R3 NVHDA;@oem27.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2019-09-27 228792]
R3 nvlddmkm;nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_827405c7c65146ab\nvlddmkm.sys [2019-09-27 22377352]
R3 nvvad_WaveExtensible;@oem25.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2019-04-17 69840]
R3 nvvhci;@oem14.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\Windows\System32\drivers\nvvhci.sys [2019-04-17 75600]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2017-09-29 189440]
R3 ScpVBus;@oem23.inf,%ScpVBus.SVCDESC%;Scp Virtual Bus Driver; C:\Windows\System32\drivers\ScpVBus.sys [2013-05-19 39168]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2018-08-07 118688]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\Windows\system32\drivers\AppvStrm.sys [2017-09-29 126872]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\Windows\system32\drivers\AppvVemgr.sys [2017-09-29 158616]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\Windows\system32\drivers\AppvVfs.sys [2017-09-29 143768]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\drivers\BTHport.sys [2018-06-13 1015296]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2017-09-29 39424]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys [2017-09-29 60312]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2017-09-29 122368]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\System32\drivers\e1i63x64.sys [2017-09-29 524800]
S3 fwdrv;@oem20.inf,%fwdrv.DeviceDesc%;Fake Webcam; C:\Windows\system32\DRIVERS\fwdrv.sys [2014-03-22 27840]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2018-08-31 77096]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\Windows\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2018-03-30 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\Windows\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2019-07-23 30336]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2018-07-18 939304]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\Windows\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\Windows\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SensorsHIDClassDriver;@SensorsHidClassDriver.inf,%WudfSensorsHIDClassDriverDisplayName%;UMDF Reflector service for Sensors HID Class Driver; C:\Windows\System32\drivers\WUDFRd.sys [2017-09-29 259584]
S3 smbdirect;smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [2017-09-29 151552]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [2017-09-29 56216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-09-10 88136]
R2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2019-09-27 823352]
R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2019-10-08 3147344]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2019-10-08 2914896]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [2019-02-23 390504]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_45b27;CDPUserSvc_45b27; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Programy\Hamachi\x64\hamachi-2.exe [2019-04-02 3361736]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-08-27 860016]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2019-09-27 781864]
R2 OneSyncSvc_45b27;OneSyncSvc_45b27; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2019-10-15 3228976]
R2 RemoteMouseService;RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [2019-07-25 11264]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-09-27 304808]
R2 Serviio;Serviio; D:\Programy\Serviio\bin\ServiioService.exe [2019-05-15 413696]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe [2018-09-13 3648616]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S2 brave;Brave Update Service (brave); C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [2018-12-21 160200]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-10 153168]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-10-09 335416]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2018-10-17 7361312]
S3 BraveElevationService;Brave Elevation Service; C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe []
S3 bravem;Brave Update Service (bravem); C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [2018-12-21 160200]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_45b27;DevicesFlowUserSvc_45b27; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-05-03 86016]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2019-07-06 803440]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-09-28 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 GalaxyClientService;GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2018-12-21 707144]
S3 GalaxyCommunication;GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2018-12-21 7172680]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\elevation_service.exe [2019-10-20 1110512]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-10 153168]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_45b27;MessagingService_45b27; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-08-27 860016]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2019-10-15 2348336]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc_45b27;PimIndexMaintenanceSvc_45b27; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_45b27;PrintWorkflowUserSvc_45b27; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\Windows\system32\spectrum.exe [2018-06-08 956416]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2019-10-02 1701152]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\Windows\system32\AppVClient.exe [2018-05-12 819096]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]

-----------------EOF-----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2019
Ran by WSS (administrator) on DESKTOP-5M56U6R (MSI MS-7978) (25-10-2019 12:51:04)
Running from C:\Users\WSS\Desktop
Loaded Profiles: WSS (Available Profiles: WSS)
Platform: Windows 10 Pro Version 1709 16299.726 (X64) Language: English (United States)
Default browser: "C:\Users\WSS\AppData\Local\Brave\Brave.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
() [File not signed] D:\Programy\Serviio\bin\ServiioService.exe
() [File not signed] D:\Programy\Serviio\bin\ServiioService.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(alch) [File not signed] C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) D:\Programy\Daemon Tools\DTShellHlp.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(hxxp://winaero.com) [File not signed] C:\Users\WSS\Desktop\Windows 8 and above\RegOwnershipEx.exe
(LogMeIn, Inc. -> LogMeIn Inc.) D:\Programy\Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) D:\Programy\Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(remotemouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(RemoteMouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [193024 2019-10-10] (Microsoft Corporation) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [winlogui] => C:\Windows\system32\winlogui.exe [1803776 2019-10-12] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [HKLM] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-08-18] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2018-03-03] (alch) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (AVG Netherlands B.V) <==== ATTENTION
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (Zemana) <==== ATTENTION
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3211040 2019-10-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Discord] => C:\Users\WSS\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\Daemon Tools\DTAgent.exe [731240 2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7415880 2018-12-21] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [HKCU] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [World of Tanks] => D:\Hry\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Spotify] => C:\Users\WSS\AppData\Roaming\Spotify\Spotify.exe [21348768 2019-10-12] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () [File not signed]
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [1988240 2019-10-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [1988240 2019-10-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {2e39f8a0-d111-11e8-aebc-001a7dda7111} - "J:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd3a-c199-11e8-aeb2-001a7dda7111} - "E:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd5f-c199-11e8-aeb2-001a7dda7111} - "F:\SETUP.EXE"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a18f-fcb6-11e8-aebe-001a7dda7111} - "G:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a6b5-fcb6-11e8-aebe-001a7dda7111} - "I:\setup.exe"
HKU\S-1-5-18\...\Run: [HKCU] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\78.0.70.121\Installer\chrmstp.exe [2019-10-25] (Brave Software, Inc.) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{5460C4DF-B266-909E-CB58-E32B79832EB2}] -> C:\Windows\servicing\Skype.exe [2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {035AA5F5-9948-48A7-93CA-94DD82407DB3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0624B00B-4DEE-49A0-886A-2AF651634E1E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {08BAF982-D128-4445-AE17-A82B7CD39DFD} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0B87BD83-C26D-4045-B641-91C4E9710535} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1290204E-2276-40E5-8D73-CC42CA77DC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {246D0244-085E-47E2-82F1-B52D1E10D84E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2756B475-E29F-4729-825D-4B06B60F0E33} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-5M56U6R-WSS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {30BC7B81-FA8D-4E3C-A2CD-D8302526E820} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
Task: {38F779C1-19C2-42CA-8477-20CFF2D7ECC2} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {503CD507-1501-4C91-83CA-A8593B7F78C0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6313BD33-5FEE-4DE4-92BD-C8E47BACC236} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {663C7A32-A621-45AA-869D-7E66ECBA0B75} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {6908B132-02CC-49B3-9AC2-6C6B1A99B224} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E6C9837-2119-48E4-8A77-9457C2BD1D39} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {927E48A7-09A4-4D29-B924-2B4D91533A97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {95560CEF-FD13-4997-9B6D-6C8039ED847F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A51BA0F-7977-48B6-9902-1BD8A34AFC6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_pepper.exe [1453112 2019-10-09] (Adobe Inc. -> Adobe)
Task: {9AD39663-46A8-471F-8784-9CCB39224A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {9F85567E-F56C-4735-9EDA-357732E21939} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1486370-AFFE-4778-948F-BDB06DA12276} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B99A9ED9-C642-43C5-84B8-CE56B3772A66} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BA8D312A-C367-4B51-89D9-39AF180EBD35} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {DAE735AB-812B-4146-BFD1-9FEC9CCCA435} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0140363-C57A-4A59-95E8-9811A67C6C6B} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {F5029CA6-6509-4282-A4AA-DF2231D8FFE6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FE635D9F-04F8-4A25-86FD-F7D4E58EED16} - System32\Tasks\KMS_VL_ALL => C:\Windows\schemas\Scripts\KMS_VL_ALL.cmd

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{293e1a5d-ad83-4df8-bffc-d2ddfd8ff2d3}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programy\Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Programy\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Programy\Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> D:\Programy\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> D:\Programy\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default [2019-10-24]
CHR Extension: (Slides) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-10]
CHR Extension: (Docs) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-10]
CHR Extension: (Google Drive) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-10]
CHR Extension: (YouTube) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-10]
CHR Extension: (Sheets) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-22]
CHR Extension: (Video DownloadHelper) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07]
CHR Extension: (Gmail) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7361312 2018-10-17] (BattlEye Innovations e.K. -> )
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2019-02-23] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 Disc Soft Lite Bus Service; D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe [3648616 2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-07-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-21] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-21] (GOG Sp. z o.o. -> GOG.com)
R2 Hamachi2Svc; D:\Programy\Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2348336 2019-10-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3228976 2019-10-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [11264 2019-07-25] () [File not signed]
R2 Serviio; D:\Programy\Serviio\bin\ServiioService.exe [413696 2019-05-15] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WSearch; C:\Windows\system32\SearchIndexer.exe [982016 2018-04-15] (Access Denied) [File not signed]
S3 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 Windows Updates Services; C:\Windows\servicing\starter.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2018-09-26] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2018-09-26] (Disc Soft Ltd -> Disc Soft Ltd)
S3 fwdrv; C:\Windows\system32\DRIVERS\fwdrv.sys [27840 2014-03-22] (Web Solution Mart -> Web Solution Mart)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-02-11] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 hfFilter; C:\Windows\System32\drivers\hfFilter.sys [34400 2017-02-05] (Access Denied) [File not signed]
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_827405c7c65146ab\nvlddmkm.sys [22377352 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1999-11-04] () [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-25 12:51 - 2019-10-25 12:51 - 000035583 _____ C:\Users\WSS\Desktop\FRST.txt
2019-10-25 12:50 - 2019-10-25 12:51 - 000000000 ____D C:\FRST
2019-10-25 12:43 - 2019-10-25 12:43 - 000000000 ____D C:\rsit
2019-10-25 12:43 - 2019-10-25 12:43 - 000000000 ____D C:\Program Files\trend micro
2019-10-25 12:41 - 2019-10-25 12:41 - 001617920 _____ (Farbar) C:\Users\WSS\Desktop\FRST64.exe
2019-10-25 12:41 - 2019-10-25 12:41 - 001222144 _____ C:\Users\WSS\Desktop\RSITx64.exe
2019-10-25 12:35 - 2019-10-25 12:35 - 000397241 _____ C:\Users\WSS\Desktop\roex.zip
2019-10-25 12:35 - 2017-03-29 22:20 - 000000000 ____D C:\Users\WSS\Desktop\Windows 8 and above
2019-10-25 12:21 - 2019-10-25 12:21 - 000000631 _____ C:\Users\Public\Desktop\Call of Duty Modern Warfare.lnk
2019-10-25 12:21 - 2019-10-25 12:21 - 000000631 _____ C:\ProgramData\Desktop\Call of Duty Modern Warfare.lnk
2019-10-25 12:21 - 2019-10-25 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare
2019-10-25 11:22 - 2019-10-25 11:22 - 004974248 _____ (Blizzard Entertainment) C:\Users\WSS\Desktop\Modern-Warfare-Setup.exe
2019-10-22 16:59 - 2019-10-22 17:15 - 000000000 ____D C:\Users\WSS\Documents\Parkitect
2019-10-22 16:59 - 2019-10-22 16:59 - 000000679 _____ C:\Users\WSS\Desktop\Parkitect.lnk
2019-10-22 16:59 - 2019-10-22 16:59 - 000000000 ____D C:\Users\WSS\AppData\LocalLow\Texel Raptor
2019-10-22 16:59 - 2019-10-22 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parkitect
2019-10-22 11:24 - 2019-10-22 11:24 - 000000000 ____D C:\Users\WSS\AppData\Local\ChernobylGame
2019-10-22 11:22 - 2019-10-22 11:22 - 000000800 _____ C:\Users\Public\Desktop\Chernobylite.lnk
2019-10-22 11:22 - 2019-10-22 11:22 - 000000800 _____ C:\ProgramData\Desktop\Chernobylite.lnk
2019-10-22 11:22 - 2019-10-22 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chernobylite [GOG.com]
2019-10-21 18:35 - 2019-10-21 18:36 - 000000000 ____D C:\Users\WSS\AppData\Roaming\.clamwin
2019-10-21 18:35 - 2019-10-21 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2019-10-21 18:34 - 2019-10-21 18:34 - 000000000 ____D C:\ProgramData\.clamwin
2019-10-21 18:34 - 2019-10-21 18:34 - 000000000 ____D C:\Program Files (x86)\ClamWin
2019-10-21 18:27 - 2019-10-21 18:27 - 000000000 ____D C:\Users\WSS\AppData\Local\mbam
2019-10-21 18:26 - 2019-10-21 18:26 - 000000000 ____D C:\Users\WSS\AppData\Local\mbamtray
2019-10-21 18:23 - 2019-10-21 18:23 - 066367928 _____ (Malwarebytes ) C:\Users\WSS\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.627-1.0.12633.exe
2019-10-20 17:05 - 2019-10-20 17:07 - 2331411963 _____ C:\Users\WSS\Downloads\BrokenDreamers-042-pc.zip
2019-10-18 18:32 - 2019-10-18 18:32 - 000000723 _____ C:\Users\WSS\Desktop\Slay the Spire.lnk
2019-10-18 18:32 - 2019-10-18 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slay the Spire
2019-10-12 20:46 - 2019-10-12 20:46 - 001931264 _____ (Microsoft Corporation) C:\Windows\system32\winscomrssrv.dll
2019-10-12 20:46 - 2019-10-12 20:46 - 000000024 _____ C:\Windows\system32\WinUpdates105.dat
2019-10-12 20:46 - 2019-10-12 20:46 - 000000003 _____ C:\Windows\system32\wdbcache.tmp
2019-10-10 09:15 - 2019-10-12 20:46 - 001803776 _____ (Microsoft Corporation) C:\Windows\system32\winlogui.exe
2019-10-10 09:15 - 2019-10-10 09:15 - 002619392 _____ (Microsoft Corporation) C:\Windows\system32\StartupCheckLibrary.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 011561728 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 009936640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 001012640 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 001012640 _____ C:\Windows\system32\vulkan-1.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 000876448 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 000876448 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 000447120 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 000351888 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-10-09 21:18 - 2019-09-27 23:15 - 000301472 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-10-09 21:18 - 2019-09-27 23:15 - 000301472 _____ C:\Windows\system32\vulkaninfo.exe
2019-10-09 21:18 - 2019-09-27 23:15 - 000273312 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-10-09 21:18 - 2019-09-27 23:15 - 000273312 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-10-09 21:18 - 2019-09-27 23:14 - 000823552 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-10-09 21:18 - 2019-09-27 23:14 - 000676744 _____ C:\Windows\system32\nvofapi64.dll
2019-10-09 21:18 - 2019-09-27 23:14 - 000633224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-10-09 21:18 - 2019-09-27 23:14 - 000544456 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 040445128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 035333888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 017301248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 014922440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 005358464 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 004697288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 002051512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001726720 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443648.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001551240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001491144 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443648.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001477512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001246976 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001140424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 000959416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 000812800 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 000659328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 000523520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-10-09 21:18 - 2019-09-27 23:09 - 004263512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-10-09 21:18 - 2019-09-27 20:19 - 000047272 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-10-07 20:41 - 2019-10-07 20:42 - 000000000 ____D C:\Program Files (x86)\Remote Mouse
2019-10-07 20:41 - 2019-10-07 20:41 - 000001119 _____ C:\Users\Public\Desktop\Remote Mouse.lnk
2019-10-07 20:41 - 2019-10-07 20:41 - 000001119 _____ C:\ProgramData\Desktop\Remote Mouse.lnk
2019-10-07 20:41 - 2019-10-07 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse
2019-10-07 16:47 - 2019-10-07 16:47 - 000000000 ____D C:\Users\WSS\AppData\LocalLow\Wizards Of The Coast
2019-10-07 16:45 - 2019-10-07 16:45 - 000000000 ____D C:\Users\WSS\Documents\Gatewatch_Logs
2019-10-07 16:45 - 2019-10-07 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
2019-10-07 16:44 - 2019-10-07 16:45 - 000000875 _____ C:\Users\WSS\Desktop\MTG Arena.lnk
2019-10-03 17:44 - 2019-10-23 14:36 - 000003518 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2019-10-03 17:44 - 2019-10-22 23:14 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-10-03 17:44 - 2019-10-22 23:14 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-09-29 00:51 - 2011-10-27 07:31 - 192698806 _____ C:\Users\WSS\Desktop\FOTBAL.avi
2019-09-29 00:51 - 2009-10-31 20:26 - 057528948 _____ C:\Users\WSS\Desktop\Můj film.avi
2019-09-29 00:51 - 2008-06-25 19:34 - 046290142 _____ C:\Users\WSS\Desktop\DVR037.AVI
2019-09-28 21:02 - 2019-09-28 21:03 - 000000000 ____D C:\Users\WSS\Desktop\GeneRally
2019-09-28 15:39 - 2019-09-28 15:39 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2019-09-28 15:39 - 2019-09-28 15:39 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-25 12:28 - 2017-11-28 05:51 - 003013730 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-25 12:25 - 2018-09-22 18:08 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-25 12:23 - 2019-07-23 10:15 - 000000000 ___RD C:\Users\WSS\Creative Cloud Files
2019-10-25 12:23 - 2018-09-25 13:29 - 000000000 ____D C:\Users\WSS\AppData\Local\Adobe
2019-10-25 12:23 - 2018-09-22 18:16 - 000003200 _____ C:\Windows\system32\Tasks\KMS_VL_ALL
2019-10-25 12:22 - 2019-02-23 21:11 - 000000000 ____D C:\Users\WSS\AppData\Local\Battle.net
2019-10-25 12:22 - 2017-11-28 05:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-25 12:22 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI
2019-10-25 12:15 - 2019-03-26 18:38 - 000000722 __RSH C:\ProgramData\ntuser.pol
2019-10-25 12:09 - 2018-12-21 20:54 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-10-25 12:09 - 2018-12-21 20:54 - 000002377 _____ C:\Users\Public\Desktop\Brave.lnk
2019-10-25 12:09 - 2018-12-21 20:54 - 000002377 _____ C:\ProgramData\Desktop\Brave.lnk
2019-10-25 11:25 - 2019-02-23 21:11 - 000000000 ____D C:\Users\WSS\AppData\Roaming\Battle.net
2019-10-25 11:25 - 2019-02-23 21:09 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-10-25 11:23 - 2019-02-23 21:11 - 000000000 ____D C:\Users\WSS\AppData\Local\Blizzard Entertainment
2019-10-25 11:23 - 2019-02-23 21:09 - 000000000 ____D C:\Users\WSS\AppData\Local\Blizzard
2019-10-25 11:21 - 2018-10-16 09:03 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-10-23 22:57 - 2018-11-10 10:51 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-23 10:53 - 2017-11-28 05:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-10-22 22:50 - 2018-09-26 17:17 - 000000000 ____D C:\Users\WSS\AppData\Roaming\qBittorrent
2019-10-22 12:52 - 2018-10-03 18:44 - 000000000 ____D C:\Users\WSS\AppData\LocalLow\Mozilla
2019-10-22 12:03 - 2018-10-12 22:31 - 000001320 _____ C:\Users\Public\Desktop\Gwent.lnk
2019-10-22 12:03 - 2018-10-12 22:31 - 000001320 _____ C:\ProgramData\Desktop\Gwent.lnk
2019-10-22 12:03 - 2018-10-12 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2019-10-22 11:00 - 2019-04-09 22:21 - 000000246 _____ C:\Windows\HFIT.hff
2019-10-21 21:53 - 2018-11-27 20:57 - 000000000 ____D C:\Users\WSS\AppData\Roaming\TS3Client
2019-10-21 18:32 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-10-20 20:03 - 2019-02-22 01:12 - 000000000 ____D C:\Users\WSS\AppData\Roaming\vlc
2019-10-20 17:09 - 2018-10-11 09:11 - 000000000 ____D C:\Users\WSS\AppData\Roaming\RenPy
2019-10-20 16:54 - 2019-03-29 22:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-10-16 18:33 - 2018-09-23 12:32 - 000000000 ____D C:\Program Files (x86)\Origin
2019-10-16 17:35 - 2019-03-29 22:33 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-10-16 17:32 - 2019-02-23 13:02 - 000000000 ____D C:\Users\WSS\AppData\Local\LogMeIn Hamachi
2019-10-12 22:45 - 2018-11-22 21:35 - 000000000 ____D C:\Users\WSS\AppData\Local\Spotify
2019-10-12 22:25 - 2018-11-22 21:35 - 000000000 ____D C:\Users\WSS\AppData\Roaming\Spotify
2019-10-10 09:29 - 2018-09-24 17:25 - 000000000 ____D C:\Users\WSS\AppData\Local\NVIDIA
2019-10-10 09:16 - 2018-09-22 18:16 - 000000000 ____D C:\Users\WSS
2019-10-10 09:15 - 2017-09-29 15:46 - 000000000 ___RD C:\Program Files\Windows Defender
2019-10-09 21:36 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2019-10-09 21:21 - 2018-09-22 18:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-10-09 21:21 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2019-10-09 21:20 - 2019-06-08 23:36 - 000000000 ____D C:\Windows\LastGood
2019-10-09 21:20 - 2018-09-22 18:08 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-10-09 20:43 - 2018-09-25 13:29 - 000004596 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-10-09 20:43 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-09 20:43 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-08 17:25 - 2018-11-10 10:50 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-08 17:25 - 2018-11-10 10:50 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-08 17:25 - 2018-11-10 10:50 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-06 21:31 - 2018-09-25 13:23 - 000000000 ____D C:\Users\WSS\AppData\Roaming\discord
2019-10-06 18:55 - 2019-07-23 10:06 - 000001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2019-10-06 18:55 - 2019-03-29 22:33 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-10-06 18:55 - 2018-10-16 09:03 - 000000000 ____D C:\Program Files\Adobe
2019-10-02 18:41 - 2018-09-24 16:54 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-09-27 23:09 - 2017-11-09 04:25 - 005002192 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-09-27 20:19 - 2017-11-09 04:38 - 001683032 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-09-27 20:19 - 2017-11-09 04:38 - 000228792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-09-27 03:27 - 2017-11-09 03:57 - 000054700 _____ C:\Windows\system32\nvinfo.pb
2019-09-27 01:23 - 2018-09-22 18:08 - 005468016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-09-27 01:23 - 2018-09-22 18:08 - 002635248 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-09-27 01:23 - 2018-09-22 18:08 - 001767464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-09-27 01:23 - 2018-09-22 18:08 - 000653680 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-09-27 01:23 - 2018-09-22 18:08 - 000451056 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-09-27 01:23 - 2018-09-22 18:08 - 000124784 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-09-27 01:23 - 2018-09-22 18:08 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-09-26 18:32 - 2018-09-22 18:16 - 000000000 ____D C:\Users\WSS\AppData\Roaming\Adobe
2019-09-26 09:55 - 2018-09-22 18:08 - 008716712 _____ C:\Windows\system32\nvcoproc.bin
2019-09-26 00:02 - 2018-09-22 18:08 - 000001951 _____ C:\Windows\NvContainerRecovery.bat

