Botnet detekovany internetovym operatorem

[Ronnie Basic]

Dobry den,
Mohl bych poprosit o kontrolu logu. Internetovy operator (UPC) poslal mail s varovanim, ze na moji siti detekovali malware typu botnet. Byl jsem vyzvan k odstraneni co nejdrive. avast full scan ani Windows Defender nenasel nic.

Predem dekuji mnohokrate.

Stastny a zdravy novy rok vsem adminum fora.

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by sousedovic (administrator) on SOUSEDOVIC1 (LENOVO 80M5) (07-01-2020 09:20:13)
Running from C:\Users\sousedovic\Desktop
Loaded Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS (Available Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS)
Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\wsc_proxy.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment Inc.) D:\Hry\StarCraft II\Support\BlizzardBrowser\BlizzardBrowser.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.6919\Agent.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) D:\Program Files on Decko\Battle.net\Battle.net.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) D:\Program Files on Decko\Battle.net\Battle.net.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) D:\Program Files on Decko\Battle.net\Battle.net.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) D:\Program Files on Decko\Battle.net\Battle.net.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) D:\Hry\StarCraft II\Versions\Base77661\SC2_x64.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) D:\Program Files on Decko\Total Commander 9 x64\TOTALCMD64.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.7.71.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [699728 2015-08-05] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files on Decko\AVAST\AvLaunch.exe [268680 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => D:\Program Files on Decko\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters).
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC)
Startup: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2020-01-05]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> D:\Program Files on Decko\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17D59B4E-2685-44B8-8264-4F155D09FDA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {6391BEB3-43B8-487C-8D89-E1C3BC2546CC} - System32\Tasks\Avast Emergency Update => D:\Program Files on Decko\AVAST\AvEmUpdate.exe [3933576 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {BAAFA28E-E8B6-48A4-A3EF-60876341F2E1} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => C:\WINDOWS\system32\StartupCheck.vbs [392 2018-05-07] () [File not signed]
Task: {D98F3373-76C8-43B9-9086-139295FDFB15} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {DC3FC9C4-971F-4FFE-9F51-2F8B80587B78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {E0AE94C8-C3DE-4EBA-A523-20D38FBF9CF7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cb5dcfa3-ad02-42b8-868d-007837c5d30c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fd3c6e85-ff39-4590-86ed-b2e60b2c8594}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files on Decko\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files on Decko\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files on Decko\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-247431989-2805255649-28786118-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-247431989-2805255649-28786118-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","file:///C:/Users/Public/KPMG/Chrome_homepage/Google_Startup.htm","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Notifications: Default -> hxxps://meet.google.com
CHR Profile: C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default [2020-01-07]
CHR DownloadDir: D:\Users\sousedovic\Downloads
CHR Extension: (Docs) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-04]
CHR Extension: (Google Drive) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-04]
CHR Extension: (YouTube) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-04]
CHR Extension: (Sheets) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-04]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [90432 2015-08-05] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R3 aswbIDSAgent; D:\Program Files on Decko\AVAST\aswidsagent.exe [6259592 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; D:\Program Files on Decko\AVAST\AvastSvc.exe [996880 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; D:\Program Files on Decko\AVAST\wsc_proxy.exe [57504 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2019-03-04] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel(R) pGFX -> Intel Corporation)
S3 MSSQL$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [484944 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
S3 OpenVPNService; D:\Program Files on Decko\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
U2 ServiceInstaller; C:\WINDOWS\system32\ServiceInstaller.exe [5111808 2018-07-07] () [File not signed]
S4 SQLAgent$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [578640 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe [252704 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34368 2018-01-17] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30280 2018-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-12-31] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [20624 2019-12-31] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-12-31] (Logitech Inc -> Logitech)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2377344 2018-11-13] (WDKTestCert gxia,130717419938108635 -> Qualcomm Atheros, Inc.)
S4 RsFx0501; C:\WINDOWS\System32\DRIVERS\RsFx0501.sys [261784 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419576 2015-11-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [31232 2009-12-12] (OpenVPN, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-07 09:20 - 2020-01-07 09:22 - 000025176 _____ C:\Users\sousedovic\Desktop\FRST.txt
2020-01-07 09:19 - 2020-01-07 09:21 - 000000000 ____D C:\FRST
2020-01-07 09:19 - 2020-01-07 09:18 - 002272256 _____ (Farbar) C:\Users\sousedovic\Desktop\FRST64.exe
2020-01-06 14:34 - 2020-01-06 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\AVAST Software
2020-01-06 14:33 - 2020-01-06 14:33 - 000000932 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-01-06 14:33 - 2020-01-06 14:33 - 000000932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-01-06 14:33 - 2020-01-06 14:33 - 000000932 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-01-06 14:31 - 2020-01-07 09:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-01-06 14:30 - 2020-01-06 14:30 - 000003978 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-06 14:29 - 2020-01-06 14:30 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-01-06 14:29 - 2020-01-06 14:30 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-01-06 14:29 - 2020-01-06 14:30 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-01-06 14:29 - 2020-01-06 14:29 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-01-06 14:29 - 2020-01-06 14:28 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-01-06 14:29 - 2020-01-06 14:28 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-01-06 14:26 - 2020-01-06 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-04 19:46 - 2020-01-04 19:38 - 000006018 _____ C:\qzconfig.bkp
2019-12-31 14:40 - 2019-12-31 14:40 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Logitech
2019-12-31 14:34 - 2019-12-31 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Logitech
2019-12-31 14:34 - 2019-12-31 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Logishrd
2019-12-31 14:22 - 2020-01-03 20:13 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\LGHUB
2019-12-31 14:20 - 2019-12-31 14:20 - 000066808 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2019-12-31 14:20 - 2019-12-31 14:20 - 000038136 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2019-12-31 14:20 - 2019-12-31 14:20 - 000020624 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2019-12-21 12:18 - 2019-12-21 12:18 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Blizzard Entertainment
2019-12-21 12:00 - 2019-12-22 15:15 - 000000495 _____ C:\Users\sousedovic\Desktop\StarCraft II.lnk
2019-12-21 11:21 - 2019-12-21 11:21 - 000000459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.lnk
2019-12-20 00:07 - 2019-06-15 11:09 - 000111184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr14.0.2027.2.dll
2019-12-20 00:07 - 2019-06-15 10:51 - 000259664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SQSRVRES.DLL
2019-12-20 00:07 - 2019-06-15 10:51 - 000128072 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr14.0.2027.2.dll
2019-12-18 11:38 - 2019-12-18 11:38 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2019-12-17 14:42 - 2018-07-07 14:21 - 005111808 _____ C:\WINDOWS\system32\ServiceInstaller.exe
2019-12-17 14:42 - 2018-07-01 12:15 - 000054272 _____ C:\WINDOWS\system32\ServiceInstaller.msi
2019-12-17 14:42 - 2018-05-07 10:33 - 000000392 _____ C:\WINDOWS\system32\StartupCheck.vbs
2019-12-17 14:42 - 2018-04-29 16:27 - 000024512 _____ C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2019-12-17 14:42 - 2018-01-29 00:09 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
2019-12-17 11:06 - 2019-12-17 11:06 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Steam
2019-12-17 11:06 - 2019-12-17 11:06 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Fallout4
2019-12-16 13:45 - 2019-12-16 13:45 - 000000000 ____D C:\Users\sousedovic\AppData\Local\FOMM
2019-12-16 13:43 - 2019-12-16 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
2019-12-15 17:50 - 2019-12-16 14:02 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Fallout3
2019-12-15 17:43 - 2019-12-15 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3 Unofficial Patch
2019-12-15 17:34 - 2019-12-16 16:04 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Vortex
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\ProgramData\Vortex
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Tree Gaming Ltd
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2019-12-15 17:09 - 2019-12-15 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3 [GOG.com]
2019-12-14 17:21 - 2019-12-14 17:21 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Power BI Desktop
2019-12-14 17:19 - 2019-12-14 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Power BI Desktop
2019-12-14 13:14 - 2019-06-15 11:08 - 000051792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL14.SQLEXPRESS-sqlagtctr.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000186440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hadrres.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000088144 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssres.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000060728 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL14.SQLEXPRESS-sqlagtctr.dll
2019-12-14 13:13 - 2019-12-14 13:13 - 000000000 ____D C:\WINDOWS\system32\RsFx
2019-12-14 12:30 - 2019-12-14 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server Tools 18
2019-12-14 12:28 - 2019-12-14 12:28 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2019-12-14 12:27 - 2019-12-14 12:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2019-12-14 12:22 - 2019-12-20 00:05 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2019-12-14 12:22 - 2019-12-20 00:05 - 000000000 ____D C:\WINDOWS\system32\1033
2019-12-14 12:21 - 2019-12-14 12:21 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2019-12-14 12:21 - 2019-12-14 12:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2019-12-14 12:20 - 2019-12-14 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2017
2019-12-14 12:20 - 2019-12-14 13:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-12-14 12:15 - 2019-12-14 12:15 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Microsoft_Corporation
2019-12-14 11:27 - 2019-12-14 11:27 - 000000000 ____D C:\ProgramData\VsTelemetry
2019-12-14 11:24 - 2019-12-20 00:02 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2019-12-14 10:36 - 2019-12-14 10:36 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-14 10:36 - 2019-12-14 10:36 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-14 10:36 - 2019-12-14 10:36 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-12 14:45 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D25853.tmpd
2019-12-12 14:45 - 2019-12-12 14:45 - 000000000 _____ C:\Users\sousedovic\AppData\Local\D25853.tmp
2019-12-10 16:02 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D26950.tmpd
2019-12-10 16:02 - 2019-12-10 16:02 - 000000000 _____ C:\Users\sousedovic\AppData\Local\D26950.tmp
2019-12-08 17:45 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D27D61.tmpd
2019-12-08 17:45 - 2019-12-08 17:45 - 000000000 _____ C:\Users\sousedovic\AppData\Local\D27D61.tmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-07 09:16 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-07 09:16 - 2019-03-05 09:53 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Battle.net
2020-01-07 09:10 - 2019-12-03 15:14 - 000002584 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-01-07 09:10 - 2019-09-01 19:09 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-07 09:10 - 2019-09-01 19:09 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-07 09:04 - 2019-09-01 18:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-06 18:19 - 2019-03-04 10:56 - 000000000 ____D C:\Users\sousedovic\Desktop\Gamesky
2020-01-06 14:29 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-05 10:44 - 2019-03-05 11:57 - 000000000 ____D C:\Users\sousedovic\AppData\Local\CrashDumps
2020-01-05 10:41 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-05 10:38 - 2019-09-01 19:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-05 10:38 - 2019-03-04 10:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-01-05 10:38 - 2019-03-04 10:21 - 000000000 __SHD C:\Users\sousedovic\IntelGraphicsProfiles
2020-01-05 10:38 - 2019-03-04 10:15 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-05 10:37 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-04 19:25 - 2019-03-05 11:05 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-12-31 14:36 - 2019-03-05 11:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-30 20:31 - 2019-03-04 10:58 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\vlc
2019-12-30 20:27 - 2019-03-04 10:59 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Azureus
2019-12-27 17:38 - 2019-09-01 20:19 - 000837548 _____ C:\WINDOWS\system32\perfh005.dat
2019-12-27 17:38 - 2019-09-01 20:19 - 000196704 _____ C:\WINDOWS\system32\perfc005.dat
2019-12-27 17:38 - 2019-09-01 19:05 - 002024426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-23 17:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-23 17:51 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-23 17:51 - 2019-03-03 20:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Packages
2019-12-21 15:07 - 2019-03-05 09:53 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Battle.net
2019-12-20 00:06 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-12-18 12:03 - 2019-03-04 10:32 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-18 11:54 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-17 12:19 - 2019-08-08 12:59 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Zoom
2019-12-16 17:07 - 2019-03-03 20:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\VirtualStore
2019-12-15 16:51 - 2019-11-25 16:09 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Spotify
2019-12-15 15:00 - 2019-11-25 16:08 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Spotify
2019-12-14 13:15 - 2019-09-01 20:34 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-12-14 11:32 - 2019-03-03 20:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-14 11:32 - 2019-03-03 20:30 - 000000000 ___RD C:\Users\sousedovic\3D Objects
2019-12-14 11:31 - 2019-09-01 18:46 - 000359712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-14 11:30 - 2019-12-07 17:00 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22485.tmpd
2019-12-14 11:30 - 2019-12-07 11:54 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D2D000.tmpd
2019-12-14 11:30 - 2019-12-07 10:39 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22B5D.tmpd
2019-12-14 11:30 - 2019-12-06 15:11 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D28BB2.tmpd
2019-12-14 11:30 - 2019-12-05 17:48 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22CB7.tmpd
2019-12-14 11:30 - 2019-12-04 13:58 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D24DAA.tmpd
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-14 10:48 - 2019-03-04 10:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-14 10:43 - 2019-03-04 10:38 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2019-12-04 11:44 - 2019-12-04 11:44 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D219BF.tmp
2019-12-07 17:00 - 2019-12-07 17:00 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D22485.tmp
2019-12-07 10:39 - 2019-12-07 10:39 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D22B5D.tmp
2019-12-05 17:48 - 2019-12-05 17:48 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D22CB7.tmp
2019-11-07 17:45 - 2019-11-07 17:45 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D24CEF.tmp
2019-12-04 13:58 - 2019-12-04 13:58 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D24DAA.tmp
2019-12-12 14:45 - 2019-12-12 14:45 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D25853.tmp
2019-11-07 17:40 - 2019-11-07 17:40 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D25A77.tmp
2019-12-10 16:02 - 2019-12-10 16:02 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D26950.tmp
2019-12-04 10:47 - 2019-12-04 10:47 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D26D8D.tmp
2019-11-07 17:46 - 2019-11-07 17:46 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D26DA.tmp
2019-12-04 10:54 - 2019-12-04 10:54 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D27C02.tmp
2019-12-08 17:45 - 2019-12-08 17:45 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D27D61.tmp
2019-12-02 17:32 - 2019-12-02 17:32 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2883A.tmp
2019-12-06 15:11 - 2019-12-06 15:11 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D28BB2.tmp
2019-12-02 22:20 - 2019-12-02 22:20 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D295B3.tmp
2019-12-03 15:15 - 2019-12-03 15:15 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D29B56.tmp
2019-12-04 12:05 - 2019-12-04 12:05 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2A980.tmp
2019-11-07 17:35 - 2019-11-07 17:35 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2B88B.tmp
2019-12-02 17:32 - 2019-12-02 17:32 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2B97D.tmp
2019-11-07 18:21 - 2019-11-07 18:21 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2BA58.tmp
2019-12-02 17:48 - 2019-12-02 17:48 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2C733.tmp
2019-12-07 11:54 - 2019-12-07 11:54 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2D000.tmp
2019-11-07 17:32 - 2019-11-07 17:32 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2D6EF.tmp
2019-11-07 18:38 - 2019-11-07 18:38 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2D804.tmp
2019-11-07 17:38 - 2019-11-07 17:38 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2DD1D.tmp
2019-11-07 17:49 - 2019-11-07 17:49 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2E2DA.tmp
2019-12-04 11:34 - 2019-12-04 11:34 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2F346.tmp
2019-11-07 18:06 - 2019-11-07 18:06 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2FBC9.tmp
2019-05-13 12:28 - 2019-05-13 12:28 - 000007618 _____ () C:\Users\sousedovic\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
==================== End of FRST.txt ========================