==================== Files in the root of some directories ================

2019-09-18 16:32 - 2019-09-18 16:35 - 000000034 _____ () C:\Users\WSS\AppData\Roaming\AdobeWLCMCache.dat
2019-02-16 15:21 - 2019-02-16 15:21 - 000000000 ___SH () C:\Users\WSS\AppData\Local\LumaEmu
2019-07-23 10:14 - 2019-07-23 10:14 - 000000000 _____ () C:\Users\WSS\AppData\Local\oobelibMkey.log

==================== FLock ================

2018-04-15 22:04 C:\Windows\system32\SearchIndexer.exe
2019-10-22 11:00 C:\Windows\HFIT.hff
2017-02-05 20:30 C:\Windows\system32\Drivers\hfFilter.sys

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\servicing\Skype.exe [2018-08-04] <==== ATTENTION

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-25 12:10
==================== End of FRST.txt ============================
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#2 Příspěvek od WhySoSad »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2019
Ran by WSS (25-10-2019 12:51:52)
Running from C:\Users\WSS\Desktop
Windows 10 Pro Version 1709 16299.726 (X64) (2018-09-22 16:07:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1906486174-218330440-3877118835-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1906486174-218330440-3877118835-503 - Limited - Disabled)
Guest (S-1-5-21-1906486174-218330440-3877118835-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1906486174-218330440-3877118835-504 - Limited - Disabled)
WSS (S-1-5-21-1906486174-218330440-3877118835-1002 - Administrator - Enabled) => C:\Users\WSS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20048 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Ancestors The Humankind Odyssey (HKLM-x32\...\Ancestors The Humankind Odyssey_is1) (Version: - )
BANNERMEN (HKLM\...\YmFubmVybWVu_is1) (Version: 1 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlestate Games Launcher 0.5.7.495 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 0.5.7.495 - Battlestate Games)
Blair Witch (HKLM-x32\...\Blair Witch_is1) (Version: - )
Blair Witch (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Blair Witch) (Version: - HOODLUM)
BobsTrackBuilder (HKLM-x32\...\{ECDF8120-703D-4A96-B36C-A565419B3900}) (Version: 1.0.0 - Bobs Track Builder)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 78.0.70.121 - Brave Software Inc)
Brave (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Brave) (Version: 0.27.3 - Brave Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.73.1084 - AB Team, d.o.o.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
Chernobylite (HKLM-x32\...\1472128402_is1) (Version: 20591 - GOG.com)
Cities Skylines Campus (HKLM-x32\...\Cities Skylines Campus_is1) (Version: - )
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
ClamWin Free Antivirus 0.99.4 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Community Modpack for Mafia: The City of Lost Heaven (HKLM-x32\...\Community Modpack for Mafia: The City of Lost Heaven_is1) (Version: - Rimsky)
Control (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Control) (Version: - HOODLUM)
CrystalDiskInfo 8.2.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.2.0 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0630 - Disc Soft Ltd)
Darksiders III (HKLM-x32\...\Darksiders III_is1) (Version: - )
Darkwood (HKLM-x32\...\Darkwood_is1) (Version: - )
DawnOfMan (HKLM-x32\...\1899257943_is1) (Version: 1.0.0 - GOG.com)
Discord (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Discord) (Version: 0.0.305 - Discord Inc.)
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Dont Starve Together (HKLM-x32\...\Dont Starve Together_is1) (Version: - )
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.10.2.2003 - Battlestate Games)
Exanima (HKLM-x32\...\1470768488_is1) (Version: 0.7.0.6c - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 4.0.3 - GOG.com)
Hotline Miami 2 - Wrong Number (HKLM-x32\...\1424773427_is1) (Version: 2.0.0.1 - GOG.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Into the Breach (HKLM-x32\...\2004253604_is1) (Version: 1.0.06 - GOG.com)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version: - )
Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Mafia (HKLM-x32\...\{C72D7008-266D-4DD8-BF3C-296B736127F6}) (Version: 1.02 - )
Men of War Assault Squad 2 - Cold War (HKLM\...\TinyISO - Men of War Assault Squad 2 - Cold War) (Version: - TinyISO)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
MISERY version 2.2 (HKLM-x32\...\MISERY_is1) (Version: 2.2 - MISERY Development Team)
MPC-BE x64 1.5.3.4488 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.5.3.4488 - MPC-BE Team)
MTG Arena (HKLM-x32\...\{F62E5477-A813-448F-AD6C-34FB7C31E360}) (Version: 0.1.1805 - Wizards of the Coast)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Graphics Driver 436.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
Online Plug-in (HKLM-x32\...\{2E9881CA-E41C-45E5-8055-61A4CC1BF93F}) (Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.50.31938 - Electronic Arts, Inc.)
Outward (HKLM\...\b3V0d2FyZA_is1) (Version: 1 - )
Parkitect (HKLM-x32\...\Parkitect_is1) (Version: - )
Pathologic 2 (HKLM-x32\...\Pathologic 2_is1) (Version: - )
Portal 2 (HKLM-x32\...\AC7F4E43-1023-443F-9746-58A93E04D896_is1) (Version: 1.0.0.0 - )
qBittorrent 4.1.3 (HKLM-x32\...\qBittorrent) (Version: 4.1.3 - The qBittorrent project)
Remote Mouse version 3.012 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.012 - Remote Mouse)
Resident Evil 2 (HKLM-x32\...\Resident Evil 2_is1) (Version: - )
Resident Evil 6 version 1 (HKLM-x32\...\UmVzaWRlbnQgRXZpbCA2_is1) (Version: 1 - )
Re-Volt (HKLM-x32\...\GOGPACKREVOLT_is1) (Version: 2.1.0.5 - GOG.com)
rFactor (remove only) (HKLM-x32\...\rFactor) (Version: - )
S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\1207660583_is1) (Version: 2.1.0.17 - GOG.com)
SecretFolder version 6.5.0.0 (HKLM-x32\...\SecretFolder_is1) (Version: 6.5.0.0 - hxxp://ohsoft.net/)
Self-service Plug-in (HKLM-x32\...\{7A029AB7-8CC4-4FE8-904F-A090248C1BC7}) (Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Serviio (HKLM\...\Serviio) (Version: 2.0 - Six Lines Ltd)
Slay the Spire (HKLM-x32\...\Slay the Spire_is1) (Version: - )
Spotify (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Spotify) (Version: 1.1.16.522.g55a4b852 - Spotify AB)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 4 Gold Edition (HKLM-x32\...\1409964317_is1) (Version: 2.0.0.4 - GOG.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
Tetris Effect (HKLM-x32\...\Tetris Effect_is1) (Version: - )
The Hong Kong Massacre (HKLM-x32\...\The Hong Kong Massacre_is1) (Version: - )
The Long Dark Redux (HKLM-x32\...\The Long Dark Redux_is1) (Version: - )
They Are Billions (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\They Are Billions) (Version: - HOODLUM)
Tropico 6 (HKLM-x32\...\Tropico 6_is1) (Version: - )
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{91684B6D-153D-4C12-B6B1-59F7496BE44A}) (Version: 2.50.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 69.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
Wreckfest (HKLM-x32\...\Wreckfest_is1) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-23] (Adobe Systems Incorporated)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1341.1.0_x86__kgqvnymyfvs32 [2018-09-22] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.123.200.0_x86__kgqvnymyfvs32 [2018-09-22] (king.com)
CnX Player -> C:\Program Files\WindowsApps\PATHWINSOFTWAREPRIVATELIM.CnXPlayer_3.5.0.0_x86__9xc72fbp6jsh6 [2019-06-04] (PATHWIN SOFTWARE PRIVATE LIMITED) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.3.301.0_x64__rz1tebttyb220 [2018-09-22] (Dolby Laboratories)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.25.2503.0_x86__ytsefhwckbdv6 [2018-10-11] (G5 Entertainment AB)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10827.20137.0_x64__8wekyb3d8bbwe [2018-10-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-04] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.27.2643.0_x64__8wekyb3d8bbwe [2018-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.8172.0_x86__8wekyb3d8bbwe [2018-09-22] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-09-22] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-262B826FBF50} -> [Creative Cloud Files] => C:\Users\WSS\Creative Cloud Files [2019-07-23 10:15]
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\WSS\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\WSS\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\WSS\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => D:\Programy\Daemon Tools\DTShl64.dll [2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => D:\Programy\Daemon Tools\DTShl64.dll [2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2012-05-18] ( ) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189952 2017-09-29] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) ==============

2019-10-21 18:34 - 2008-04-19 17:35 - 000080384 _____ () [File not signed] C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2019-10-21 18:34 - 2005-02-08 17:23 - 000979005 _____ () [File not signed] C:\Program Files (x86)\ClamWin\bin\python23.dll
2019-10-21 18:34 - 2004-05-25 21:17 - 000622651 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2019-10-21 18:34 - 2004-01-15 14:45 - 000061440 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2019-10-21 18:34 - 2004-05-25 21:18 - 000049212 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2019-10-21 18:34 - 2004-05-25 21:18 - 000057401 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2019-10-21 18:34 - 2004-05-25 21:18 - 000495616 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2019-10-21 18:34 - 2004-05-25 21:20 - 000036864 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2019-10-21 18:34 - 2004-05-25 21:19 - 000045117 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2019-10-21 18:34 - 2003-08-10 09:14 - 000061440 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2019-10-21 18:34 - 2004-10-11 20:22 - 000315392 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2019-10-21 18:34 - 2004-10-11 20:21 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2019-10-21 18:34 - 2004-11-20 03:27 - 000106496 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\shell.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000069632 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000024576 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000077824 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000086016 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000024576 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000036864 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000065536 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2019-10-21 18:34 - 2003-10-01 13:40 - 002240512 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2019-10-21 18:34 - 2003-10-01 11:43 - 003239936 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2019-10-07 20:41 - 2019-04-19 17:12 - 001391104 _____ (Remote Mouse) [File not signed] C:\Program Files (x86)\Remote Mouse\windows_api.dll
2018-09-23 12:32 - 2019-06-11 08:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2018-09-23 12:32 - 2019-06-11 08:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\WSS\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\WSS\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2017-09-29 15:44 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1906486174-218330440-3877118835-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\WSS\Desktop\asd.png
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "HKLM"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "HKCU"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "World of Tanks"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6557AB05-E832-4293-B1AE-CF05E13D1BC4}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{62A0155E-AB52-4BDA-93A3-50CFEF434389}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7D8A2F97-2C09-4080-BCE8-568DA0C0136E}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A7B5762-0EFD-4035-94C7-B25E6065F469}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5BD57C0A-524D-47A4-9A48-1FB2DEA4C3B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05CBB35B-7BF1-4012-9B5B-807B5F2B5ACE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{7169C8CE-F7FF-4023-A8C2-1127EE19ECD8}D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe No File
FirewallRules: [UDP Query User{CC236695-0741-47E4-83F0-09E835CAEA8E}D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe No File
FirewallRules: [TCP Query User{F0F07424-0049-4B59-811D-E0D46D23E3F7}C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe] => (Allow) C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe No File
FirewallRules: [UDP Query User{727DD4CA-2100-44AF-9471-9E909980A6E2}C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe] => (Allow) C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe No File
FirewallRules: [{AD7B9184-F03D-4D93-9CBE-ECD4BFB69094}] => (Allow) D:\Programy\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{E385FCA5-6FFD-4B3A-A1CE-5176CF7A3903}] => (Allow) D:\Programy\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0CD36812-DF4B-414F-B671-4CAAC6C114DB}] => (Allow) D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{7C7EDB57-C0AD-40BF-893A-2D584EF4517E}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8407C8A8-8104-4F0E-9610-BF1933B664A7}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{DC9D6CB4-82F7-4272-811B-07359482A380}D:\hry\gwent\gwent\gwent.exe] => (Allow) D:\hry\gwent\gwent\gwent.exe () [File not signed]
FirewallRules: [UDP Query User{2BE90420-25B5-47E1-B768-4C70A2ABED91}D:\hry\gwent\gwent\gwent.exe] => (Allow) D:\hry\gwent\gwent\gwent.exe () [File not signed]
FirewallRules: [{E9336F7E-FCFE-4FBF-8638-9508544C8D30}] => (Allow) D:\Hry\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{D7B896FD-3A95-447F-BDB1-801F2C0869F5}] => (Allow) D:\Hry\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [TCP Query User{77C499EA-A7D5-4684-9D03-93782EC9A425}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{A0A9791E-7FA1-4D8F-B6D9-CFB4A75E20B8}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{5C419C0F-521E-4FEC-9C02-7BA53C069625}D:\hry\world_of_tanks\wotlauncher.exe] => (Allow) D:\hry\world_of_tanks\wotlauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E0762E5E-98E3-4890-8D02-55FA58ABC16C}D:\hry\world_of_tanks\wotlauncher.exe] => (Allow) D:\hry\world_of_tanks\wotlauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{0D85AABC-048A-4B93-8BFD-A9D0B11E8C1F}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{81708566-7443-4D1E-AB73-7A53D6A86924}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{77DE473A-D515-4159-AB09-6B7B4CD644A1}D:\hry\world_of_tanks\worldoftanks.exe] => (Block) D:\hry\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{BAAA0996-6ECB-43D4-839F-799C0C76A140}D:\hry\world_of_tanks\worldoftanks.exe] => (Block) D:\hry\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{2F72D19B-9D5E-4E0E-A52D-BC86BA4E41C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A0B923DF-0028-47A4-8DFE-92B091339F2E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [{2A50958C-4F0C-4E05-BA33-782D9C83D86B}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [{3B150106-2A1B-466A-9763-1341569A66D8}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [TCP Query User{E67B4699-27A0-4E1F-9925-3CFA8C55A608}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{D762494A-7845-4F98-B646-DF16067DBB9C}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [{FB8D4DDF-20B1-429D-8152-F18E1A3FBA49}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{6BC70D53-9365-4879-91A8-304281538D5E}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{20E4F9E3-C842-44FF-860A-E10C7D4F0718}C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe (New World Interactive LLC -> New World Interactive)
FirewallRules: [UDP Query User{FBCBEDF2-A7DD-42D4-8103-F030BDE9B1FF}C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe (New World Interactive LLC -> New World Interactive)
FirewallRules: [TCP Query User{A8C67750-70C7-4854-8536-8E77B021E071}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [UDP Query User{105098EB-6CA4-429F-9386-FA789E0C57BA}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [TCP Query User{7204CD36-CE5A-408E-ADBF-E613A4341F94}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{EBBC456E-1FF0-4E95-AB09-5DDE6CBAFF6C}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [{61FD807C-F1B3-4CD4-B329-9706FA9990DE}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut.exe (Hazelight Studios AB) [File not signed]
FirewallRules: [{BB43D60E-8576-45E7-BAFB-708F4EA52643}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut.exe (Hazelight Studios AB) [File not signed]
FirewallRules: [{00FFCFE1-1AED-4575-84F7-8755429E4DC1}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut_friend.exe (Hazelight Studios AB -> Hazelight Studios AB)
FirewallRules: [{C0FA0A65-72D9-46E3-874C-FE50699AFC76}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut_friend.exe (Hazelight Studios AB -> Hazelight Studios AB)
FirewallRules: [TCP Query User{22EDF6D1-319F-4A81-AD4B-56E20CACDD22}D:\hry\portal 2\portal2.exe] => (Allow) D:\hry\portal 2\portal2.exe () [File not signed]
FirewallRules: [UDP Query User{EC67BF5B-9407-4F48-BEB0-A9B1C01F316E}D:\hry\portal 2\portal2.exe] => (Allow) D:\hry\portal 2\portal2.exe () [File not signed]
FirewallRules: [TCP Query User{31C15189-853B-4FD1-9785-CD4BA7466DEC}D:\hry\resident evil 6\bh6.exe] => (Allow) D:\hry\resident evil 6\bh6.exe (QLOC S.A. -> CAPCOM U.S.A, INC.)
FirewallRules: [UDP Query User{427E429A-FF94-425D-B45B-7BECAFFF0F52}D:\hry\resident evil 6\bh6.exe] => (Allow) D:\hry\resident evil 6\bh6.exe (QLOC S.A. -> CAPCOM U.S.A, INC.)
FirewallRules: [TCP Query User{7F497768-CAD3-40CD-BFFC-BF0566178FE3}D:\torrenty\unrealtournament\system\unrealtournament.exe] => (Allow) D:\torrenty\unrealtournament\system\unrealtournament.exe () [File not signed]
FirewallRules: [UDP Query User{9734B959-F730-43EC-BEA4-D8009B29DF86}D:\torrenty\unrealtournament\system\unrealtournament.exe] => (Allow) D:\torrenty\unrealtournament\system\unrealtournament.exe () [File not signed]
FirewallRules: [TCP Query User{F77A0CB3-9822-4039-A07B-6281824C2746}D:\hry\re-volt\revolt.exe] => (Allow) D:\hry\re-volt\revolt.exe () [File not signed]
FirewallRules: [UDP Query User{492DA024-289C-4B42-A7FD-F2F6644B33BB}D:\hry\re-volt\revolt.exe] => (Allow) D:\hry\re-volt\revolt.exe () [File not signed]
FirewallRules: [TCP Query User{15C56349-24A4-49DA-A63D-545816C88B6D}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EC5140A5-C1B4-4416-916F-6B0FC2283C81}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{49F8A695-2874-4ABA-A778-90FC91A78DF1}D:\hry\starcraft\starcraft.exe] => (Allow) D:\hry\starcraft\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{88C24A85-AAC2-4AE7-990D-8D3C82A937E8}D:\hry\starcraft\starcraft.exe] => (Allow) D:\hry\starcraft\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{1F3CCB1E-8F68-4F70-967D-ABB7F69283E5}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{1CA98460-8A14-4819-8A0C-484098BE1BED}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{53F570C0-8280-4119-88CF-81F83AAA11A7}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [UDP Query User{1785E4C7-9447-438F-8B9E-A1C45D3773BC}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [{08D08BDA-B827-472A-9773-66D9CED2B113}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [{D6BFCF42-09AA-4D5C-BA2C-DAABB44BF654}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [{CF468021-E33B-4241-9775-BA546775A6B3}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [{C91CFB9F-9F6F-49B1-9D24-448F3E82D4F2}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [TCP Query User{26035BAE-949A-4A01-9FEE-2DFEB8797F04}D:\hry\the long dark redux\tld.exe] => (Allow) D:\hry\the long dark redux\tld.exe () [File not signed]
FirewallRules: [UDP Query User{2E32B9AA-F97D-4270-920F-51DA7FB32194}D:\hry\the long dark redux\tld.exe] => (Allow) D:\hry\the long dark redux\tld.exe () [File not signed]
FirewallRules: [TCP Query User{B9EC216A-3C11-4CB4-91C3-697A36400F38}D:\hry\generation zero\generationzero_f.exe] => (Allow) D:\hry\generation zero\generationzero_f.exe No File
FirewallRules: [UDP Query User{C3CF0FCC-F8E2-4511-BB49-5B2068146235}D:\hry\generation zero\generationzero_f.exe] => (Allow) D:\hry\generation zero\generationzero_f.exe No File
FirewallRules: [TCP Query User{893BA891-EDE0-4B7E-8B1D-4956A2982296}D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{C6DEB8C6-6A6C-41E3-9596-034402AD1053}D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [TCP Query User{502FD786-3C82-44AD-8A4F-3931D5FB20A1}D:\hry\pathologic 2\pathologic.exe] => (Allow) D:\hry\pathologic 2\pathologic.exe () [File not signed]
FirewallRules: [UDP Query User{F3F6F2C5-F5B2-47F8-AD17-3488ED6FA540}D:\hry\pathologic 2\pathologic.exe] => (Allow) D:\hry\pathologic 2\pathologic.exe () [File not signed]
FirewallRules: [TCP Query User{54EA9450-EC0E-4E2C-A650-1972C0D18B99}D:\programy\vlc\vlc.exe] => (Block) D:\programy\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F4F31476-DBEF-4829-B36E-0C84D4816323}D:\programy\vlc\vlc.exe] => (Block) D:\programy\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C016D840-6F04-415A-B77F-8EE1A671E113}C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe] => (Block) C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe No File
FirewallRules: [UDP Query User{341A39F6-804D-465E-B659-4EA1C480AA17}C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe] => (Block) C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe No File
FirewallRules: [{7C78ED41-8422-4ECB-B955-159A5F280223}] => (Allow) D:\Programy\Serviio\bin\ServiioService.exe () [File not signed]
FirewallRules: [{45B538A2-D820-4816-B661-00A32F5D07AA}] => (Allow) D:\Programy\Serviio\bin\ServiioService.exe () [File not signed]
FirewallRules: [{C69EF135-14AA-4B8E-B5F8-58303238CC6C}] => (Allow) D:\Programy\Serviio\console\ServiioConsole.exe (Six Lines Ltd) [File not signed]
FirewallRules: [TCP Query User{FB4E2A73-0961-44BC-9416-D8C395AA567C}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{5DD9619B-01E0-4A56-9823-3C618F31CF28}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{71965AF4-6BE5-4152-874A-C9C336128CE5}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.)
FirewallRules: [{DD36A8D8-DB63-49F6-8D1F-5AFC3234BCAB}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.)
FirewallRules: [{2704B3EB-FED7-4A38-8663-218A89CF786A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{8AB37FA7-3FA8-45A2-BFAF-403EC925EE7E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{F2675C78-4ECB-4C4C-9423-F838C88586BE}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [UDP Query User{947F47AC-1CC0-4264-911D-A4CBB457175B}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [{ACEADB87-0391-4C4A-9C42-ADFFF18598D3}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{58859756-3CA9-4A9F-8395-098F2F4DFCA8}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [TCP Query User{8332A415-8340-4F79-A445-5F14B90337F0}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [UDP Query User{91A911F6-1760-4581-B23F-D8C94CEB0A2F}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{9A203DCC-2B41-4904-870A-DE529DF8E0F6}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{F323963A-CBAB-41E3-AB26-99594F1235C1}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [TCP Query User{A0D240EE-CCA6-4D54-AF3B-1CD76B360F5A}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [UDP Query User{CF049E4D-0D75-4AA4-A861-15ED19C7941E}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{B1C60E8A-7F0B-496B-93A3-5EEBD82F5A37}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{26B1FD61-37FD-4042-B3FF-F5E69294DC69}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{7EE18F6E-3745-437C-9B48-30E29FDFC563}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{EC72324E-1826-4163-9F6F-810CEA078E91}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{DD630744-A8C0-415F-9222-AA310522481B}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{0F4BB519-BBD3-4FE8-80F7-730A343F382C}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{C9D67172-CB9A-4EAF-B0C9-1A9A526379B3}D:\hry\league of legends\game\league of legends.exe] => (Allow) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{2C6EC86A-25ED-48E6-9C9D-5052B50BE026}D:\hry\league of legends\game\league of legends.exe] => (Allow) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{26E6A814-CA1A-4A15-9BF0-A915E1581C63}] => (Block) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{D482C4D6-47A7-47C4-A05B-64C927DAB7EE}] => (Block) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{14D07B88-AE4E-4118-AD0F-160C64281257}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5497517C-FB94-4AE6-B150-D890C821621A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4E7FD89D-534B-4AE7-8EFE-4081BEA2F01C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C563E529-6CB0-43E1-BAA2-B4C3C278F2D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0258BC82-0DCA-44B8-83A5-51FA9C204F45}] => (Allow) D:\Programy\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{0FF824C8-788E-40C5-9D4F-DA2C758FFC71}] => (Allow) D:\Programy\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [TCP Query User{473A65DF-0808-4FFD-9106-1799CBC91472}D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe] => (Allow) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [UDP Query User{625694C9-8065-406E-BE7D-52711FE7BEA7}D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe] => (Allow) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{0ED47ADE-1842-4866-9B1C-64F8691B89E5}] => (Block) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{798260CB-8291-4732-B135-A37A4B78E455}] => (Block) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [TCP Query User{A69E505E-DEAD-406E-A938-4C395B4C3537}D:\hry\magic the gathering arena\mtga\mtga.exe] => (Allow) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{382F7492-77A0-4DBB-81CA-0B8F566F4D18}D:\hry\magic the gathering arena\mtga\mtga.exe] => (Allow) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{763EEB61-B42A-4736-BABD-4543C26BC109}] => (Block) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{E04B7BF6-DF0D-412C-B64D-B256CA3EC873}] => (Block) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{14EF704B-7A83-4D79-91DF-CE981ADA1515}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{D0DAB838-BD42-4B5A-82A0-661CAB3BC281}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{2E08A7FF-417B-49DD-BF81-5A4C4611F0E3}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{8B6EC600-6C27-4675-A0D0-E1176E60FBC5}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{D2B92D46-A059-4F69-BC96-42B715097E60}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{5019ADEB-A1CE-4BED-A50B-6ED80CC412BE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{BCE546DF-4F40-469C-B9A2-7F91AD359EF7}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{180E6DC9-9751-46BA-8082-47973A01A5C4}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [TCP Query User{197AC62A-1D4D-4F6D-8C97-7BCCA3D9CD3F}D:\hry\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{7EF957D6-B77B-4BB9-B00F-A6CF8E648F13}D:\hry\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{353C3518-9849-4359-A9B2-471609EC8F13}] => (Block) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{CC7394BA-097A-4D86-8167-AB0FCF3DA124}] => (Block) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{C99573D0-EDD0-4E4F-BDDD-9152E7836E27}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1BD8FC4F-73FC-4DE4-B3F2-A17534497796}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