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by sousedovic (07-01-2020 09:23:46)
Running from C:\Users\sousedovic\Desktop
Windows 10 Home Version 1909 18363.535 (X64) (2019-09-01 18:10:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-247431989-2805255649-28786118-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-247431989-2805255649-28786118-503 - Limited - Disabled)
Guest (S-1-5-21-247431989-2805255649-28786118-501 - Limited - Disabled)
sousedovic (S-1-5-21-247431989-2805255649-28786118-1001 - Administrator - Enabled) => C:\Users\sousedovic
WDAGUtilityAccount (S-1-5-21-247431989-2805255649-28786118-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation)
Adobe Acrobat  9 Pro - Czech, Hungarian, Polish, Slovak (HKLM-x32\...\{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1611.250 - Alps Electric)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
Control (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Control) (Version:  - HOODLUM)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Disco Elysium (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Disco Elysium) (Version:  - HOODLUM)
Dishonored Game Of The Year Edition version 1.0.0.0 (HKLM-x32\...\Dishonored Game Of The Year Edition_is1) (Version: 1.0.0.0 - Mr DJ)
EaseUS Partition Master 12.10 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Fallout 2 (HKLM-x32\...\2_is1) (Version: 2.1.0.17 - GOG.com)
Fallout 3 (HKLM-x32\...\1454315831_is1) (Version: 1.7.0.3 - GOG.com)
Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - )
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
GDR 2027 for SQL Server 2017 (KB4505224) (64-bit) (HKLM\...\KB4505224) (Version: 14.0.2027.2 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Installer (HKLM\...\{E9675998-9B12-4560-8E98-A6CCCDE0BE18}) (Version: 1.0.0 - Default Company Name)
Integration Services (HKLM-x32\...\{D2B37BBC-83A5-4C27-A804-4DC51AFA9E0D}) (Version: 15.0.1900.63 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Into the Breach (HKLM-x32\...\2004253604_is1) (Version: 1.0.17 - GOG.com)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Little Big Adventure 2 (HKLM-x32\...\Little Big Adventure 2_is1) (Version:  - GOG.com)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 2.3 (HKLM-x32\...\Microsoft Help Viewer 2.3) (Version: 2.3.28107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{3B280D1C-02F2-4965-8731-C1614E213D25}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{72AFAF21-33FB-45A5-9468-A9EC07427F82}) (Version: 17.4.1.1 - Microsoft Corporation)
Microsoft Office 2010 pro podnikatele (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{9AA0AFFA-EDB6-4B66-9FD7-BBC828D88B47}) (Version: 18.2.3.0 - Microsoft Corporation)
Microsoft PowerBI Desktop (x64) (HKLM-x32\...\{d01f3aeb-9f94-4334-9d92-fffb7d0c65c0}) (Version: 2.75.5649.961 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 LocalDB  (HKLM\...\{58180BC0-0DA3-4341-A41F-9A3CF7207EE1}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{05C0EF32-CDE2-4E38-92A1-D82CECECFB39}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 18.4 (HKLM-x32\...\{7871da56-98b6-4ef8-b4d4-b7c310e14146}) (Version: 15.0.18206.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}) (Version: 15.0.27520 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6.3 - Notepad++ Team)
Nox (HKLM-x32\...\GOGPACKNOX_is1) (Version: 2.0.0.20 - GOG.com)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenVPN 2.1.1 (HKLM-x32\...\OpenVPN) (Version: 2.1.1 - )
OpenXcom 1.0 (HKLM-x32\...\OpenXcom) (Version: 1.0.0.0 - OpenXcom Developers)
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 11.02 - )
Qualcomm Atheros 61x4 Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.780M - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version:  - Microsoft)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Spotify (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Spotify) (Version: 1.1.21.1654.g282a2807 - Spotify AB)
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools (HKLM\...\{A6A9EFA1-AFEB-4209-B25D-3CFF2E6FAE2C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools (HKLM\...\{BD1502B1-778B-44B6-B2B4-0B77BD0366A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{3E532AF4-B9B1-4DE0-9511-7ACEB14C8D6D}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{98D7AA09-44E1-4469-AB34-BFDC9A6890DD}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{3D53F8BD-E78B-41E1-A4B5-0AC3F1ED50EF}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{1B1BC009-AA81-48C1-AE01-321DAD884FBB}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{872C7FD8-1063-4CA8-8CE2-B34E206602FC}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II Legacy of the Void (HKLM\...\U3RhckNyYWZ0SUk=_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrongDC++ 2.41 (HKLM-x32\...\StrongDC++) (Version: 2.41 - Big Muscle)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Transistor (HKLM-x32\...\1429612159_is1) (Version: 2.1.0.2 - GOG.com)
Updated Unofficial Fallout 3 Patch v2.3.2 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 2.3.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.1.5 - Black Tree Gaming Ltd.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
X-COM - UFO Defense (HKLM-x32\...\1445250340_is1) (Version: 2.0.0.4 - GOG.com)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.3 - ZONER software)