16-10-2019 18:42:47 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2019 11:22:09 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/23/2019 12:36:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/21/2019 11:30:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/20/2019 11:59:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/18/2019 10:29:28 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/17/2019 10:10:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/16/2019 06:13:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/12/2019 09:19:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (10/25/2019 12:24:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5M56U6R)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-5M56U6R\WSS SID (S-1-5-21-1906486174-218330440-3877118835-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/25/2019 12:22:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/25/2019 12:22:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/25/2019 12:22:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/25/2019 12:22:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/25/2019 12:22:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Updates Services service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/25/2019 12:22:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WMPNetworkSvc service depends on the WSearch service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/25/2019 11:21:58 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5M56U6R)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-5M56U6R\WSS SID (S-1-5-21-1906486174-218330440-3877118835-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-10-07 14:14:05.340
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AA7FCDE9-CCCD-4E6C-BCAD-1B0A5EB712C8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-06 21:59:47.005
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {91F1A784-4408-4E81-8283-D5EAB66A54DC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-21 14:21:45.845
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_D:\Torrenty\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.301.1812.0, AS: 1.301.1812.0, NIS: 1.301.1812.0
Engine Version: AM: 1.1.16300.1, NIS: 1.1.16300.1

Date: 2019-09-07 12:48:54.989
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {11908B2E-B0D6-4B99-B5CF-C9002448FF20}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-03 19:38:29.067
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F39A2B3-A391-4ECD-8F65-F4D23C6A6161}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-10 09:15:33.196
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info ===========================

BIOS: American Megatrends Inc. B.10 09/06/2015
Motherboard: MSI B150 GAMING M3 (MS-7978)
Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 45%
Total physical RAM: 8131.67 MB
Available physical RAM: 4419.27 MB
Total Virtual: 14531.67 MB
Available Virtual: 9902.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:74.42 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:92.02 GB) NTFS
Drive h: (Download) (Fixed) (Total:465.75 GB) (Free:77.98 GB) NTFS

\\?\Volume{2204a4c2-526a-4c52-b4b0-5f4f1c77da72}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{96c8097e-4afe-45ac-b01c-2f1cd1ce3a7a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BE794183)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#4 Příspěvek od WhySoSad »

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-10-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-25-2019
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\WSS\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [10479 octets] - [25/10/2019 17:22:08]
AdwCleaner[S00].txt - [1512 octets] - [25/10/2019 17:23:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#5 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#6 Příspěvek od WhySoSad »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2019
Ran by WSS (administrator) on DESKTOP-5M56U6R (MSI MS-7978) (26-10-2019 11:24:09)
Running from C:\Users\WSS\Desktop
Loaded Profiles: WSS (Available Profiles: WSS)
Platform: Windows 10 Pro Version 1709 16299.726 (X64) Language: English (United States)
Default browser: "C:\Users\WSS\AppData\Local\Brave\Brave.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
() [File not signed] D:\Programy\Serviio\bin\ServiioService.exe
() [File not signed] D:\Programy\Serviio\bin\ServiioService.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(alch) [File not signed] C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) D:\Programy\Daemon Tools\DTShellHlp.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) D:\Programy\DisplayFusion\DisplayFusion.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) D:\Programy\DisplayFusion\DisplayFusionHookApp32.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) D:\Programy\DisplayFusion\DisplayFusionHookApp64.exe
(Binary Fortress Software Ltd. -> Binary Fortress Software) D:\Programy\DisplayFusion\DisplayFusionService.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(LogMeIn, Inc. -> LogMeIn Inc.) D:\Programy\Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) D:\Programy\Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.541_none_16e8222032163850\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(remotemouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(RemoteMouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [193024 2019-10-10] (Microsoft Corporation) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [winlogui] => C:\Windows\system32\winlogui.exe [1803776 2019-10-12] (Microsoft Corporation) [File not signed]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2019-01-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [HKLM] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [61370712 2019-08-18] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2018-03-03] (alch) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (AVG Netherlands B.V) <==== ATTENTION
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (Zemana) <==== ATTENTION
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3211040 2019-10-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Discord] => C:\Users\WSS\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\Daemon Tools\DTAgent.exe [731240 2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7415880 2018-12-21] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [HKCU] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [World of Tanks] => D:\Hry\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Spotify] => C:\Users\WSS\AppData\Roaming\Spotify\Spotify.exe [21348768 2019-10-12] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () [File not signed]
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Run: [DisplayFusion] => D:\Programy\DisplayFusion\DisplayFusion.exe [10531216 2019-05-22] (Binary Fortress Software Ltd. -> Binary Fortress Software)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [1988240 2019-10-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [1988240 2019-10-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {2e39f8a0-d111-11e8-aebc-001a7dda7111} - "J:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd3a-c199-11e8-aeb2-001a7dda7111} - "E:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd5f-c199-11e8-aeb2-001a7dda7111} - "F:\SETUP.EXE"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a18f-fcb6-11e8-aebe-001a7dda7111} - "G:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a6b5-fcb6-11e8-aebe-001a7dda7111} - "I:\setup.exe"
HKU\S-1-5-18\...\Run: [HKCU] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.70\Installer\chrmstp.exe [2019-10-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\78.0.70.121\Installer\chrmstp.exe [2019-10-25] (Brave Software, Inc.) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{5460C4DF-B266-909E-CB58-E32B79832EB2}] -> C:\Windows\servicing\Skype.exe [2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {035AA5F5-9948-48A7-93CA-94DD82407DB3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0624B00B-4DEE-49A0-886A-2AF651634E1E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {08BAF982-D128-4445-AE17-A82B7CD39DFD} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0B87BD83-C26D-4045-B641-91C4E9710535} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1290204E-2276-40E5-8D73-CC42CA77DC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {246D0244-085E-47E2-82F1-B52D1E10D84E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2756B475-E29F-4729-825D-4B06B60F0E33} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-5M56U6R-WSS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {30BC7B81-FA8D-4E3C-A2CD-D8302526E820} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
Task: {38F779C1-19C2-42CA-8477-20CFF2D7ECC2} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {503CD507-1501-4C91-83CA-A8593B7F78C0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6313BD33-5FEE-4DE4-92BD-C8E47BACC236} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {663C7A32-A621-45AA-869D-7E66ECBA0B75} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {6908B132-02CC-49B3-9AC2-6C6B1A99B224} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E6C9837-2119-48E4-8A77-9457C2BD1D39} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {927E48A7-09A4-4D29-B924-2B4D91533A97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {95560CEF-FD13-4997-9B6D-6C8039ED847F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A51BA0F-7977-48B6-9902-1BD8A34AFC6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_pepper.exe [1453112 2019-10-09] (Adobe Inc. -> Adobe)
Task: {9AD39663-46A8-471F-8784-9CCB39224A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {9F85567E-F56C-4735-9EDA-357732E21939} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1486370-AFFE-4778-948F-BDB06DA12276} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B99A9ED9-C642-43C5-84B8-CE56B3772A66} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BA8D312A-C367-4B51-89D9-39AF180EBD35} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {DAE735AB-812B-4146-BFD1-9FEC9CCCA435} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E3A6E576-689A-4213-BBAE-9DEAC4074C5C} - System32\Tasks\KMS_VL_ALL => C:\Windows\schemas\Scripts\KMS_VL_ALL.cmd
Task: {F0140363-C57A-4A59-95E8-9811A67C6C6B} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {F5029CA6-6509-4282-A4AA-DF2231D8FFE6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{293e1a5d-ad83-4df8-bffc-d2ddfd8ff2d3}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programy\Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Programy\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Programy\Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-08] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> D:\Programy\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> D:\Programy\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default [2019-10-24]
CHR Extension: (Slides) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-10]
CHR Extension: (Docs) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-10]
CHR Extension: (Google Drive) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-10]
CHR Extension: (YouTube) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-10]
CHR Extension: (Sheets) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-22]
CHR Extension: (Video DownloadHelper) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2019-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07]
CHR Extension: (Gmail) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\WSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7361312 2018-10-17] (BattlEye Innovations e.K. -> )
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2019-02-23] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-21] (Brave Software, Inc. -> BraveSoftware Inc.)
R3 Disc Soft Lite Bus Service; D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe [3648616 2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DisplayFusionService; D:\Programy\DisplayFusion\DisplayFusionService.exe [7037344 2019-05-22] (Binary Fortress Software Ltd. -> Binary Fortress Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-07-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-21] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-21] (GOG Sp. z o.o. -> GOG.com)
R2 Hamachi2Svc; D:\Programy\Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2348336 2019-10-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3228976 2019-10-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [11264 2019-07-25] () [File not signed]
R2 Serviio; D:\Programy\Serviio\bin\ServiioService.exe [413696 2019-05-15] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WSearch; C:\Windows\system32\SearchIndexer.exe [982016 2018-04-15] (Access Denied) [File not signed]
S3 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 Windows Updates Services; C:\Windows\servicing\starter.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2018-09-26] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2018-09-26] (Disc Soft Ltd -> Disc Soft Ltd)
S3 fwdrv; C:\Windows\system32\DRIVERS\fwdrv.sys [27840 2014-03-22] (Web Solution Mart -> Web Solution Mart)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-02-11] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 hfFilter; C:\Windows\System32\drivers\hfFilter.sys [34400 2017-02-05] (Access Denied) [File not signed]
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2017-09-29] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_67c16e22f0dab361\nvlddmkm.sys [22734744 2019-10-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1999-11-04] () [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-25 23:50 - 2019-10-25 23:50 - 000075919 _____ C:\Users\WSS\Desktop\Scary Stories to Tell in the Dark.2019.cz.sub.1080p.WEB-DL.H264.srt
2019-10-25 23:44 - 2019-10-25 23:45 - 3831513734 _____ C:\Users\WSS\Desktop\Scary Stories to Tell in the Dark.2019.cz.sub.1080p.WEB-DL.H264.mkv
2019-10-25 18:43 - 2019-10-25 18:43 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-10-25 18:43 - 2019-10-25 18:43 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2019-10-25 18:43 - 2019-10-25 18:43 - 000000000 ____D C:\Windows\system32\RTCOM
2019-10-25 18:43 - 2019-10-25 18:43 - 000000000 ____D C:\Windows\system32\DAX3
2019-10-25 18:43 - 2019-10-25 18:43 - 000000000 ____D C:\Windows\system32\DAX2
2019-10-25 18:43 - 2019-10-25 18:43 - 000000000 ____D C:\ProgramData\Audyssey Labs
2019-10-25 18:43 - 2019-10-25 18:43 - 000000000 ____D C:\Program Files\Realtek
2019-10-25 18:42 - 2019-10-25 18:43 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-10-25 18:42 - 2019-10-25 18:42 - 289890400 _____ C:\Users\WSS\Desktop\realtek_nahimic_audio.zip
2019-10-25 18:42 - 2019-10-25 18:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-25 18:42 - 2019-10-25 18:42 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-10-25 18:42 - 2019-03-25 11:24 - 000000000 ____D C:\Users\WSS\Desktop\realtek_nahimic_audio_6.0.1.8619
2019-10-25 18:42 - 2019-01-16 22:59 - 072520816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2019-10-25 18:42 - 2019-01-16 22:59 - 007178568 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 007101848 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 006554632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2019-10-25 18:42 - 2019-01-16 22:59 - 006270296 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 003677264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2019-10-25 18:42 - 2019-01-16 22:59 - 003159880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 002930248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 001159280 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 001003960 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000416608 _____ (Harman) C:\Windows\system32\HMUI.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000378488 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000266656 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000154464 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000122424 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000118696 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000105408 _____ C:\Windows\system32\audioLibVc.dll
2019-10-25 18:42 - 2019-01-16 22:59 - 000023824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 015218720 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 007748824 _____ (ICEpower A/S) C:\Windows\system32\ICEsoundAPO64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 006463288 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 005939016 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 005593720 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 003765632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 003445848 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 003340000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 003306920 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 003284752 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 003168488 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 002198080 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001788088 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001598504 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001435240 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001396272 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001382344 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001353424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001337744 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001318952 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001282656 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001180624 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001110280 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001073776 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 001027928 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000965128 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000873568 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000852240 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000734880 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000715752 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000692272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000604904 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000541216 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000511536 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000467256 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000453376 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000452632 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000447280 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000406560 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000392976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000381512 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000366224 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000360448 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000343808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000341248 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000341248 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000327376 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000327376 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000261128 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000261096 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000260104 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000232016 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000230808 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000220488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000218376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000203944 _____ (Harman) C:\Windows\system32\HMHVS.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000193088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000191040 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000191040 _____ (Harman) C:\Windows\system32\HMEQ.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000179696 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000175048 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000158800 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000157448 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000139864 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000116640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000094032 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000091016 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000090296 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000088424 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000083728 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2019-10-25 18:42 - 2019-01-16 18:59 - 000075648 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 005346888 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 002992080 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 002444576 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001971264 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001965048 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001610848 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOv251gm.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001544144 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001516160 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001372280 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001287496 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOvlldpgm.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 001259624 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 000751192 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 000448496 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 000367504 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 000332904 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 000315872 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 000278160 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2019-10-25 18:42 - 2019-01-16 18:58 - 000184216 _____ (ASUSTeK COMPUTER INC.) C:\Windows\system32\ATKWMI.dll
2019-10-25 18:42 - 2019-01-16 18:32 - 026013220 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2019-10-25 18:42 - 2019-01-16 18:32 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2019-10-25 18:42 - 2018-01-15 08:40 - 002856800 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2019-10-25 17:44 - 2019-10-25 17:44 - 000000976 _____ C:\Users\Public\Desktop\DisplayFusion.lnk
2019-10-25 17:44 - 2019-10-25 17:44 - 000000976 _____ C:\ProgramData\Desktop\DisplayFusion.lnk
2019-10-25 17:44 - 2019-10-25 17:44 - 000000000 __SHD C:\Users\WSS\AppData\Roaming\Common
2019-10-25 17:44 - 2019-10-25 17:44 - 000000000 ____D C:\Users\WSS\AppData\Local\DisplayFusion
2019-10-25 17:44 - 2019-10-25 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2019-10-25 17:44 - 2019-10-25 17:44 - 000000000 ____D C:\ProgramData\Binary Fortress Software
2019-10-25 17:43 - 2019-10-25 17:43 - 021999096 _____ (Binary Fortress Software ) C:\Users\WSS\Desktop\DisplayFusionSetup-9.5c.exe
2019-10-25 17:26 - 2019-10-26 11:20 - 000003200 _____ C:\Windows\system32\Tasks\KMS_VL_ALL
2019-10-25 17:22 - 2019-10-25 17:24 - 000000000 ____D C:\AdwCleaner
2019-10-25 17:22 - 2019-10-25 17:22 - 007622344 _____ (Malwarebytes) C:\Users\WSS\Desktop\AdwCleaner.exe
2019-10-25 13:22 - 2019-10-18 00:39 - 004205272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 011838848 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 010164096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 001074080 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 001074080 _____ C:\Windows\system32\vulkan-1.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 000931744 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 000931744 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 000848800 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-10-25 13:22 - 2019-10-17 21:45 - 000848800 _____ C:\Windows\system32\vulkaninfo.exe
2019-10-25 13:22 - 2019-10-17 21:45 - 000706464 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-10-25 13:22 - 2019-10-17 21:45 - 000706464 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-10-25 13:22 - 2019-10-17 21:45 - 000450464 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-10-25 13:22 - 2019-10-17 21:45 - 000353368 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-10-25 13:22 - 2019-10-17 21:44 - 000824920 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-10-25 13:22 - 2019-10-17 21:44 - 000677064 _____ C:\Windows\system32\nvofapi64.dll
2019-10-25 13:22 - 2019-10-17 21:44 - 000545368 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 040510664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 035379912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 017460608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 015028424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 005380512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 004716416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 002074712 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 001733080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444097.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 001567888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 001491360 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444097.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 001482656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 001370712 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 001144736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 001064864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 000813016 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 000685016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 000659544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-10-25 13:22 - 2019-10-17 21:43 - 000556984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-10-25 12:56 - 2019-10-25 18:15 - 000000000 ____D C:\Users\WSS\Documents\Call of Duty Modern Warfare
2019-10-25 12:51 - 2019-10-26 11:24 - 000035649 _____ C:\Users\WSS\Desktop\FRST.txt
2019-10-25 12:51 - 2019-10-25 12:52 - 000063693 _____ C:\Users\WSS\Desktop\Addition.txt
2019-10-25 12:50 - 2019-10-26 11:24 - 000000000 ____D C:\FRST
2019-10-25 12:43 - 2019-10-25 12:43 - 000000000 ____D C:\rsit
2019-10-25 12:43 - 2019-10-25 12:43 - 000000000 ____D C:\Program Files\trend micro
2019-10-25 12:41 - 2019-10-25 12:41 - 001617920 _____ (Farbar) C:\Users\WSS\Desktop\FRST64.exe
2019-10-25 12:41 - 2019-10-25 12:41 - 001222144 _____ C:\Users\WSS\Desktop\RSITx64.exe
2019-10-25 12:35 - 2019-10-25 12:35 - 000397241 _____ C:\Users\WSS\Desktop\roex.zip
2019-10-25 12:35 - 2017-03-29 22:20 - 000000000 ____D C:\Users\WSS\Desktop\Windows 8 and above
2019-10-25 12:21 - 2019-10-25 12:21 - 000000631 _____ C:\Users\Public\Desktop\Call of Duty Modern Warfare.lnk
2019-10-25 12:21 - 2019-10-25 12:21 - 000000631 _____ C:\ProgramData\Desktop\Call of Duty Modern Warfare.lnk
2019-10-25 12:21 - 2019-10-25 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare
2019-10-22 16:59 - 2019-10-22 17:15 - 000000000 ____D C:\Users\WSS\Documents\Parkitect
2019-10-22 16:59 - 2019-10-22 16:59 - 000000679 _____ C:\Users\WSS\Desktop\Parkitect.lnk
2019-10-22 16:59 - 2019-10-22 16:59 - 000000000 ____D C:\Users\WSS\AppData\LocalLow\Texel Raptor
2019-10-22 16:59 - 2019-10-22 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parkitect
2019-10-22 11:24 - 2019-10-22 11:24 - 000000000 ____D C:\Users\WSS\AppData\Local\ChernobylGame
2019-10-22 11:22 - 2019-10-22 11:22 - 000000800 _____ C:\Users\Public\Desktop\Chernobylite.lnk
2019-10-22 11:22 - 2019-10-22 11:22 - 000000800 _____ C:\ProgramData\Desktop\Chernobylite.lnk
2019-10-22 11:22 - 2019-10-22 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chernobylite [GOG.com]
2019-10-21 18:35 - 2019-10-21 18:36 - 000000000 ____D C:\Users\WSS\AppData\Roaming\.clamwin
2019-10-21 18:35 - 2019-10-21 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2019-10-21 18:34 - 2019-10-21 18:34 - 000000000 ____D C:\ProgramData\.clamwin
2019-10-21 18:34 - 2019-10-21 18:34 - 000000000 ____D C:\Program Files (x86)\ClamWin
2019-10-21 18:27 - 2019-10-21 18:27 - 000000000 ____D C:\Users\WSS\AppData\Local\mbam
2019-10-21 18:26 - 2019-10-21 18:26 - 000000000 ____D C:\Users\WSS\AppData\Local\mbamtray
2019-10-21 18:23 - 2019-10-21 18:23 - 066367928 _____ (Malwarebytes ) C:\Users\WSS\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.627-1.0.12633.exe
2019-10-20 17:05 - 2019-10-20 17:07 - 2331411963 _____ C:\Users\WSS\Downloads\BrokenDreamers-042-pc.zip
2019-10-18 18:32 - 2019-10-18 18:32 - 000000723 _____ C:\Users\WSS\Desktop\Slay the Spire.lnk
2019-10-18 18:32 - 2019-10-18 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slay the Spire
2019-10-12 20:46 - 2019-10-12 20:46 - 001931264 _____ (Microsoft Corporation) C:\Windows\system32\winscomrssrv.dll
2019-10-12 20:46 - 2019-10-12 20:46 - 000000024 _____ C:\Windows\system32\WinUpdates105.dat
2019-10-12 20:46 - 2019-10-12 20:46 - 000000003 _____ C:\Windows\system32\wdbcache.tmp
2019-10-10 09:15 - 2019-10-12 20:46 - 001803776 _____ (Microsoft Corporation) C:\Windows\system32\winlogui.exe
2019-10-10 09:15 - 2019-10-10 09:15 - 002619392 _____ (Microsoft Corporation) C:\Windows\system32\StartupCheckLibrary.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001726720 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443648.dll
2019-10-09 21:18 - 2019-09-27 23:13 - 001491144 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443648.dll
2019-10-09 21:18 - 2019-09-27 20:19 - 000047272 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-10-07 20:41 - 2019-10-07 20:42 - 000000000 ____D C:\Program Files (x86)\Remote Mouse
2019-10-07 20:41 - 2019-10-07 20:41 - 000001119 _____ C:\Users\Public\Desktop\Remote Mouse.lnk
2019-10-07 20:41 - 2019-10-07 20:41 - 000001119 _____ C:\ProgramData\Desktop\Remote Mouse.lnk
2019-10-07 20:41 - 2019-10-07 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse
2019-10-07 16:47 - 2019-10-07 16:47 - 000000000 ____D C:\Users\WSS\AppData\LocalLow\Wizards Of The Coast
2019-10-07 16:45 - 2019-10-07 16:45 - 000000000 ____D C:\Users\WSS\Documents\Gatewatch_Logs
2019-10-07 16:45 - 2019-10-07 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
2019-10-07 16:44 - 2019-10-07 16:45 - 000000875 _____ C:\Users\WSS\Desktop\MTG Arena.lnk
2019-10-03 17:44 - 2019-10-23 14:36 - 000003518 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2019-10-03 17:44 - 2019-10-22 23:14 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-10-03 17:44 - 2019-10-22 23:14 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2019-09-29 00:51 - 2011-10-27 07:31 - 192698806 _____ C:\Users\WSS\Desktop\FOTBAL.avi
2019-09-29 00:51 - 2009-10-31 20:26 - 057528948 _____ C:\Users\WSS\Desktop\Můj film.avi
2019-09-29 00:51 - 2008-06-25 19:34 - 046290142 _____ C:\Users\WSS\Desktop\DVR037.AVI
2019-09-28 21:02 - 2019-09-28 21:03 - 000000000 ____D C:\Users\WSS\Desktop\GeneRally
2019-09-28 15:39 - 2019-09-28 15:39 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2019-09-28 15:39 - 2019-09-28 15:39 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-26 11:20 - 2018-09-22 18:08 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-26 11:19 - 2019-07-23 10:15 - 000000000 ___RD C:\Users\WSS\Creative Cloud Files
2019-10-26 11:19 - 2018-09-25 13:29 - 000000000 ____D C:\Users\WSS\AppData\Local\Adobe
2019-10-26 11:18 - 2017-11-28 05:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-25 23:55 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI
2019-10-25 23:51 - 2018-09-26 17:17 - 000000000 ____D C:\Users\WSS\AppData\Roaming\qBittorrent
2019-10-25 23:34 - 2019-02-23 21:11 - 000000000 ____D C:\Users\WSS\AppData\Local\Battle.net
2019-10-25 23:34 - 2019-02-23 21:09 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-10-25 23:27 - 2018-11-27 20:57 - 000000000 ____D C:\Users\WSS\AppData\Roaming\TS3Client
2019-10-25 18:43 - 2019-06-08 23:36 - 000000000 ____D C:\Windows\LastGood
2019-10-25 18:43 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2019-10-25 18:18 - 2018-10-16 09:57 - 000000000 ____D C:\Users\WSS\AppData\Local\CrashDumps
2019-10-25 18:13 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\LiveKernelReports
2019-10-25 17:50 - 2017-11-28 05:44 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-10-25 17:30 - 2017-11-28 05:51 - 003031780 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-25 17:26 - 2018-10-16 09:03 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-10-25 17:24 - 2018-09-22 18:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-10-25 14:21 - 2018-09-25 13:23 - 000000000 ____D C:\Users\WSS\AppData\Roaming\discord
2019-10-25 13:23 - 2018-09-24 17:25 - 000000000 ____D C:\Users\WSS\AppData\Local\NVIDIA
2019-10-25 13:06 - 2018-09-22 18:19 - 000000000 ____D C:\Users\WSS\AppData\Roaming\brave
2019-10-25 13:05 - 2019-02-23 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2019-10-25 13:01 - 2019-02-23 21:11 - 000000000 ____D C:\Users\WSS\AppData\Roaming\Battle.net
2019-10-25 12:15 - 2019-03-26 18:38 - 000000722 __RSH C:\ProgramData\ntuser.pol
2019-10-25 12:09 - 2018-12-21 20:54 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-10-25 12:09 - 2018-12-21 20:54 - 000002377 _____ C:\Users\Public\Desktop\Brave.lnk
2019-10-25 12:09 - 2018-12-21 20:54 - 000002377 _____ C:\ProgramData\Desktop\Brave.lnk
2019-10-25 11:23 - 2019-02-23 21:11 - 000000000 ____D C:\Users\WSS\AppData\Local\Blizzard Entertainment
2019-10-25 11:23 - 2019-02-23 21:09 - 000000000 ____D C:\Users\WSS\AppData\Local\Blizzard
2019-10-23 22:57 - 2018-11-10 10:51 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-22 12:52 - 2018-10-03 18:44 - 000000000 ____D C:\Users\WSS\AppData\LocalLow\Mozilla
2019-10-22 12:03 - 2018-10-12 22:31 - 000001320 _____ C:\Users\Public\Desktop\Gwent.lnk
2019-10-22 12:03 - 2018-10-12 22:31 - 000001320 _____ C:\ProgramData\Desktop\Gwent.lnk
2019-10-22 12:03 - 2018-10-12 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2019-10-22 11:00 - 2019-04-09 22:21 - 000000246 _____ C:\Windows\HFIT.hff
2019-10-21 18:32 - 2017-09-29 15:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-10-20 20:03 - 2019-02-22 01:12 - 000000000 ____D C:\Users\WSS\AppData\Roaming\vlc
2019-10-20 17:09 - 2018-10-11 09:11 - 000000000 ____D C:\Users\WSS\AppData\Roaming\RenPy
2019-10-20 16:54 - 2019-03-29 22:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-10-18 00:39 - 2017-11-09 04:25 - 004936088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-10-17 02:28 - 2017-11-09 03:57 - 000056045 _____ C:\Windows\system32\nvinfo.pb
2019-10-17 00:45 - 2018-09-22 18:08 - 005524464 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-10-17 00:45 - 2018-09-22 18:08 - 002636656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-10-17 00:44 - 2018-09-22 18:08 - 001767464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-10-17 00:44 - 2018-09-22 18:08 - 000655216 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-10-17 00:44 - 2018-09-22 18:08 - 000450872 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-10-17 00:44 - 2018-09-22 18:08 - 000124784 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-10-17 00:44 - 2018-09-22 18:08 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-10-16 18:33 - 2018-09-23 12:32 - 000000000 ____D C:\Program Files (x86)\Origin
2019-10-16 17:35 - 2019-03-29 22:33 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-10-16 17:32 - 2019-02-23 13:02 - 000000000 ____D C:\Users\WSS\AppData\Local\LogMeIn Hamachi
2019-10-14 15:26 - 2018-09-22 18:08 - 008750052 _____ C:\Windows\system32\nvcoproc.bin
2019-10-12 22:45 - 2018-11-22 21:35 - 000000000 ____D C:\Users\WSS\AppData\Local\Spotify
2019-10-12 22:25 - 2018-11-22 21:35 - 000000000 ____D C:\Users\WSS\AppData\Roaming\Spotify
2019-10-10 11:58 - 2018-09-22 18:16 - 000000000 ____D C:\Users\WSS
2019-10-10 09:15 - 2017-09-29 15:46 - 000000000 ___RD C:\Program Files\Windows Defender
2019-10-09 21:36 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2019-10-09 21:21 - 2018-09-22 18:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-10-09 21:20 - 2018-09-22 18:08 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-10-09 20:43 - 2018-09-25 13:29 - 000004596 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-10-09 20:43 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-10-09 20:43 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-08 17:25 - 2018-11-10 10:50 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-08 17:25 - 2018-11-10 10:50 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-08 17:25 - 2018-11-10 10:50 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-06 18:55 - 2019-07-23 10:06 - 000001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2019-10-06 18:55 - 2019-03-29 22:33 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-10-06 18:55 - 2018-10-16 09:03 - 000000000 ____D C:\Program Files\Adobe
2019-10-02 18:41 - 2018-09-24 16:54 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-09-27 20:19 - 2017-11-09 04:38 - 001683032 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-09-27 20:19 - 2017-11-09 04:38 - 000228792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-09-26 18:32 - 2018-09-22 18:16 - 000000000 ____D C:\Users\WSS\AppData\Roaming\Adobe

==================== Files in the root of some directories ================

2019-09-18 16:32 - 2019-09-18 16:35 - 000000034 _____ () C:\Users\WSS\AppData\Roaming\AdobeWLCMCache.dat
2019-02-16 15:21 - 2019-02-16 15:21 - 000000000 ___SH () C:\Users\WSS\AppData\Local\LumaEmu
2019-07-23 10:14 - 2019-07-23 10:14 - 000000000 _____ () C:\Users\WSS\AppData\Local\oobelibMkey.log

==================== FLock ================

2018-04-15 22:04 C:\Windows\system32\SearchIndexer.exe
2019-10-22 11:00 C:\Windows\HFIT.hff
2017-02-05 20:30 C:\Windows\system32\Drivers\hfFilter.sys

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\servicing\Skype.exe [2018-08-04] <==== ATTENTION

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-25 12:10
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2019
Ran by WSS (26-10-2019 11:25:05)
Running from C:\Users\WSS\Desktop
Windows 10 Pro Version 1709 16299.726 (X64) (2018-09-22 16:07:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1906486174-218330440-3877118835-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1906486174-218330440-3877118835-503 - Limited - Disabled)
Guest (S-1-5-21-1906486174-218330440-3877118835-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1906486174-218330440-3877118835-504 - Limited - Disabled)
WSS (S-1-5-21-1906486174-218330440-3877118835-1002 - Administrator - Enabled) => C:\Users\WSS