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-20] (Dolby Laboratories)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-13] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-04] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2019-08-07] (Samsung Electronics Co. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files on Decko\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Add a new TAP virtual ethernet adapter.lnk -> D:\Program Files on Decko\OpenVPN\bin\addtap.bat ()
Shortcut: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> D:\Program Files on Decko\OpenVPN\bin\deltapall.bat ()
ShortcutWithArgument: C:\Users\sousedovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-12-21 11:50 - 2019-12-21 11:50 - 080168448 _____ () [File not signed] D:\Hry\StarCraft II\Support\BlizzardBrowser\libcef.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 096131072 _____ () [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\libcef.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000117760 _____ () [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\libEGL.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 004342784 _____ () [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\libGLESv2.dll
2008-08-08 05:50 - 2008-08-08 05:50 - 000334848 _____ (Adobe Systems Inc.) [File not signed] D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.cze
2019-09-01 18:52 - 2016-12-29 13:29 - 000860960 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-09-01 18:52 - 2016-12-29 13:29 - 000485528 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI64.dll
2019-09-01 18:52 - 2016-12-29 13:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll
2019-12-21 11:50 - 2019-12-21 11:50 - 000504832 _____ (The Chromium Authors) [File not signed] D:\Hry\StarCraft II\Support\BlizzardBrowser\chrome_elf.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000762368 _____ (The Chromium Authors) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\chrome_elf.dll
2019-12-21 11:40 - 2015-11-23 12:00 - 010893824 _____ (The ICU Project) [File not signed] D:\Hry\StarCraft II\Support64\icudt52.dll
2019-12-21 11:40 - 2015-11-23 12:00 - 001760768 _____ (The ICU Project) [File not signed] D:\Hry\StarCraft II\Support64\icuin52.dll
2019-12-21 11:40 - 2015-11-23 12:00 - 001327104 _____ (The ICU Project) [File not signed] D:\Hry\StarCraft II\Support64\icuuc52.dll
2019-12-21 11:47 - 2019-12-21 11:47 - 000047104 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\audio\qtaudio_windows.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000026112 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\imageformats\qgif.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000027136 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\imageformats\qico.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000243712 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\imageformats\qjpeg.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000223744 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\imageformats\qmng.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000020992 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\imageformats\qsvg.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000332288 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\imageformats\qtiff.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 001140224 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\platforms\qwindows.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000041984 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtQml\Models.2\modelsplugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtQuick.2\qtquick2plugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000084480 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000267776 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000071680 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000211456 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\qml\QtQuick\Window.2\windowplugin.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 004943360 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Core.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 005022208 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Gui.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000626176 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Multimedia.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000877056 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Network.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 002908672 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Qml.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 003078656 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Quick.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000096256 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5QuickControls2.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000681472 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5QuickTemplates2.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000259072 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Svg.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 004718080 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Widgets.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000439296 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5WinExtras.dll
2019-12-21 11:48 - 2019-12-21 11:48 - 000159232 _____ (The Qt Company Ltd.) [File not signed] D:\Program Files on Decko\Battle.net\Battle.net.11740\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServiceInstaller => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;D:\Program Files on Decko\Microsoft SQL Server (x86)\140\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\140\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\140\Tools\Binn\;D:\Program Files on Decko\Microsoft SQL Server (x86)\150\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;D:\Program Files on Decko\Microsoft SQL Server (x86)\140\Tools\Binn\
HKU\S-1-5-21-247431989-2805255649-28786118-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sousedovic\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\water.jpg
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CC412BF8-7096-45E1-AE7D-7BC3907A925D}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{E79C5258-021E-4D47-8221-A33B4C6A2677}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\Zoom.exe No File
FirewallRules: [UDP Query User{AEE4CB31-F0DD-4678-AC1A-D1FF71A5BF13}D:\program files on decko\vuze\azureus.exe] => (Allow) D:\program files on decko\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{F248ECE4-8C67-474D-BA6A-84C15C922D9B}D:\program files on decko\vuze\azureus.exe] => (Allow) D:\program files on decko\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{9D782CCC-C77A-4B33-9FE0-873FC4860DCE}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [TCP Query User{FE4216BA-9252-425A-8A16-7820C78995CC}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [{A7BA426C-3F3B-4BE6-8951-8812BB78F35A}] => (Block) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [{8563786C-B156-4FD4-AC4C-389E96387D16}] => (Block) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [UDP Query User{2A1BDD2C-6156-4B29-B873-EF66A4849F69}D:\program files on decko\strongdc++\strongdc.exe] => (Allow) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [TCP Query User{57D3E071-03F3-463C-82AB-9AD66D22300C}D:\program files on decko\strongdc++\strongdc.exe] => (Allow) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [{D226F6AF-1565-4982-BD08-0A18A9604DB5}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5A1C32F1-5C94-4A82-9050-35B5A81273AA}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A619259-250B-4B93-8FCF-48603CC3A50D}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{A15B8B20-83A3-4A92-BB3A-0F45150B2D39}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{DA390157-36E2-495F-9E9C-A4B2BF056D4C}] => (Allow) D:\Program Files on Decko\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{23A0E3F2-0BC7-49D5-83FD-9D2D8E04EDD6}] => (Allow) D:\Program Files on Decko\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B23C99F8-6F1D-41C3-836E-5380BBE6B72A}] => (Allow) D:\Program Files on Decko\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B6EB687D-4C58-4286-8217-6FFA7892C6A6}] => (Allow) D:\Program Files on Decko\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FB001767-9D6D-44D7-B30B-EC459B9E3A31}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF1007EF-DCC1-4266-A43A-0FEF36922422}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6152F47-E322-4390-A2B4-20D696F915CB}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70A55929-E779-4DE4-88BD-605452F847FA}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{8A8F04FE-88DE-417D-8B80-7E1EE3696523}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{79AB0461-E357-44BF-93B4-3C0C430F4F61}] => (Allow) D:\Program Files on Decko\Zoner Photo Studio 17\Program32\MediaServer.exe (ZONER software, a.s. -> ZONER software)
FirewallRules: [{FB078E3C-8A7F-4410-9830-4DBA8A63DC88}] => (Allow) D:\Program Files on Decko\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{C8E73FD8-CEB7-485C-8430-BEBD30D0DD16}] => (Allow) D:\Program Files on Decko\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{E32A0E68-AB6C-4423-ABA9-BFE213877646}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{32382B25-3BB4-41B1-88AC-127884C8563D}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{90074535-B5CE-42E7-9AE6-7C15C5029193}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{126B7B3A-DA4D-4CD2-BEDE-CA811AE82072}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{4C1F7A5B-DB10-407A-B228-1C4CCA462D32}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{ECBB8917-E35B-4153-BDF3-10713CC03473}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{BAC6E75B-DDD5-44CE-99A5-DBE280DB2ED2}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{F2C58327-416D-4090-A23F-6EA6C962C863}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{C9225A0A-245E-4193-8530-5E37D9AC3EC2}D:\hry\diablo iii\x64\diablo iii64.exe] => (Allow) D:\hry\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{86D18726-D6CD-483E-A8FB-DE2D61DDD69A}D:\hry\diablo iii\x64\diablo iii64.exe] => (Allow) D:\hry\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{98499F09-53C9-495A-9FC2-EC075D393975}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{3D890A2F-639B-494E-913E-C4F7278A3E2D}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{F5433371-487E-4047-862C-B5984B1E78B6}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [UDP Query User{29AD9B98-3CEB-4715-B81B-972D0200117E}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [{404E2E85-F2A7-4EB1-8CEA-0863F6DB35F6}] => (Allow) D:\Hry\Dishonored GOTY\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{0CED5BE0-2A8B-47E3-AEB1-9EC76A752ECC}] => (Allow) D:\Hry\Dishonored GOTY\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [TCP Query User{97B2BAAE-5949-4648-90A2-6AAB73C47E08}D:\hry\diablo ii\game.exe] => (Allow) D:\hry\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{EE87633A-ABD0-441A-AEE9-A47A0A8B4F21}D:\hry\diablo ii\game.exe] => (Allow) D:\hry\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{DE7E992C-9D54-499D-8067-EBE71EDF53EA}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0BE494E1-5539-4568-A694-83715601430B}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F5CA5F9E-5D98-44C3-B3B7-0A2C8C0D34DD}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{43B8C1E8-32B5-4BE8-B463-D7D34ADCF587}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9FA61215-EDBB-451A-BCD9-3877C3B760C6}C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6C867705-1A25-4A9D-84F8-F603AECE2DF2}C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6CE4DCEF-5F1A-40CE-8104-BA68AE47B9B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD361D9A-CDF5-436E-A6C6-284E3CF56C8F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76525913-0FB9-4B15-87C6-DD34F20DEAF7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{127A2CE5-9E31-40FC-A10E-51EF1C56411D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{606C2874-85A1-41FE-896C-10F07E460B3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D7D8575-00D5-47A5-A0F6-DE10B5877E3D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0CDCB53D-BC84-4B1C-8E86-0A6A761BA407}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A93E57F4-DC53-4A40-B787-13DA4E14ABAB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97B82355-D094-4506-BBBE-144151135A7D}] => (Allow) D:\Program Files on Decko\Power BI\bin\msmdsrv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C28A45A-2BBB-458E-B9A4-5EC821626F95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{01FD9B02-B76D-4C60-942B-5FE59B96568E}D:\hry\starcraft ii\versions\base77661\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base77661\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{FF487AE0-E9D3-476D-A4A0-EBD7F19196F7}D:\hry\starcraft ii\versions\base77661\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base77661\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{BAC5B582-E41A-43BC-B45A-8767C415A1B9}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [UDP Query User{DE65BF55-03A0-4418-AC0F-1C41EC2DD1C7}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [TCP Query User{ABBDC07D-1FD7-4AD8-969A-072015B4933F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [UDP Query User{9345499B-00C0-4760-A12F-9C4ADF06ACED}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [{BA450086-5A0A-47BC-BD4E-19790684DEAE}] => (Allow) D:\Program Files on Decko\Steam\steamapps\common\Quake Live\quakelive_steam.exe (id Software Inc.) [File not signed]
FirewallRules: [{860D8405-F2FD-458F-B775-D0D47EF3F3DE}] => (Allow) D:\Program Files on Decko\Steam\steamapps\common\Quake Live\quakelive_steam.exe (id Software Inc.) [File not signed]