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20048 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
Ancestors The Humankind Odyssey (HKLM-x32\...\Ancestors The Humankind Odyssey_is1) (Version: - )
BANNERMEN (HKLM\...\YmFubmVybWVu_is1) (Version: 1 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlestate Games Launcher 0.5.7.495 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 0.5.7.495 - Battlestate Games)
Blair Witch (HKLM-x32\...\Blair Witch_is1) (Version: - )
Blair Witch (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Blair Witch) (Version: - HOODLUM)
BobsTrackBuilder (HKLM-x32\...\{ECDF8120-703D-4A96-B36C-A565419B3900}) (Version: 1.0.0 - Bobs Track Builder)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 78.0.70.121 - Brave Software Inc)
Brave (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Brave) (Version: 0.27.3 - Brave Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.73.1084 - AB Team, d.o.o.)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
Chernobylite (HKLM-x32\...\1472128402_is1) (Version: 20591 - GOG.com)
Cities Skylines Campus (HKLM-x32\...\Cities Skylines Campus_is1) (Version: - )
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
ClamWin Free Antivirus 0.99.4 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Community Modpack for Mafia: The City of Lost Heaven (HKLM-x32\...\Community Modpack for Mafia: The City of Lost Heaven_is1) (Version: - Rimsky)
Control (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Control) (Version: - HOODLUM)
CrystalDiskInfo 8.2.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.2.0 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0630 - Disc Soft Ltd)
Darksiders III (HKLM-x32\...\Darksiders III_is1) (Version: - )
Darkwood (HKLM-x32\...\Darkwood_is1) (Version: - )
DawnOfMan (HKLM-x32\...\1899257943_is1) (Version: 1.0.0 - GOG.com)
Discord (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayFusion 9.5 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.5.0.0 - Binary Fortress Software)
Divinity Original Sin 2 Definitive Edition (HKLM-x32\...\Divinity Original Sin 2 Definitive Edition_is1) (Version: - )
Dont Starve Together (HKLM-x32\...\Dont Starve Together_is1) (Version: - )
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.10.2.2003 - Battlestate Games)
Exanima (HKLM-x32\...\1470768488_is1) (Version: 0.7.0.6c - GOG.com)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Gwent (HKLM-x32\...\1971477531_is1) (Version: 4.0.3 - GOG.com)
Hotline Miami 2 - Wrong Number (HKLM-x32\...\1424773427_is1) (Version: 2.0.0.1 - GOG.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Into the Breach (HKLM-x32\...\2004253604_is1) (Version: 1.0.06 - GOG.com)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version: - )
Lagarith lossless video codec (Remove Only) (HKLM\...\LAGARITH) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Mafia (HKLM-x32\...\{C72D7008-266D-4DD8-BF3C-296B736127F6}) (Version: 1.02 - )
Men of War Assault Squad 2 - Cold War (HKLM\...\TinyISO - Men of War Assault Squad 2 - Cold War) (Version: - TinyISO)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
MISERY version 2.2 (HKLM-x32\...\MISERY_is1) (Version: 2.2 - MISERY Development Team)
MPC-BE x64 1.5.3.4488 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.5.3.4488 - MPC-BE Team)
MTG Arena (HKLM-x32\...\{F62E5477-A813-448F-AD6C-34FB7C31E360}) (Version: 0.1.1805 - Wizards of the Coast)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Graphics Driver 440.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 440.97 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
Online Plug-in (HKLM-x32\...\{2E9881CA-E41C-45E5-8055-61A4CC1BF93F}) (Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.50.31938 - Electronic Arts, Inc.)
Outward (HKLM\...\b3V0d2FyZA_is1) (Version: 1 - )
Parkitect (HKLM-x32\...\Parkitect_is1) (Version: - )
Pathologic 2 (HKLM-x32\...\Pathologic 2_is1) (Version: - )
Portal 2 (HKLM-x32\...\AC7F4E43-1023-443F-9746-58A93E04D896_is1) (Version: 1.0.0.0 - )
qBittorrent 4.1.3 (HKLM-x32\...\qBittorrent) (Version: 4.1.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8619 - Realtek Semiconductor Corp.)
Remote Mouse version 3.012 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.012 - Remote Mouse)
Resident Evil 2 (HKLM-x32\...\Resident Evil 2_is1) (Version: - )
Resident Evil 6 version 1 (HKLM-x32\...\UmVzaWRlbnQgRXZpbCA2_is1) (Version: 1 - )
Re-Volt (HKLM-x32\...\GOGPACKREVOLT_is1) (Version: 2.1.0.5 - GOG.com)
rFactor (remove only) (HKLM-x32\...\rFactor) (Version: - )
S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\1207660583_is1) (Version: 2.1.0.17 - GOG.com)
SecretFolder version 6.5.0.0 (HKLM-x32\...\SecretFolder_is1) (Version: 6.5.0.0 - hxxp://ohsoft.net/)
Self-service Plug-in (HKLM-x32\...\{7A029AB7-8CC4-4FE8-904F-A090248C1BC7}) (Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Serviio (HKLM\...\Serviio) (Version: 2.0 - Six Lines Ltd)
Slay the Spire (HKLM-x32\...\Slay the Spire_is1) (Version: - )
Spotify (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\Spotify) (Version: 1.1.16.522.g55a4b852 - Spotify AB)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 4 Gold Edition (HKLM-x32\...\1409964317_is1) (Version: 2.0.0.4 - GOG.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
Tetris Effect (HKLM-x32\...\Tetris Effect_is1) (Version: - )
The Hong Kong Massacre (HKLM-x32\...\The Hong Kong Massacre_is1) (Version: - )
The Long Dark Redux (HKLM-x32\...\The Long Dark Redux_is1) (Version: - )
They Are Billions (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\They Are Billions) (Version: - HOODLUM)
Tropico 6 (HKLM-x32\...\Tropico 6_is1) (Version: - )
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{91684B6D-153D-4C12-B6B1-59F7496BE44A}) (Version: 2.50.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 69.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
Wreckfest (HKLM-x32\...\Wreckfest_is1) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-23] (Adobe Systems Incorporated)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1341.1.0_x86__kgqvnymyfvs32 [2018-09-22] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.123.200.0_x86__kgqvnymyfvs32 [2018-09-22] (king.com)
CnX Player -> C:\Program Files\WindowsApps\PATHWINSOFTWAREPRIVATELIM.CnXPlayer_3.5.0.0_x86__9xc72fbp6jsh6 [2019-06-04] (PATHWIN SOFTWARE PRIVATE LIMITED) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.3.301.0_x64__rz1tebttyb220 [2018-09-22] (Dolby Laboratories)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.25.2503.0_x86__ytsefhwckbdv6 [2018-10-11] (G5 Entertainment AB)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10827.20137.0_x64__8wekyb3d8bbwe [2018-10-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-04] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.27.2643.0_x64__8wekyb3d8bbwe [2018-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.8172.0_x86__8wekyb3d8bbwe [2018-09-22] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-09-22] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-262B826FBF50} -> [Creative Cloud Files] => C:\Users\WSS\Creative Cloud Files [2019-07-23 10:15]
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\WSS\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\WSS\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\WSS\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1906486174-218330440-3877118835-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => D:\Programy\Daemon Tools\DTShl64.dll [2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => D:\Programy\Daemon Tools\DTShl64.dll [2018-09-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-10-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] () [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\Winrar\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2012-05-18] ( ) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189952 2017-09-29] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) ==============

2019-10-21 18:34 - 2008-04-19 17:35 - 000080384 _____ () [File not signed] C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2019-10-21 18:34 - 2005-02-08 17:23 - 000979005 _____ () [File not signed] C:\Program Files (x86)\ClamWin\bin\python23.dll
2019-10-21 18:34 - 2004-05-25 21:17 - 000622651 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2019-10-21 18:34 - 2004-01-15 14:45 - 000061440 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2019-10-21 18:34 - 2004-05-25 21:18 - 000049212 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2019-10-21 18:34 - 2004-05-25 21:18 - 000057401 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2019-10-21 18:34 - 2004-05-25 21:18 - 000495616 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2019-10-21 18:34 - 2004-05-25 21:20 - 000036864 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2019-10-21 18:34 - 2004-05-25 21:19 - 000045117 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2019-10-21 18:34 - 2003-08-10 09:14 - 000061440 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2019-10-21 18:34 - 2004-10-11 20:22 - 000315392 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2019-10-21 18:34 - 2004-10-11 20:21 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2019-10-21 18:34 - 2004-11-20 03:27 - 000106496 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\shell.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000069632 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000024576 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000077824 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000086016 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000024576 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000036864 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2019-10-21 18:34 - 2004-11-20 03:27 - 000065536 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2019-10-21 18:34 - 2003-10-01 13:40 - 002240512 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2019-10-21 18:34 - 2003-10-01 11:43 - 003239936 _____ () [File not signed] C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2019-10-07 20:41 - 2019-04-19 17:12 - 001391104 _____ (Remote Mouse) [File not signed] C:\Program Files (x86)\Remote Mouse\windows_api.dll
2018-09-23 12:32 - 2019-06-11 08:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2018-09-23 12:32 - 2019-06-11 08:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2018-09-23 12:32 - 2019-07-12 09:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\WSS\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\WSS\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2017-09-29 15:44 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1906486174-218330440-3877118835-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\WSS\Desktop\asd.png
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "HKLM"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "HKCU"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\StartupApproved\Run: => "World of Tanks"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6557AB05-E832-4293-B1AE-CF05E13D1BC4}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{62A0155E-AB52-4BDA-93A3-50CFEF434389}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7D8A2F97-2C09-4080-BCE8-568DA0C0136E}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A7B5762-0EFD-4035-94C7-B25E6065F469}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5BD57C0A-524D-47A4-9A48-1FB2DEA4C3B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{05CBB35B-7BF1-4012-9B5B-807B5F2B5ACE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{7169C8CE-F7FF-4023-A8C2-1127EE19ECD8}D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe No File
FirewallRules: [UDP Query User{CC236695-0741-47E4-83F0-09E835CAEA8E}D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe] => (Allow) D:\programy\steam\steamapps\common\insurgency2\insurgency_x64.exe No File
FirewallRules: [TCP Query User{F0F07424-0049-4B59-811D-E0D46D23E3F7}C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe] => (Allow) C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe No File
FirewallRules: [UDP Query User{727DD4CA-2100-44AF-9471-9E909980A6E2}C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe] => (Allow) C:\users\wss\appdata\local\brave\app-0.24.0\brave.exe No File
FirewallRules: [{AD7B9184-F03D-4D93-9CBE-ECD4BFB69094}] => (Allow) D:\Programy\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{E385FCA5-6FFD-4B3A-A1CE-5176CF7A3903}] => (Allow) D:\Programy\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0CD36812-DF4B-414F-B671-4CAAC6C114DB}] => (Allow) D:\Programy\Daemon Tools\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{7C7EDB57-C0AD-40BF-893A-2D584EF4517E}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8407C8A8-8104-4F0E-9610-BF1933B664A7}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{DC9D6CB4-82F7-4272-811B-07359482A380}D:\hry\gwent\gwent\gwent.exe] => (Allow) D:\hry\gwent\gwent\gwent.exe () [File not signed]
FirewallRules: [UDP Query User{2BE90420-25B5-47E1-B768-4C70A2ABED91}D:\hry\gwent\gwent\gwent.exe] => (Allow) D:\hry\gwent\gwent\gwent.exe () [File not signed]
FirewallRules: [{E9336F7E-FCFE-4FBF-8638-9508544C8D30}] => (Allow) D:\Hry\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{D7B896FD-3A95-447F-BDB1-801F2C0869F5}] => (Allow) D:\Hry\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [TCP Query User{77C499EA-A7D5-4684-9D03-93782EC9A425}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{A0A9791E-7FA1-4D8F-B6D9-CFB4A75E20B8}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{5C419C0F-521E-4FEC-9C02-7BA53C069625}D:\hry\world_of_tanks\wotlauncher.exe] => (Allow) D:\hry\world_of_tanks\wotlauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E0762E5E-98E3-4890-8D02-55FA58ABC16C}D:\hry\world_of_tanks\wotlauncher.exe] => (Allow) D:\hry\world_of_tanks\wotlauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{0D85AABC-048A-4B93-8BFD-A9D0B11E8C1F}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{81708566-7443-4D1E-AB73-7A53D6A86924}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{77DE473A-D515-4159-AB09-6B7B4CD644A1}D:\hry\world_of_tanks\worldoftanks.exe] => (Block) D:\hry\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{BAAA0996-6ECB-43D4-839F-799C0C76A140}D:\hry\world_of_tanks\worldoftanks.exe] => (Block) D:\hry\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{2F72D19B-9D5E-4E0E-A52D-BC86BA4E41C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A0B923DF-0028-47A4-8DFE-92B091339F2E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [{2A50958C-4F0C-4E05-BA33-782D9C83D86B}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [{3B150106-2A1B-466A-9763-1341569A66D8}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [TCP Query User{E67B4699-27A0-4E1F-9925-3CFA8C55A608}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{D762494A-7845-4F98-B646-DF16067DBB9C}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [{FB8D4DDF-20B1-429D-8152-F18E1A3FBA49}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{6BC70D53-9365-4879-91A8-304281538D5E}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{20E4F9E3-C842-44FF-860A-E10C7D4F0718}C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe (New World Interactive LLC -> New World Interactive)
FirewallRules: [UDP Query User{FBCBEDF2-A7DD-42D4-8103-F030BDE9B1FF}C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) C:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe (New World Interactive LLC -> New World Interactive)
FirewallRules: [TCP Query User{A8C67750-70C7-4854-8536-8E77B021E071}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [UDP Query User{105098EB-6CA4-429F-9386-FA789E0C57BA}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [TCP Query User{7204CD36-CE5A-408E-ADBF-E613A4341F94}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{EBBC456E-1FF0-4E95-AB09-5DDE6CBAFF6C}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [{61FD807C-F1B3-4CD4-B329-9706FA9990DE}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut.exe (Hazelight Studios AB) [File not signed]
FirewallRules: [{BB43D60E-8576-45E7-BAFB-708F4EA52643}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut.exe (Hazelight Studios AB) [File not signed]
FirewallRules: [{00FFCFE1-1AED-4575-84F7-8755429E4DC1}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut_friend.exe (Hazelight Studios AB -> Hazelight Studios AB)
FirewallRules: [{C0FA0A65-72D9-46E3-874C-FE50699AFC76}] => (Allow) D:\Hry\A Way Out\Haze1\Binaries\Win64\AWayOut_friend.exe (Hazelight Studios AB -> Hazelight Studios AB)
FirewallRules: [TCP Query User{22EDF6D1-319F-4A81-AD4B-56E20CACDD22}D:\hry\portal 2\portal2.exe] => (Allow) D:\hry\portal 2\portal2.exe () [File not signed]
FirewallRules: [UDP Query User{EC67BF5B-9407-4F48-BEB0-A9B1C01F316E}D:\hry\portal 2\portal2.exe] => (Allow) D:\hry\portal 2\portal2.exe () [File not signed]
FirewallRules: [TCP Query User{31C15189-853B-4FD1-9785-CD4BA7466DEC}D:\hry\resident evil 6\bh6.exe] => (Allow) D:\hry\resident evil 6\bh6.exe (QLOC S.A. -> CAPCOM U.S.A, INC.)
FirewallRules: [UDP Query User{427E429A-FF94-425D-B45B-7BECAFFF0F52}D:\hry\resident evil 6\bh6.exe] => (Allow) D:\hry\resident evil 6\bh6.exe (QLOC S.A. -> CAPCOM U.S.A, INC.)
FirewallRules: [TCP Query User{7F497768-CAD3-40CD-BFFC-BF0566178FE3}D:\torrenty\unrealtournament\system\unrealtournament.exe] => (Allow) D:\torrenty\unrealtournament\system\unrealtournament.exe () [File not signed]
FirewallRules: [UDP Query User{9734B959-F730-43EC-BEA4-D8009B29DF86}D:\torrenty\unrealtournament\system\unrealtournament.exe] => (Allow) D:\torrenty\unrealtournament\system\unrealtournament.exe () [File not signed]
FirewallRules: [TCP Query User{F77A0CB3-9822-4039-A07B-6281824C2746}D:\hry\re-volt\revolt.exe] => (Allow) D:\hry\re-volt\revolt.exe () [File not signed]
FirewallRules: [UDP Query User{492DA024-289C-4B42-A7FD-F2F6644B33BB}D:\hry\re-volt\revolt.exe] => (Allow) D:\hry\re-volt\revolt.exe () [File not signed]
FirewallRules: [TCP Query User{15C56349-24A4-49DA-A63D-545816C88B6D}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EC5140A5-C1B4-4416-916F-6B0FC2283C81}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{49F8A695-2874-4ABA-A778-90FC91A78DF1}D:\hry\starcraft\starcraft.exe] => (Allow) D:\hry\starcraft\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{88C24A85-AAC2-4AE7-990D-8D3C82A937E8}D:\hry\starcraft\starcraft.exe] => (Allow) D:\hry\starcraft\starcraft.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{1F3CCB1E-8F68-4F70-967D-ABB7F69283E5}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{1CA98460-8A14-4819-8A0C-484098BE1BED}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{53F570C0-8280-4119-88CF-81F83AAA11A7}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [UDP Query User{1785E4C7-9447-438F-8B9E-A1C45D3773BC}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [{08D08BDA-B827-472A-9773-66D9CED2B113}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [{D6BFCF42-09AA-4D5C-BA2C-DAABB44BF654}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [{CF468021-E33B-4241-9775-BA546775A6B3}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [{C91CFB9F-9F6F-49B1-9D24-448F3E82D4F2}] => (Allow) D:\Programy\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [TCP Query User{26035BAE-949A-4A01-9FEE-2DFEB8797F04}D:\hry\the long dark redux\tld.exe] => (Allow) D:\hry\the long dark redux\tld.exe () [File not signed]
FirewallRules: [UDP Query User{2E32B9AA-F97D-4270-920F-51DA7FB32194}D:\hry\the long dark redux\tld.exe] => (Allow) D:\hry\the long dark redux\tld.exe () [File not signed]
FirewallRules: [TCP Query User{B9EC216A-3C11-4CB4-91C3-697A36400F38}D:\hry\generation zero\generationzero_f.exe] => (Allow) D:\hry\generation zero\generationzero_f.exe No File
FirewallRules: [UDP Query User{C3CF0FCC-F8E2-4511-BB49-5B2068146235}D:\hry\generation zero\generationzero_f.exe] => (Allow) D:\hry\generation zero\generationzero_f.exe No File
FirewallRules: [TCP Query User{893BA891-EDE0-4B7E-8B1D-4956A2982296}D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{C6DEB8C6-6A6C-41E3-9596-034402AD1053}D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Allow) D:\hry\divinity original sin 2 definitive edition\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [TCP Query User{502FD786-3C82-44AD-8A4F-3931D5FB20A1}D:\hry\pathologic 2\pathologic.exe] => (Allow) D:\hry\pathologic 2\pathologic.exe () [File not signed]
FirewallRules: [UDP Query User{F3F6F2C5-F5B2-47F8-AD17-3488ED6FA540}D:\hry\pathologic 2\pathologic.exe] => (Allow) D:\hry\pathologic 2\pathologic.exe () [File not signed]
FirewallRules: [TCP Query User{54EA9450-EC0E-4E2C-A650-1972C0D18B99}D:\programy\vlc\vlc.exe] => (Block) D:\programy\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F4F31476-DBEF-4829-B36E-0C84D4816323}D:\programy\vlc\vlc.exe] => (Block) D:\programy\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C016D840-6F04-415A-B77F-8EE1A671E113}C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe] => (Block) C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe No File
FirewallRules: [UDP Query User{341A39F6-804D-465E-B659-4EA1C480AA17}C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe] => (Block) C:\users\wss\desktop\company of heroes\bugreport\bugreport.exe No File
FirewallRules: [{7C78ED41-8422-4ECB-B955-159A5F280223}] => (Allow) D:\Programy\Serviio\bin\ServiioService.exe () [File not signed]
FirewallRules: [{45B538A2-D820-4816-B661-00A32F5D07AA}] => (Allow) D:\Programy\Serviio\bin\ServiioService.exe () [File not signed]
FirewallRules: [{C69EF135-14AA-4B8E-B5F8-58303238CC6C}] => (Allow) D:\Programy\Serviio\console\ServiioConsole.exe (Six Lines Ltd) [File not signed]
FirewallRules: [TCP Query User{FB4E2A73-0961-44BC-9416-D8C395AA567C}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{5DD9619B-01E0-4A56-9823-3C618F31CF28}C:\users\wss\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wss\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{71965AF4-6BE5-4152-874A-C9C336128CE5}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.)
FirewallRules: [{DD36A8D8-DB63-49F6-8D1F-5AFC3234BCAB}] => (Allow) C:\SteamLibrary\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.)
FirewallRules: [{2704B3EB-FED7-4A38-8663-218A89CF786A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{8AB37FA7-3FA8-45A2-BFAF-403EC925EE7E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{F2675C78-4ECB-4C4C-9423-F838C88586BE}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [UDP Query User{947F47AC-1CC0-4264-911D-A4CBB457175B}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [{ACEADB87-0391-4C4A-9C42-ADFFF18598D3}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{58859756-3CA9-4A9F-8395-098F2F4DFCA8}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [TCP Query User{8332A415-8340-4F79-A445-5F14B90337F0}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [UDP Query User{91A911F6-1760-4581-B23F-D8C94CEB0A2F}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{9A203DCC-2B41-4904-870A-DE529DF8E0F6}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{F323963A-CBAB-41E3-AB26-99594F1235C1}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [TCP Query User{A0D240EE-CCA6-4D54-AF3B-1CD76B360F5A}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [UDP Query User{CF049E4D-0D75-4AA4-A861-15ED19C7941E}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{B1C60E8A-7F0B-496B-93A3-5EEBD82F5A37}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{26B1FD61-37FD-4042-B3FF-F5E69294DC69}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{7EE18F6E-3745-437C-9B48-30E29FDFC563}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{EC72324E-1826-4163-9F6F-810CEA078E91}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{DD630744-A8C0-415F-9222-AA310522481B}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{0F4BB519-BBD3-4FE8-80F7-730A343F382C}] => (Allow) D:\Hry\League Of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{C9D67172-CB9A-4EAF-B0C9-1A9A526379B3}D:\hry\league of legends\game\league of legends.exe] => (Allow) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{2C6EC86A-25ED-48E6-9C9D-5052B50BE026}D:\hry\league of legends\game\league of legends.exe] => (Allow) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{26E6A814-CA1A-4A15-9BF0-A915E1581C63}] => (Block) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{D482C4D6-47A7-47C4-A05B-64C927DAB7EE}] => (Block) D:\hry\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [{14D07B88-AE4E-4118-AD0F-160C64281257}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5497517C-FB94-4AE6-B150-D890C821621A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4E7FD89D-534B-4AE7-8EFE-4081BEA2F01C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C563E529-6CB0-43E1-BAA2-B4C3C278F2D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0258BC82-0DCA-44B8-83A5-51FA9C204F45}] => (Allow) D:\Programy\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{0FF824C8-788E-40C5-9D4F-DA2C758FFC71}] => (Allow) D:\Programy\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [TCP Query User{473A65DF-0808-4FFD-9106-1799CBC91472}D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe] => (Allow) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [UDP Query User{625694C9-8065-406E-BE7D-52711FE7BEA7}D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe] => (Allow) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{0ED47ADE-1842-4866-9B1C-64F8691B89E5}] => (Block) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{798260CB-8291-4732-B135-A37A4B78E455}] => (Block) D:\hry\men of war assault squad 2 - cold war\binaries\x64\as2_cw.exe (Digitalmindsoft) [File not signed]
FirewallRules: [TCP Query User{A69E505E-DEAD-406E-A938-4C395B4C3537}D:\hry\magic the gathering arena\mtga\mtga.exe] => (Allow) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{382F7492-77A0-4DBB-81CA-0B8F566F4D18}D:\hry\magic the gathering arena\mtga\mtga.exe] => (Allow) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{763EEB61-B42A-4736-BABD-4543C26BC109}] => (Block) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{E04B7BF6-DF0D-412C-B64D-B256CA3EC873}] => (Block) D:\hry\magic the gathering arena\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{14EF704B-7A83-4D79-91DF-CE981ADA1515}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{D0DAB838-BD42-4B5A-82A0-661CAB3BC281}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{2E08A7FF-417B-49DD-BF81-5A4C4611F0E3}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{8B6EC600-6C27-4675-A0D0-E1176E60FBC5}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{D2B92D46-A059-4F69-BC96-42B715097E60}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{5019ADEB-A1CE-4BED-A50B-6ED80CC412BE}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{BCE546DF-4F40-469C-B9A2-7F91AD359EF7}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{180E6DC9-9751-46BA-8082-47973A01A5C4}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [TCP Query User{197AC62A-1D4D-4F6D-8C97-7BCCA3D9CD3F}D:\hry\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{7EF957D6-B77B-4BB9-B00F-A6CF8E648F13}D:\hry\world_of_tanks\win32\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{353C3518-9849-4359-A9B2-471609EC8F13}] => (Block) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{CC7394BA-097A-4D86-8167-AB0FCF3DA124}] => (Block) D:\hry\world_of_tanks\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{C99573D0-EDD0-4E4F-BDDD-9152E7836E27}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1BD8FC4F-73FC-4DE4-B3F2-A17534497796}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{0CD9DED6-30AA-4F44-9BC9-FCCC0FAACEE4}D:\hry\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\hry\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{E273A1CC-6635-48C1-A38B-92D5C450F27A}D:\hry\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\hry\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{E6B3DCF3-63A5-4CD1-8AD6-B66AC9957EBA}] => (Block) D:\hry\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{6C098C2B-C2A7-4BCF-B700-A6D72E163B80}] => (Block) D:\hry\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)