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:100.14 GB) (Free:56.5 GB) (56%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/07/2020 09:13:05 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9176,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 10:13:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3704,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 09:55:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13084,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 09:18:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 06:48:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12852,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 06:26:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10132,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 03:03:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12716,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 02:51:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6504,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (01/06/2020 10:50:57 PM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} did not register with DCOM within the required timeout.

Error: (01/06/2020 06:25:08 PM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server {1FFE4FFD-25B1-40B1-A1EA-EF633353BB4E} did not register with DCOM within the required timeout.

Error: (01/04/2020 11:45:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (01/04/2020 11:45:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/18/2019 10:37:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSSQL$SQLEXPRESS service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (12/18/2019 10:37:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the MSSQL$SQLEXPRESS service to connect.

Error: (12/18/2019 10:35:09 AM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.18362.449_neutral_neutral_cw5n1h2txyewy!App.AppXx4zfy1ffv3wctgdz2vypnybzjkh27jhw.mca did not register with DCOM within the required timeout.

Error: (12/18/2019 10:35:09 AM) (Source: DCOM) (EventID: 10005) (User: SOUSEDOVIC1)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_34f5b with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell


Windows Defender:
===================================
Date: 2020-01-04 19:32:32.334
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {41DC6138-AB95-413B-8D29-5BAF7C18D98A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-26 16:41:26.026
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8E069509-B740-4792-A4E8-499F471BE9FA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-26 12:16:32.377
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {21693A42-179E-4FC2-ADA1-91D6D1132532}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-19 16:25:16.589
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {28598E74-7B51-4650-AD1F-96D718A5945F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-19 16:00:44.342
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F0C8478C-5747-4CD8-88C0-C95C7BBFCCDF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-17 11:41:11.549
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.557.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240022
Error description: The program can't check for definition updates. 

Date: 2019-12-14 10:37:33.413
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.356.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-11-27 14:45:55.852
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-11-27 14:45:55.851
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-11-27 14:45:55.850
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2020-01-07 09:26:32.938
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 09:26:32.928
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 09:24:43.927
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 09:24:43.887
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 09:24:38.893
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 09:24:38.843
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 09:23:28.602
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 09:23:28.595
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: LENOVO AFCN21WW(V1.08) 04/21/2015
Motherboard: LENOVO Lenovo U31-70
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 82%
Total physical RAM: 8105.84 MB
Available physical RAM: 1393.06 MB
Total Virtual: 10281.84 MB
Available Virtual: 2156.18 MB

==================== Drives ================================

Drive c: (Cecko) (Fixed) (Total:100.14 GB) (Free:56.5 GB) NTFS
Drive d: (Decko) (Fixed) (Total:830 GB) (Free:54.85 GB) NTFS
Drive z: (EFI_SYS_PAR) (Fixed) (Total:0.29 GB) (Free:0.27 GB) FAT32

\\?\Volume{7ab96f1f-2710-0000-f75e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.18 GB) NTFS
\\?\Volume{10dec59d-ea23-40a5-833f-3c8eb1023adb}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0F3A2E73)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

Zdravím!

Pokud je "vaše síť" míněno celá síť vašeho poskytovatele, nemusí to ještě být problém váš, nýbrž kteréhokoliv jiného účastníka. Zkusíme PC vyčistit. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Ronnie Basic]

Thumbs up. Nainstaloval jsem program a proscanoval. Neco se tam naslo, zda se:

Kód: Vybrat vše

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 07/01/2020
Scan Time: 11:04
Log File: 0838b24c-3135-11ea-8a2f-f0761cb7802b.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.785
Update Package Version: 1.0.17369
Licence: Free

-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: SOUSEDOVIC1\sousedovic

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 332368
Threats Detected: 4
Threats Quarantined: 0
Time Elapsed: 5 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\STARTUPCHECKLIBRARY, No Action By User, 476, 735770, , , , 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BAAFA28E-E8B6-48A4-A3EF-60876341F2E1}, No Action By User, 476, 735770, , , , 
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BAAFA28E-E8B6-48A4-A3EF-60876341F2E1}, No Action By User, 476, 735770, , , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\APPLICATION EXPERIENCE\STARTUPCHECKLIBRARY, No Action By User, 476, 735770, 1.0.17369, , ame, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

[Rudy]

Jj. Dejte nové logy FRST+Addition.

[Ronnie Basic]

Done, sir:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by sousedovic (administrator) on SOUSEDOVIC1 (LENOVO 80M5) (07-01-2020 16:16:19)
Running from C:\Users\sousedovic\Desktop
Loaded Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS (Available Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS)
Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) D:\Program Files on Decko\AVAST\wsc_proxy.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) D:\Program Files on Decko\Total Commander 9 x64\TOTALCMD64.EXE
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) D:\Program Files on Decko\Malwarebytes Antimalware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) D:\Program Files on Decko\Malwarebytes Antimalware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.7.71.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [699728 2015-08-05] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files on Decko\AVAST\AvLaunch.exe [268680 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => D:\Program Files on Decko\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters).
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC)
Startup: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2020-01-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> D:\Program Files on Decko\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17D59B4E-2685-44B8-8264-4F155D09FDA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {6391BEB3-43B8-487C-8D89-E1C3BC2546CC} - System32\Tasks\Avast Emergency Update => D:\Program Files on Decko\AVAST\AvEmUpdate.exe [3933576 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {D98F3373-76C8-43B9-9086-139295FDFB15} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {DC3FC9C4-971F-4FFE-9F51-2F8B80587B78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {E0AE94C8-C3DE-4EBA-A523-20D38FBF9CF7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cb5dcfa3-ad02-42b8-868d-007837c5d30c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fd3c6e85-ff39-4590-86ed-b2e60b2c8594}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files on Decko\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files on Decko\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files on Decko\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-247431989-2805255649-28786118-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-247431989-2805255649-28786118-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","file:///C:/Users/Public/KPMG/Chrome_homepage/Google_Startup.htm","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Notifications: Default -> hxxps://meet.google.com
CHR Profile: C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default [2020-01-07]
CHR DownloadDir: D:\Users\sousedovic\Downloads
CHR Extension: (Docs) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-04]
CHR Extension: (Google Drive) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-04]
CHR Extension: (YouTube) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-04]
CHR Extension: (Sheets) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-04]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [90432 2015-08-05] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R3 aswbIDSAgent; D:\Program Files on Decko\AVAST\aswidsagent.exe [6259592 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; D:\Program Files on Decko\AVAST\AvastSvc.exe [996880 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; D:\Program Files on Decko\AVAST\wsc_proxy.exe [57504 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2019-03-04] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; D:\Program Files on Decko\Malwarebytes Antimalware\MBAMService.exe [6960640 2020-01-07] (Malwarebytes Inc -> Malwarebytes)
S3 MSSQL$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [484944 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
S3 OpenVPNService; D:\Program Files on Decko\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
U2 ServiceInstaller; C:\WINDOWS\system32\ServiceInstaller.exe [5111808 2018-07-07] () [File not signed]
S4 SQLAgent$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [578640 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe [252704 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34368 2018-01-17] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30280 2018-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-12-31] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [20624 2019-12-31] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-12-31] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-07] (Malwarebytes Inc -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2377344 2018-11-13] (WDKTestCert gxia,130717419938108635 -> Qualcomm Atheros, Inc.)
S4 RsFx0501; C:\WINDOWS\System32\DRIVERS\RsFx0501.sys [261784 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419576 2015-11-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [31232 2009-12-12] (OpenVPN, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-07 16:16 - 2020-01-07 16:17 - 000022178 _____ C:\Users\sousedovic\Desktop\FRST.txt
2020-01-07 11:03 - 2020-01-07 11:03 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-07 11:03 - 2020-01-07 11:03 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-07 11:03 - 2020-01-07 11:03 - 000000987 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-07 11:03 - 2020-01-07 11:03 - 000000987 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\Users\sousedovic\AppData\Local\mbamtray
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\Users\sousedovic\AppData\Local\mbam
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\Users\sousedovic\AppData\Local\cache
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-07 11:02 - 2020-01-07 11:02 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-07 11:02 - 2020-01-07 11:02 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-07 11:02 - 2020-01-07 11:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-07 09:19 - 2020-01-07 16:16 - 000000000 ____D C:\FRST
2020-01-07 09:19 - 2020-01-07 09:18 - 002272256 _____ (Farbar) C:\Users\sousedovic\Desktop\FRST64.exe
2020-01-06 14:34 - 2020-01-06 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\AVAST Software
2020-01-06 14:33 - 2020-01-06 14:33 - 000000932 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-01-06 14:33 - 2020-01-06 14:33 - 000000932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-01-06 14:33 - 2020-01-06 14:33 - 000000932 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-01-06 14:31 - 2020-01-07 16:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-01-06 14:30 - 2020-01-06 14:30 - 000003978 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-06 14:29 - 2020-01-06 14:30 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-01-06 14:29 - 2020-01-06 14:30 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-01-06 14:29 - 2020-01-06 14:30 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-01-06 14:29 - 2020-01-06 14:29 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-01-06 14:29 - 2020-01-06 14:28 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-01-06 14:29 - 2020-01-06 14:28 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-01-06 14:26 - 2020-01-06 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-04 19:46 - 2020-01-04 19:38 - 000006018 _____ C:\qzconfig.bkp
2019-12-31 14:40 - 2019-12-31 14:40 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Logitech
2019-12-31 14:34 - 2019-12-31 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Logitech
2019-12-31 14:34 - 2019-12-31 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Logishrd
2019-12-31 14:22 - 2020-01-03 20:13 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\LGHUB
2019-12-31 14:20 - 2019-12-31 14:20 - 000066808 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2019-12-31 14:20 - 2019-12-31 14:20 - 000038136 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2019-12-31 14:20 - 2019-12-31 14:20 - 000020624 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2019-12-21 12:18 - 2019-12-21 12:18 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Blizzard Entertainment
2019-12-21 12:00 - 2019-12-22 15:15 - 000000495 _____ C:\Users\sousedovic\Desktop\StarCraft II.lnk
2019-12-21 11:21 - 2019-12-21 11:21 - 000000459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.lnk
2019-12-20 00:07 - 2019-06-15 11:09 - 000111184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr14.0.2027.2.dll
2019-12-20 00:07 - 2019-06-15 10:51 - 000259664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SQSRVRES.DLL
2019-12-20 00:07 - 2019-06-15 10:51 - 000128072 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr14.0.2027.2.dll
2019-12-18 11:38 - 2019-12-18 11:38 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2019-12-17 14:42 - 2018-07-07 14:21 - 005111808 _____ C:\WINDOWS\system32\ServiceInstaller.exe
2019-12-17 14:42 - 2018-07-01 12:15 - 000054272 _____ C:\WINDOWS\system32\ServiceInstaller.msi
2019-12-17 14:42 - 2018-05-07 10:33 - 000000392 _____ C:\WINDOWS\system32\StartupCheck.vbs
2019-12-17 14:42 - 2018-04-29 16:27 - 000024512 _____ C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2019-12-17 14:42 - 2018-01-29 00:09 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