==================== Restore Points =========================

16-10-2019 18:42:47 Scheduled Checkpoint
25-10-2019 17:51:19 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2019 11:23:31 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/25/2019 11:30:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcontainer.exe, version: 1.19.2693.9990, time stamp: 0x5d440082
Faulting module name: ntdll.dll, version: 10.0.16299.665, time stamp: 0x2e74e364
Exception code: 0xc0000374
Fault offset: 0x00000000000f842b
Faulting process id: 0x2538
Faulting application start time: 0x01d58b5bf289cb32
Faulting application path: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bbc186ff-738a-4178-b07c-43a23b713b7a
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2019 08:32:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.16299.696 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1e6c

Start Time: 01d58b485bef4775

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 09f5142c-7d71-4a53-80f7-bb4d27a0a910

Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (10/25/2019 08:31:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-5M56U6R)
Description: Package Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (10/25/2019 08:27:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-5M56U6R)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.637_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (10/25/2019 08:18:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ModernWarfare.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2c60

Start Time: 01d58b544c9e51ca

Termination Time: 4294967295

Application Path: D:\Hry\Call of Duty Modern Warfare\ModernWarfare.exe

Report Id: fc5db68d-eb04-4d4c-91f9-5b36d0c108cf

Faulting package full name:

Faulting package-relative application ID:

Error: (10/25/2019 07:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcontainer.exe, version: 1.19.2693.9990, time stamp: 0x5d440082
Faulting module name: ntdll.dll, version: 10.0.16299.665, time stamp: 0x2e74e364
Exception code: 0xc0000374
Fault offset: 0x00000000000f842b
Faulting process id: 0x544
Faulting application start time: 0x01d58b5b03c6ab5e
Faulting application path: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ab3d3c62-6dfc-4054-9f15-7efedf211b8b
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2019 07:02:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcontainer.exe, version: 1.19.2693.9990, time stamp: 0x5d440082
Faulting module name: ntdll.dll, version: 10.0.16299.665, time stamp: 0x2e74e364
Exception code: 0xc0000374
Fault offset: 0x00000000000f842b
Faulting process id: 0x1a00
Faulting application start time: 0x01d58b485b372f63
Faulting application path: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3a186da8-b5d7-4c08-b375-ac41fe269a19
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/26/2019 11:23:30 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5M56U6R)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-5M56U6R\WSS SID (S-1-5-21-1906486174-218330440-3877118835-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2019 11:19:53 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5M56U6R)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-5M56U6R\WSS SID (S-1-5-21-1906486174-218330440-3877118835-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.637_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2019 11:18:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2019 11:18:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2019 11:18:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2019 11:18:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2019 11:18:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WMPNetworkSvc service depends on the WSearch service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/26/2019 11:18:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Updates Services service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2019-10-07 14:14:05.340
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AA7FCDE9-CCCD-4E6C-BCAD-1B0A5EB712C8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-06 21:59:47.005
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {91F1A784-4408-4E81-8283-D5EAB66A54DC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-21 14:21:45.845
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_D:\Torrenty\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.301.1812.0, AS: 1.301.1812.0, NIS: 1.301.1812.0
Engine Version: AM: 1.1.16300.1, NIS: 1.1.16300.1

Date: 2019-09-07 12:48:54.989
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {11908B2E-B0D6-4B99-B5CF-C9002448FF20}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-03 19:38:29.067
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F39A2B3-A391-4ECD-8F65-F4D23C6A6161}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-10 09:15:33.196
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

==================== Memory info ===========================

BIOS: American Megatrends Inc. B.10 09/06/2015
Motherboard: MSI B150 GAMING M3 (MS-7978)
Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 8131.67 MB
Available physical RAM: 4489.49 MB
Total Virtual: 15043.67 MB
Available Virtual: 10728.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:68.17 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:88.99 GB) NTFS
Drive h: (Download) (Fixed) (Total:465.75 GB) (Free:77.98 GB) NTFS

\\?\Volume{2204a4c2-526a-4c52-b4b0-5f4f1c77da72}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{96c8097e-4afe-45ac-b01c-2f1cd1ce3a7a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BE794183)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Run: [winlogui] => C:\Windows\system32\winlogui.exe [1803776 2019-10-12] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Run: [HKLM] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (AVG Netherlands B.V) <==== ATTENTION
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (Zemana) <==== ATTENTION
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {2e39f8a0-d111-11e8-aebc-001a7dda7111} - "J:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd3a-c199-11e8-aeb2-001a7dda7111} - "E:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd5f-c199-11e8-aeb2-001a7dda7111} - "F:\SETUP.EXE"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a18f-fcb6-11e8-aebe-001a7dda7111} - "G:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a6b5-fcb6-11e8-aebe-001a7dda7111} - "I:\setup.exe"
HKU\S-1-5-18\...\Run: [HKCU] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {927E48A7-09A4-4D29-B924-2B4D91533A97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {9AD39663-46A8-471F-8784-9CCB39224A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {BA8D312A-C367-4B51-89D9-39AF180EBD35} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {E3A6E576-689A-4213-BBAE-9DEAC4074C5C} - System32\Tasks\KMS_VL_ALL => C:\Windows\schemas\Scripts\KMS_VL_ALL.cmd
Task: {F0140363-C57A-4A59-95E8-9811A67C6C6B} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2019-02-23] (Apple Inc. -> Apple Inc.)
S2 Windows Updates Services; C:\Windows\servicing\starter.exe
C:\ProgramData\DP45977C.lfl
C:\Windows\system32\setup4.2.6.tmp
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
FCheck: C:\Windows\servicing\Skype.exe [2018-08-04] <==== ATTENTION
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
AlternateDataStreams: C:\Users\WSS\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\WSS\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [0]
FirewallRules: [{7D8A2F97-2C09-4080-BCE8-568DA0C0136E}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A7B5762-0EFD-4035-94C7-B25E6065F469}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{77C499EA-A7D5-4684-9D03-93782EC9A425}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{A0A9791E-7FA1-4D8F-B6D9-CFB4A75E20B8}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{2F72D19B-9D5E-4E0E-A52D-BC86BA4E41C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A0B923DF-0028-47A4-8DFE-92B091339F2E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [{2A50958C-4F0C-4E05-BA33-782D9C83D86B}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [{3B150106-2A1B-466A-9763-1341569A66D8}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [TCP Query User{E67B4699-27A0-4E1F-9925-3CFA8C55A608}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{D762494A-7845-4F98-B646-DF16067DBB9C}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{7204CD36-CE5A-408E-ADBF-E613A4341F94}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{EBBC456E-1FF0-4E95-AB09-5DDE6CBAFF6C}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [TCP Query User{53F570C0-8280-4119-88CF-81F83AAA11A7}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [UDP Query User{1785E4C7-9447-438F-8B9E-A1C45D3773BC}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [{2704B3EB-FED7-4A38-8663-218A89CF786A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{8AB37FA7-3FA8-45A2-BFAF-403EC925EE7E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{F2675C78-4ECB-4C4C-9423-F838C88586BE}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [UDP Query User{947F47AC-1CC0-4264-911D-A4CBB457175B}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [{ACEADB87-0391-4C4A-9C42-ADFFF18598D3}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{58859756-3CA9-4A9F-8395-098F2F4DFCA8}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [TCP Query User{8332A415-8340-4F79-A445-5F14B90337F0}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [UDP Query User{91A911F6-1760-4581-B23F-D8C94CEB0A2F}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{9A203DCC-2B41-4904-870A-DE529DF8E0F6}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{F323963A-CBAB-41E3-AB26-99594F1235C1}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [TCP Query User{A0D240EE-CCA6-4D54-AF3B-1CD76B360F5A}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [UDP Query User{CF049E4D-0D75-4AA4-A861-15ED19C7941E}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{B1C60E8A-7F0B-496B-93A3-5EEBD82F5A37}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{26B1FD61-37FD-4042-B3FF-F5E69294DC69}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
D:\Torrenty\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#8 Příspěvek od WhySoSad »