2019-12-17 11:06 - 2019-12-17 11:06 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Steam
2019-12-17 11:06 - 2019-12-17 11:06 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Fallout4
2019-12-16 13:45 - 2019-12-16 13:45 - 000000000 ____D C:\Users\sousedovic\AppData\Local\FOMM
2019-12-16 13:43 - 2019-12-16 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
2019-12-15 17:50 - 2019-12-16 14:02 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Fallout3
2019-12-15 17:43 - 2019-12-15 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3 Unofficial Patch
2019-12-15 17:34 - 2019-12-16 16:04 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Vortex
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\ProgramData\Vortex
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Tree Gaming Ltd
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2019-12-15 17:09 - 2019-12-15 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3 [GOG.com]
2019-12-14 17:21 - 2019-12-14 17:21 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Power BI Desktop
2019-12-14 17:19 - 2019-12-14 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Power BI Desktop
2019-12-14 13:14 - 2019-06-15 11:08 - 000051792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL14.SQLEXPRESS-sqlagtctr.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000186440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hadrres.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000088144 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssres.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000060728 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL14.SQLEXPRESS-sqlagtctr.dll
2019-12-14 13:13 - 2019-12-14 13:13 - 000000000 ____D C:\WINDOWS\system32\RsFx
2019-12-14 12:30 - 2019-12-14 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server Tools 18
2019-12-14 12:28 - 2019-12-14 12:28 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2019-12-14 12:27 - 2019-12-14 12:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2019-12-14 12:22 - 2019-12-20 00:05 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2019-12-14 12:22 - 2019-12-20 00:05 - 000000000 ____D C:\WINDOWS\system32\1033
2019-12-14 12:21 - 2019-12-14 12:21 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2019-12-14 12:21 - 2019-12-14 12:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2019-12-14 12:20 - 2019-12-14 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2017
2019-12-14 12:20 - 2019-12-14 13:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-12-14 12:15 - 2019-12-14 12:15 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Microsoft_Corporation
2019-12-14 11:27 - 2019-12-14 11:27 - 000000000 ____D C:\ProgramData\VsTelemetry
2019-12-14 11:24 - 2019-12-20 00:02 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2019-12-14 10:36 - 2019-12-14 10:36 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-14 10:36 - 2019-12-14 10:36 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-14 10:36 - 2019-12-14 10:36 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-12 14:45 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D25853.tmpd
2019-12-12 14:45 - 2019-12-12 14:45 - 000000000 _____ C:\Users\sousedovic\AppData\Local\D25853.tmp
2019-12-10 16:02 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D26950.tmpd
2019-12-10 16:02 - 2019-12-10 16:02 - 000000000 _____ C:\Users\sousedovic\AppData\Local\D26950.tmp
2019-12-08 17:45 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D27D61.tmpd
2019-12-08 17:45 - 2019-12-08 17:45 - 000000000 _____ C:\Users\sousedovic\AppData\Local\D27D61.tmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-07 16:15 - 2019-12-03 15:14 - 000002584 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-01-07 16:15 - 2019-09-01 19:09 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-07 16:15 - 2019-09-01 19:09 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-07 16:15 - 2019-03-05 09:53 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Battle.net
2020-01-07 16:10 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-07 15:05 - 2019-09-01 18:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-07 11:02 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-06 18:19 - 2019-03-04 10:56 - 000000000 ____D C:\Users\sousedovic\Desktop\Gamesky
2020-01-05 10:44 - 2019-03-05 11:57 - 000000000 ____D C:\Users\sousedovic\AppData\Local\CrashDumps
2020-01-05 10:41 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-05 10:38 - 2019-09-01 19:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-05 10:38 - 2019-03-04 10:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-01-05 10:38 - 2019-03-04 10:21 - 000000000 __SHD C:\Users\sousedovic\IntelGraphicsProfiles
2020-01-05 10:38 - 2019-03-04 10:15 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-05 10:37 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-04 19:25 - 2019-03-05 11:05 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-12-31 14:36 - 2019-03-05 11:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-30 20:31 - 2019-03-04 10:58 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\vlc
2019-12-30 20:27 - 2019-03-04 10:59 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Azureus
2019-12-27 17:38 - 2019-09-01 20:19 - 000837548 _____ C:\WINDOWS\system32\perfh005.dat
2019-12-27 17:38 - 2019-09-01 20:19 - 000196704 _____ C:\WINDOWS\system32\perfc005.dat
2019-12-27 17:38 - 2019-09-01 19:05 - 002024426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-23 17:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-23 17:51 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-23 17:51 - 2019-03-03 20:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Packages
2019-12-21 15:07 - 2019-03-05 09:53 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Battle.net
2019-12-20 00:06 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-12-18 12:03 - 2019-03-04 10:32 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-18 11:54 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-17 12:19 - 2019-08-08 12:59 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Zoom
2019-12-16 17:07 - 2019-03-03 20:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\VirtualStore
2019-12-15 16:51 - 2019-11-25 16:09 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Spotify
2019-12-15 15:00 - 2019-11-25 16:08 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Spotify
2019-12-14 13:15 - 2019-09-01 20:34 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-12-14 11:32 - 2019-03-03 20:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-14 11:32 - 2019-03-03 20:30 - 000000000 ___RD C:\Users\sousedovic\3D Objects
2019-12-14 11:31 - 2019-09-01 18:46 - 000359712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-14 11:30 - 2019-12-07 17:00 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22485.tmpd
2019-12-14 11:30 - 2019-12-07 11:54 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D2D000.tmpd
2019-12-14 11:30 - 2019-12-07 10:39 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22B5D.tmpd
2019-12-14 11:30 - 2019-12-06 15:11 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D28BB2.tmpd
2019-12-14 11:30 - 2019-12-05 17:48 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22CB7.tmpd
2019-12-14 11:30 - 2019-12-04 13:58 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D24DAA.tmpd
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-14 10:48 - 2019-03-04 10:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-14 10:43 - 2019-03-04 10:38 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2019-12-04 11:44 - 2019-12-04 11:44 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D219BF.tmp
2019-12-07 17:00 - 2019-12-07 17:00 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D22485.tmp
2019-12-07 10:39 - 2019-12-07 10:39 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D22B5D.tmp
2019-12-05 17:48 - 2019-12-05 17:48 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D22CB7.tmp
2019-11-07 17:45 - 2019-11-07 17:45 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D24CEF.tmp
2019-12-04 13:58 - 2019-12-04 13:58 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D24DAA.tmp
2019-12-12 14:45 - 2019-12-12 14:45 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D25853.tmp
2019-11-07 17:40 - 2019-11-07 17:40 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D25A77.tmp
2019-12-10 16:02 - 2019-12-10 16:02 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D26950.tmp
2019-12-04 10:47 - 2019-12-04 10:47 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D26D8D.tmp
2019-11-07 17:46 - 2019-11-07 17:46 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D26DA.tmp
2019-12-04 10:54 - 2019-12-04 10:54 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D27C02.tmp
2019-12-08 17:45 - 2019-12-08 17:45 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D27D61.tmp
2019-12-02 17:32 - 2019-12-02 17:32 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2883A.tmp
2019-12-06 15:11 - 2019-12-06 15:11 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D28BB2.tmp
2019-12-02 22:20 - 2019-12-02 22:20 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D295B3.tmp
2019-12-03 15:15 - 2019-12-03 15:15 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D29B56.tmp
2019-12-04 12:05 - 2019-12-04 12:05 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2A980.tmp
2019-11-07 17:35 - 2019-11-07 17:35 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2B88B.tmp
2019-12-02 17:32 - 2019-12-02 17:32 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2B97D.tmp
2019-11-07 18:21 - 2019-11-07 18:21 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2BA58.tmp
2019-12-02 17:48 - 2019-12-02 17:48 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2C733.tmp
2019-12-07 11:54 - 2019-12-07 11:54 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2D000.tmp
2019-11-07 17:32 - 2019-11-07 17:32 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2D6EF.tmp
2019-11-07 18:38 - 2019-11-07 18:38 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2D804.tmp
2019-11-07 17:38 - 2019-11-07 17:38 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2DD1D.tmp
2019-11-07 17:49 - 2019-11-07 17:49 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2E2DA.tmp
2019-12-04 11:34 - 2019-12-04 11:34 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2F346.tmp
2019-11-07 18:06 - 2019-11-07 18:06 - 000000000 _____ () C:\Users\sousedovic\AppData\Local\D2FBC9.tmp
2019-05-13 12:28 - 2019-05-13 12:28 - 000007618 _____ () C:\Users\sousedovic\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
==================== End of FRST.txt ========================