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2019
Ran by WSS (27-10-2019 00:15:24) Run:1
Running from C:\Users\WSS\Desktop
Loaded Profiles: WSS (Available Profiles: WSS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [winlogui] => C:\Windows\system32\winlogui.exe [1803776 2019-10-12] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Run: [HKLM] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
HKLM\ DisallowedCertificates: 18AA37360A0698E6A1F54A9E8268FB127B70E189 (AVG Netherlands B.V) <==== ATTENTION
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: 1F25DF887B158E34E2FCB13171924610C8F6BA2F (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 2CC344E13934A69AA993E80C8E20FF0ACCB33F1E (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 2F56FF8F95EE69A27C05DBB35924F847C86A66B4 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 31F5EE85DA34AD374D43776B54F6686E7E922737 (SurfRight B.V.) <==== ATTENTION
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 42A8984E8B9C51F6B7274866F8726CA1E9057FAA (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: 5CA5F811E011742B05D014D03F85848D81F41A63 (Zemana) <==== ATTENTION
HKLM\ DisallowedCertificates: 622271AF668F99BD94AC12E5EBF86E48FD50AECB (Qihu 360 Software Co. Limited) <==== ATTENTION
HKLM\ DisallowedCertificates: 6CD253D636A7B4D0E0981431BC064061A9853ED9 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 76FBABF1EADED3B91DD7A76A6678301F1F87AA97 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9900CFAABC45B4247F9D78EE7E12B102D25EA325 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: BEBFAE20957D4DE689A8B962AEE358EFE39F195F (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: E64232B7757A335C032414C6888633CC498E7CD6 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {2e39f8a0-d111-11e8-aebc-001a7dda7111} - "J:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd3a-c199-11e8-aeb2-001a7dda7111} - "E:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {69dbcd5f-c199-11e8-aeb2-001a7dda7111} - "F:\SETUP.EXE"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a18f-fcb6-11e8-aebe-001a7dda7111} - "G:\setup.exe"
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\...\MountPoints2: {d0f8a6b5-fcb6-11e8-aebe-001a7dda7111} - "I:\setup.exe"
HKU\S-1-5-18\...\Run: [HKCU] => C:\Windows\servicing\Skype.exe [53104 2018-08-04] (Microsoft Corporation -> Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {927E48A7-09A4-4D29-B924-2B4D91533A97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {9AD39663-46A8-471F-8784-9CCB39224A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-10] (Google Inc -> Google Inc.)
Task: {BA8D312A-C367-4B51-89D9-39AF180EBD35} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {E3A6E576-689A-4213-BBAE-9DEAC4074C5C} - System32\Tasks\KMS_VL_ALL => C:\Windows\schemas\Scripts\KMS_VL_ALL.cmd
Task: {F0140363-C57A-4A59-95E8-9811A67C6C6B} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2019-02-23] (Apple Inc. -> Apple Inc.)
S2 Windows Updates Services; C:\Windows\servicing\starter.exe
C:\ProgramData\DP45977C.lfl
C:\Windows\system32\setup4.2.6.tmp
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
FCheck: C:\Windows\servicing\Skype.exe [2018-08-04] <==== ATTENTION
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
AlternateDataStreams: C:\Users\WSS\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [0]
AlternateDataStreams: C:\Users\WSS\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [0]
FirewallRules: [{7D8A2F97-2C09-4080-BCE8-568DA0C0136E}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A7B5762-0EFD-4035-94C7-B25E6065F469}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{77C499EA-A7D5-4684-9D03-93782EC9A425}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{A0A9791E-7FA1-4D8F-B6D9-CFB4A75E20B8}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [TCP Query User{2F72D19B-9D5E-4E0E-A52D-BC86BA4E41C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{A0B923DF-0028-47A4-8DFE-92B091339F2E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe No File
FirewallRules: [{2A50958C-4F0C-4E05-BA33-782D9C83D86B}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [{3B150106-2A1B-466A-9763-1341569A66D8}] => (Allow) D:\Programy\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe No File
FirewallRules: [TCP Query User{E67B4699-27A0-4E1F-9925-3CFA8C55A608}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{D762494A-7845-4F98-B646-DF16067DBB9C}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{7204CD36-CE5A-408E-ADBF-E613A4341F94}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{EBBC456E-1FF0-4E95-AB09-5DDE6CBAFF6C}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [TCP Query User{53F570C0-8280-4119-88CF-81F83AAA11A7}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [UDP Query User{1785E4C7-9447-438F-8B9E-A1C45D3773BC}C:\users\wss\desktop\company of heroes\reliccoh.exe] => (Allow) C:\users\wss\desktop\company of heroes\reliccoh.exe No File
FirewallRules: [{2704B3EB-FED7-4A38-8663-218A89CF786A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{8AB37FA7-3FA8-45A2-BFAF-403EC925EE7E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{F2675C78-4ECB-4C4C-9423-F838C88586BE}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [UDP Query User{947F47AC-1CC0-4264-911D-A4CBB457175B}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe] => (Block) C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe No File
FirewallRules: [{ACEADB87-0391-4C4A-9C42-ADFFF18598D3}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [{58859756-3CA9-4A9F-8395-098F2F4DFCA8}] => (Allow) D:\Programy\Steam\steamapps\common\Deceit\bin\win_x64\Deceit.exe No File
FirewallRules: [TCP Query User{8332A415-8340-4F79-A445-5F14B90337F0}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [UDP Query User{91A911F6-1760-4581-B23F-D8C94CEB0A2F}D:\programy\steam\steamapps\common\cry of fear\cof.exe] => (Allow) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{9A203DCC-2B41-4904-870A-DE529DF8E0F6}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [{F323963A-CBAB-41E3-AB26-99594F1235C1}] => (Block) D:\programy\steam\steamapps\common\cry of fear\cof.exe No File
FirewallRules: [TCP Query User{A0D240EE-CCA6-4D54-AF3B-1CD76B360F5A}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [UDP Query User{CF049E4D-0D75-4AA4-A861-15ED19C7941E}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{B1C60E8A-7F0B-496B-93A3-5EEBD82F5A37}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
FirewallRules: [{26B1FD61-37FD-4042-B3FF-F5E69294DC69}] => (Block) D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe No File
D:\Torrenty\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\winlogui" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM" => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18AA37360A0698E6A1F54A9E8268FB127B70E189 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1B581436B0ED7536755B8B1C81112509A5AAF6ED => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1F25DF887B158E34E2FCB13171924610C8F6BA2F => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2CC344E13934A69AA993E80C8E20FF0ACCB33F1E => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2F56FF8F95EE69A27C05DBB35924F847C86A66B4 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31F5EE85DA34AD374D43776B54F6686E7E922737 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42A8984E8B9C51F6B7274866F8726CA1E9057FAA => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5CA5F811E011742B05D014D03F85848D81F41A63 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\622271AF668F99BD94AC12E5EBF86E48FD50AECB => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\6CD253D636A7B4D0E0981431BC064061A9853ED9 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76FBABF1EADED3B91DD7A76A6678301F1F87AA97 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\84C08B7A367422AF5FEF8D353B36191ECE9DBAF7 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9900CFAABC45B4247F9D78EE7E12B102D25EA325 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A32249E9A6B9CF5C36B0749C81613524D37C594 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BEBFAE20957D4DE689A8B962AEE358EFE39F195F => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BF9254919794C1075EA027889C5D304F1121C653 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\BFA87DC996BD6BCB02B6F530D2C646A0B5A0D5A9 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E64232B7757A335C032414C6888633CC498E7CD6 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e39f8a0-d111-11e8-aebc-001a7dda7111} => removed successfully
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69dbcd3a-c199-11e8-aeb2-001a7dda7111} => removed successfully
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69dbcd5f-c199-11e8-aeb2-001a7dda7111} => removed successfully
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0f8a18f-fcb6-11e8-aebe-001a7dda7111} => removed successfully
HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0f8a6b5-fcb6-11e8-aebe-001a7dda7111} => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{927E48A7-09A4-4D29-B924-2B4D91533A97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{927E48A7-09A4-4D29-B924-2B4D91533A97}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AD39663-46A8-471F-8784-9CCB39224A15}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AD39663-46A8-471F-8784-9CCB39224A15}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA8D312A-C367-4B51-89D9-39AF180EBD35}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA8D312A-C367-4B51-89D9-39AF180EBD35}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3A6E576-689A-4213-BBAE-9DEAC4074C5C}" => not found
C:\Windows\System32\Tasks\KMS_VL_ALL => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS_VL_ALL" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0140363-C57A-4A59-95E8-9811A67C6C6B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0140363-C57A-4A59-95E8-9811A67C6C6B}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
Bonjour Service => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Bonjour Service => removed successfully
Bonjour Service => service removed successfully
HKLM\System\CurrentControlSet\Services\Windows Updates Services => removed successfully
Windows Updates Services => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Windows\system32\setup4.2.6.tmp => moved successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Windows\servicing\Skype.exe => moved successfully
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => removed successfully
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
C:\Users\WSS\Application Data => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
"C:\Users\WSS\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D8A2F97-2C09-4080-BCE8-568DA0C0136E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A7B5762-0EFD-4035-94C7-B25E6065F469}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{77C499EA-A7D5-4684-9D03-93782EC9A425}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A0A9791E-7FA1-4D8F-B6D9-CFB4A75E20B8}D:\programy\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2F72D19B-9D5E-4E0E-A52D-BC86BA4E41C1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A0B923DF-0028-47A4-8DFE-92B091339F2E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.178\deploy\leagueclient.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A50958C-4F0C-4E05-BA33-782D9C83D86B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B150106-2A1B-466A-9763-1341569A66D8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E67B4699-27A0-4E1F-9925-3CFA8C55A608}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D762494A-7845-4F98-B646-DF16067DBB9C}D:\programy\steam\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7204CD36-CE5A-408E-ADBF-E613A4341F94}C:\program files (x86)\origin games\apex\r5apex.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EBBC456E-1FF0-4E95-AB09-5DDE6CBAFF6C}C:\program files (x86)\origin games\apex\r5apex.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{53F570C0-8280-4119-88CF-81F83AAA11A7}C:\users\wss\desktop\company of heroes\reliccoh.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1785E4C7-9447-438F-8B9E-A1C45D3773BC}C:\users\wss\desktop\company of heroes\reliccoh.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2704B3EB-FED7-4A38-8663-218A89CF786A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AB37FA7-3FA8-45A2-BFAF-403EC925EE7E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F2675C78-4ECB-4C4C-9423-F838C88586BE}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{947F47AC-1CC0-4264-911D-A4CBB457175B}C:\users\wss\desktop\free\engine\binaries\win32\ue4game-win32-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACEADB87-0391-4C4A-9C42-ADFFF18598D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58859756-3CA9-4A9F-8395-098F2F4DFCA8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8332A415-8340-4F79-A445-5F14B90337F0}D:\programy\steam\steamapps\common\cry of fear\cof.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{91A911F6-1760-4581-B23F-D8C94CEB0A2F}D:\programy\steam\steamapps\common\cry of fear\cof.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A203DCC-2B41-4904-870A-DE529DF8E0F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F323963A-CBAB-41E3-AB26-99594F1235C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A0D240EE-CCA6-4D54-AF3B-1CD76B360F5A}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CF049E4D-0D75-4AA4-A861-15ED19C7941E}D:\programy\steam\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1C60E8A-7F0B-496B-93A3-5EEBD82F5A37}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26B1FD61-37FD-4042-B3FF-F5E69294DC69}" => removed successfully
"D:\Torrenty\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31112836 B
Java, Flash, Steam htmlcache => 213931402 B
Windows/system/drivers => 4586726 B
Edge => 4481491 B
Chrome => 326492814 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 351262 B
LocalService => 370124 B
NetworkService => 1136046 B
WSS => 339616202 B

RecycleBin => 4974248 B
EmptyTemp: => 892.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:16:13 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#9 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#10 Příspěvek od WhySoSad »

Bohužel, procesor po restartu stále na 100% až do zapnutí správce úloh, Windows Defender stále nelze aktivovat.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#11 Příspěvek od Rudy »

OK. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#12 Příspěvek od WhySoSad »

MBAM nelze nainstalovat na disk C kde je systém, vyhodí chybovou hlášku, že na toto místo nelze nainstalovat. Musel jsem to nainstalovat na D.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/27/19
Scan Time: 6:46 PM
Log File: accad65a-f8e1-11e9-a5e2-d8cb8ac4a7ef.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.0
Update Package Version: 1.0.13089
License: Free

-System Information-
OS: Windows 10 (Build 16299.726)
CPU: x64
File System: NTFS
User: DESKTOP-5M56U6R\WSS

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 285344
Threats Detected: 15
Threats Quarantined: 0
Time Elapsed: 2 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
Backdoor.Agent, HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\((Mutex)), No Action By User, [3570], [195706],1.0.13089
Backdoor.Agent, HKU\S-1-5-18\SOFTWARE\((Mutex)), No Action By User, [3570], [195706],1.0.13089
Backdoor.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}, No Action By User, [3570], [163598],1.0.13089
Backdoor.Agent, HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5460C4DF-B266-909E-CB58-E32B79832EB2}, No Action By User, [3570], [163598],1.0.13089

Registry Value: 1
Backdoor.HMCPol.Gen, HKU\S-1-5-21-1906486174-218330440-3877118835-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU, No Action By User, [6424], [215598],1.0.13089

Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, [13325], [293294],1.0.13089
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, [13325], [293295],1.0.13089
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, [13325], [293296],1.0.13089

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 7
Trojan.Agent.Trace, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\((MUTEX)).CFG, No Action By User, [3529], [247505],1.0.13089
Trojan.Agent.Trace, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\((MUTEX)).DAT, No Action By User, [3529], [247506],1.0.13089
Trojan.Agent.Trace, C:\USERS\WSS\APPDATA\ROAMING\MICROSOFT\WINDOWS\((MUTEX)).DAT, No Action By User, [3529], [247506],1.0.13089
Trojan.Agent.Trace, C:\USERS\WSS\APPDATA\ROAMING\MICROSOFT\WINDOWS\((MUTEX)).CFG, No Action By User, [3529], [247505],1.0.13089
Backdoor.Agent, C:\WINDOWS\SYSTEM32\WINSCOMRSSRV.DLL, No Action By User, [3570], [653659],1.0.13089
Trojan.FakeMS.TskLnk, C:\WINDOWS\SYSTEM32\STARTUPCHECKLIBRARY.DLL, No Action By User, [4085], [676770],1.0.13089
Trojan.FakeMS, C:\WINDOWS\SYSTEM32\WINLOGUI.EXE, No Action By User, [3098], [646232],1.0.13089

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#13 Příspěvek od Rudy »

To nevadí. Všechny nálezy smažte a restartujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#14 Příspěvek od WhySoSad »

Hotovo, restartováno. Po spuštění se zdá, že procesor už není vytěžován na 100%. Při spuštění správce úloh, je díky samotnému procesu spouštění správce úloh vytížen na 70% ale hned to klesne na cca 13%. Windows Defender stále deaktivován a nejde spustit. Opětovný scan MBAM nenašel nic. Realtime protection nefunguje stejně jako ostatní služby anitiviru.
Nahoru
WhySoSad
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 14 kvě 2013 10:17

Re: 100% využití procesoru, zablokovaný Windows Defender atd

#15 Příspěvek od WhySoSad »

Beru zpět, procesor stále běží na 100% pokaždé když vypnu správce úloh.

Nedaří se ani SFC /SCANNOW, vyhjodí tuhle chybu...


Microsoft Windows [Version 10.0.16299.726]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\Windows\system32>SFC /SCANNOW

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection could not perform the requested operation.

C:\Windows\system32>
Naposledy upravil(a) WhySoSad dne 28 říj 2019 10:52, celkem upraveno 1 x.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“