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by sousedovic (07-01-2020 16:18:21)
Running from C:\Users\sousedovic\Desktop
Windows 10 Home Version 1909 18363.535 (X64) (2019-09-01 18:10:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-247431989-2805255649-28786118-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-247431989-2805255649-28786118-503 - Limited - Disabled)
Guest (S-1-5-21-247431989-2805255649-28786118-501 - Limited - Disabled)
sousedovic (S-1-5-21-247431989-2805255649-28786118-1001 - Administrator - Enabled) => C:\Users\sousedovic
WDAGUtilityAccount (S-1-5-21-247431989-2805255649-28786118-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation)
Adobe Acrobat  9 Pro - Czech, Hungarian, Polish, Slovak (HKLM-x32\...\{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1611.250 - Alps Electric)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
Control (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Control) (Version:  - HOODLUM)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Disco Elysium (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Disco Elysium) (Version:  - HOODLUM)
Dishonored Game Of The Year Edition version 1.0.0.0 (HKLM-x32\...\Dishonored Game Of The Year Edition_is1) (Version: 1.0.0.0 - Mr DJ)
EaseUS Partition Master 12.10 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Fallout 2 (HKLM-x32\...\2_is1) (Version: 2.1.0.17 - GOG.com)
Fallout 3 (HKLM-x32\...\1454315831_is1) (Version: 1.7.0.3 - GOG.com)
Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - )
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
GDR 2027 for SQL Server 2017 (KB4505224) (64-bit) (HKLM\...\KB4505224) (Version: 14.0.2027.2 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Installer (HKLM\...\{E9675998-9B12-4560-8E98-A6CCCDE0BE18}) (Version: 1.0.0 - Default Company Name)
Integration Services (HKLM-x32\...\{D2B37BBC-83A5-4C27-A804-4DC51AFA9E0D}) (Version: 15.0.1900.63 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Into the Breach (HKLM-x32\...\2004253604_is1) (Version: 1.0.17 - GOG.com)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Little Big Adventure 2 (HKLM-x32\...\Little Big Adventure 2_is1) (Version:  - GOG.com)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 2.3 (HKLM-x32\...\Microsoft Help Viewer 2.3) (Version: 2.3.28107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{3B280D1C-02F2-4965-8731-C1614E213D25}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{72AFAF21-33FB-45A5-9468-A9EC07427F82}) (Version: 17.4.1.1 - Microsoft Corporation)
Microsoft Office 2010 pro podnikatele (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{9AA0AFFA-EDB6-4B66-9FD7-BBC828D88B47}) (Version: 18.2.3.0 - Microsoft Corporation)
Microsoft PowerBI Desktop (x64) (HKLM-x32\...\{d01f3aeb-9f94-4334-9d92-fffb7d0c65c0}) (Version: 2.75.5649.961 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 LocalDB  (HKLM\...\{58180BC0-0DA3-4341-A41F-9A3CF7207EE1}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{05C0EF32-CDE2-4E38-92A1-D82CECECFB39}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 18.4 (HKLM-x32\...\{7871da56-98b6-4ef8-b4d4-b7c310e14146}) (Version: 15.0.18206.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}) (Version: 15.0.27520 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6.3 - Notepad++ Team)
Nox (HKLM-x32\...\GOGPACKNOX_is1) (Version: 2.0.0.20 - GOG.com)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenVPN 2.1.1 (HKLM-x32\...\OpenVPN) (Version: 2.1.1 - )
OpenXcom 1.0 (HKLM-x32\...\OpenXcom) (Version: 1.0.0.0 - OpenXcom Developers)
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 11.02 - )
Qualcomm Atheros 61x4 Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.780M - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version:  - Microsoft)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Spotify (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Spotify) (Version: 1.1.21.1654.g282a2807 - Spotify AB)
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools (HKLM\...\{A6A9EFA1-AFEB-4209-B25D-3CFF2E6FAE2C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools (HKLM\...\{BD1502B1-778B-44B6-B2B4-0B77BD0366A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{3E532AF4-B9B1-4DE0-9511-7ACEB14C8D6D}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{98D7AA09-44E1-4469-AB34-BFDC9A6890DD}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{3D53F8BD-E78B-41E1-A4B5-0AC3F1ED50EF}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{1B1BC009-AA81-48C1-AE01-321DAD884FBB}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{872C7FD8-1063-4CA8-8CE2-B34E206602FC}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II Legacy of the Void (HKLM\...\U3RhckNyYWZ0SUk=_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrongDC++ 2.41 (HKLM-x32\...\StrongDC++) (Version: 2.41 - Big Muscle)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Transistor (HKLM-x32\...\1429612159_is1) (Version: 2.1.0.2 - GOG.com)
Updated Unofficial Fallout 3 Patch v2.3.2 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 2.3.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.1.5 - Black Tree Gaming Ltd.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
X-COM - UFO Defense (HKLM-x32\...\1445250340_is1) (Version: 2.0.0.4 - GOG.com)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.3 - ZONER software)

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-20] (Dolby Laboratories)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-13] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-04] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2019-08-07] (Samsung Electronics Co. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files on Decko\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files on Decko\Malwarebytes Antimalware\mbshlext.dll [2020-01-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files on Decko\Malwarebytes Antimalware\mbshlext.dll [2020-01-07] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Add a new TAP virtual ethernet adapter.lnk -> D:\Program Files on Decko\OpenVPN\bin\addtap.bat ()
Shortcut: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> D:\Program Files on Decko\OpenVPN\bin\deltapall.bat ()
ShortcutWithArgument: C:\Users\sousedovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2008-08-08 05:50 - 2008-08-08 05:50 - 000334848 _____ (Adobe Systems Inc.) [File not signed] D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.cze
2019-09-01 18:52 - 2016-12-29 13:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServiceInstaller => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;D:\Program Files on Decko\Microsoft SQL Server (x86)\140\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\140\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\140\Tools\Binn\;D:\Program Files on Decko\Microsoft SQL Server (x86)\150\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;D:\Program Files on Decko\Microsoft SQL Server (x86)\140\Tools\Binn\
HKU\S-1-5-21-247431989-2805255649-28786118-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sousedovic\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\water.jpg
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CC412BF8-7096-45E1-AE7D-7BC3907A925D}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{E79C5258-021E-4D47-8221-A33B4C6A2677}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\Zoom.exe No File
FirewallRules: [UDP Query User{AEE4CB31-F0DD-4678-AC1A-D1FF71A5BF13}D:\program files on decko\vuze\azureus.exe] => (Allow) D:\program files on decko\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{F248ECE4-8C67-474D-BA6A-84C15C922D9B}D:\program files on decko\vuze\azureus.exe] => (Allow) D:\program files on decko\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{9D782CCC-C77A-4B33-9FE0-873FC4860DCE}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [TCP Query User{FE4216BA-9252-425A-8A16-7820C78995CC}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [{A7BA426C-3F3B-4BE6-8951-8812BB78F35A}] => (Block) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [{8563786C-B156-4FD4-AC4C-389E96387D16}] => (Block) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [UDP Query User{2A1BDD2C-6156-4B29-B873-EF66A4849F69}D:\program files on decko\strongdc++\strongdc.exe] => (Allow) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [TCP Query User{57D3E071-03F3-463C-82AB-9AD66D22300C}D:\program files on decko\strongdc++\strongdc.exe] => (Allow) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [{D226F6AF-1565-4982-BD08-0A18A9604DB5}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5A1C32F1-5C94-4A82-9050-35B5A81273AA}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A619259-250B-4B93-8FCF-48603CC3A50D}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{A15B8B20-83A3-4A92-BB3A-0F45150B2D39}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{DA390157-36E2-495F-9E9C-A4B2BF056D4C}] => (Allow) D:\Program Files on Decko\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{23A0E3F2-0BC7-49D5-83FD-9D2D8E04EDD6}] => (Allow) D:\Program Files on Decko\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B23C99F8-6F1D-41C3-836E-5380BBE6B72A}] => (Allow) D:\Program Files on Decko\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B6EB687D-4C58-4286-8217-6FFA7892C6A6}] => (Allow) D:\Program Files on Decko\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FB001767-9D6D-44D7-B30B-EC459B9E3A31}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF1007EF-DCC1-4266-A43A-0FEF36922422}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6152F47-E322-4390-A2B4-20D696F915CB}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70A55929-E779-4DE4-88BD-605452F847FA}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{8A8F04FE-88DE-417D-8B80-7E1EE3696523}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{79AB0461-E357-44BF-93B4-3C0C430F4F61}] => (Allow) D:\Program Files on Decko\Zoner Photo Studio 17\Program32\MediaServer.exe (ZONER software, a.s. -> ZONER software)
FirewallRules: [{FB078E3C-8A7F-4410-9830-4DBA8A63DC88}] => (Allow) D:\Program Files on Decko\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{C8E73FD8-CEB7-485C-8430-BEBD30D0DD16}] => (Allow) D:\Program Files on Decko\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{E32A0E68-AB6C-4423-ABA9-BFE213877646}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{32382B25-3BB4-41B1-88AC-127884C8563D}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{90074535-B5CE-42E7-9AE6-7C15C5029193}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{126B7B3A-DA4D-4CD2-BEDE-CA811AE82072}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{4C1F7A5B-DB10-407A-B228-1C4CCA462D32}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{ECBB8917-E35B-4153-BDF3-10713CC03473}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{BAC6E75B-DDD5-44CE-99A5-DBE280DB2ED2}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{F2C58327-416D-4090-A23F-6EA6C962C863}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{C9225A0A-245E-4193-8530-5E37D9AC3EC2}D:\hry\diablo iii\x64\diablo iii64.exe] => (Allow) D:\hry\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{86D18726-D6CD-483E-A8FB-DE2D61DDD69A}D:\hry\diablo iii\x64\diablo iii64.exe] => (Allow) D:\hry\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{98499F09-53C9-495A-9FC2-EC075D393975}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{3D890A2F-639B-494E-913E-C4F7278A3E2D}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{F5433371-487E-4047-862C-B5984B1E78B6}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [UDP Query User{29AD9B98-3CEB-4715-B81B-972D0200117E}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [{404E2E85-F2A7-4EB1-8CEA-0863F6DB35F6}] => (Allow) D:\Hry\Dishonored GOTY\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{0CED5BE0-2A8B-47E3-AEB1-9EC76A752ECC}] => (Allow) D:\Hry\Dishonored GOTY\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [TCP Query User{97B2BAAE-5949-4648-90A2-6AAB73C47E08}D:\hry\diablo ii\game.exe] => (Allow) D:\hry\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{EE87633A-ABD0-441A-AEE9-A47A0A8B4F21}D:\hry\diablo ii\game.exe] => (Allow) D:\hry\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{DE7E992C-9D54-499D-8067-EBE71EDF53EA}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0BE494E1-5539-4568-A694-83715601430B}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F5CA5F9E-5D98-44C3-B3B7-0A2C8C0D34DD}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{43B8C1E8-32B5-4BE8-B463-D7D34ADCF587}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9FA61215-EDBB-451A-BCD9-3877C3B760C6}C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6C867705-1A25-4A9D-84F8-F603AECE2DF2}C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6CE4DCEF-5F1A-40CE-8104-BA68AE47B9B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD361D9A-CDF5-436E-A6C6-284E3CF56C8F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76525913-0FB9-4B15-87C6-DD34F20DEAF7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{127A2CE5-9E31-40FC-A10E-51EF1C56411D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{606C2874-85A1-41FE-896C-10F07E460B3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D7D8575-00D5-47A5-A0F6-DE10B5877E3D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0CDCB53D-BC84-4B1C-8E86-0A6A761BA407}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A93E57F4-DC53-4A40-B787-13DA4E14ABAB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97B82355-D094-4506-BBBE-144151135A7D}] => (Allow) D:\Program Files on Decko\Power BI\bin\msmdsrv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C28A45A-2BBB-458E-B9A4-5EC821626F95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{01FD9B02-B76D-4C60-942B-5FE59B96568E}D:\hry\starcraft ii\versions\base77661\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base77661\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{FF487AE0-E9D3-476D-A4A0-EBD7F19196F7}D:\hry\starcraft ii\versions\base77661\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base77661\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{BAC5B582-E41A-43BC-B45A-8767C415A1B9}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [UDP Query User{DE65BF55-03A0-4418-AC0F-1C41EC2DD1C7}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [TCP Query User{ABBDC07D-1FD7-4AD8-969A-072015B4933F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [UDP Query User{9345499B-00C0-4760-A12F-9C4ADF06ACED}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [{BA450086-5A0A-47BC-BD4E-19790684DEAE}] => (Allow) D:\Program Files on Decko\Steam\steamapps\common\Quake Live\quakelive_steam.exe (id Software Inc.) [File not signed]
FirewallRules: [{860D8405-F2FD-458F-B775-D0D47EF3F3DE}] => (Allow) D:\Program Files on Decko\Steam\steamapps\common\Quake Live\quakelive_steam.exe (id Software Inc.) [File not signed]

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:100.14 GB) (Free:56.42 GB) (56%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/07/2020 03:23:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3684,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 03:16:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12432,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 12:08:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3156,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 11:34:33 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 09:13:05 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9176,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 10:13:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3704,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 09:55:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13084,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/06/2020 09:18:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (01/07/2020 04:17:32 PM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} did not register with DCOM within the required timeout.

Error: (01/07/2020 03:29:40 PM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} did not register with DCOM within the required timeout.

Error: (01/07/2020 09:33:10 AM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server {F53321FA-34F8-4B7F-B9A3-361877CB94CF} did not register with DCOM within the required timeout.

Error: (01/06/2020 10:50:57 PM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} did not register with DCOM within the required timeout.

Error: (01/06/2020 06:25:08 PM) (Source: DCOM) (EventID: 10010) (User: SOUSEDOVIC1)
Description: The server {1FFE4FFD-25B1-40B1-A1EA-EF633353BB4E} did not register with DCOM within the required timeout.

Error: (01/04/2020 11:45:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (01/04/2020 11:45:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/18/2019 10:37:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSSQL$SQLEXPRESS service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2020-01-04 19:32:32.334
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {41DC6138-AB95-413B-8D29-5BAF7C18D98A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-26 16:41:26.026
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8E069509-B740-4792-A4E8-499F471BE9FA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-26 12:16:32.377
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {21693A42-179E-4FC2-ADA1-91D6D1132532}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-19 16:25:16.589
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {28598E74-7B51-4650-AD1F-96D718A5945F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-19 16:00:44.342
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F0C8478C-5747-4CD8-88C0-C95C7BBFCCDF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-17 11:41:11.549
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.557.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240022
Error description: The program can't check for definition updates. 

Date: 2019-12-14 10:37:33.413
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.356.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-11-27 14:45:55.852
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-11-27 14:45:55.851
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-11-27 14:45:55.850
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2020-01-07 16:14:48.211
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 16:14:48.205
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 16:14:24.072
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 16:14:24.065
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 16:14:24.033
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 16:14:23.975
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 16:14:21.991
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 16:14:21.987
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: LENOVO AFCN21WW(V1.08) 04/21/2015
Motherboard: LENOVO Lenovo U31-70
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 43%
Total physical RAM: 8105.84 MB
Available physical RAM: 4542.92 MB
Total Virtual: 10281.84 MB
Available Virtual: 6445.66 MB

==================== Drives ================================

Drive c: (Cecko) (Fixed) (Total:100.14 GB) (Free:56.42 GB) NTFS
Drive d: (Decko) (Fixed) (Total:830 GB) (Free:54.64 GB) NTFS
Drive z: (EFI_SYS_PAR) (Fixed) (Total:0.29 GB) (Free:0.27 GB) FAT32

\\?\Volume{7ab96f1f-2710-0000-f75e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.18 GB) NTFS
\\?\Volume{10dec59d-ea23-40a5-833f-3c8eb1023adb}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0F3A2E73)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {17D59B4E-2685-44B8-8264-4F155D09FDA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {DC3FC9C4-971F-4FFE-9F51-2F8B80587B78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
C:\Users\sousedovic\AppData\Local\D25853.tmp
C:\Users\sousedovic\AppData\Local\D26950.tmp
C:\Users\sousedovic\AppData\Local\D27D61.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\sousedovic\AppData\Local\D219BF.tmp
C:\Users\sousedovic\AppData\Local\D22485.tmp
C:\Users\sousedovic\AppData\Local\D22B5D.tmp
C:\Users\sousedovic\AppData\Local\D22CB7.tmp
C:\Users\sousedovic\AppData\Local\D24CEF.tmp
C:\Users\sousedovic\AppData\Local\D24DAA.tmp
C:\Users\sousedovic\AppData\Local\D25853.tmp
C:\Users\sousedovic\AppData\Local\D25A77.tmp
C:\Users\sousedovic\AppData\Local\D26950.tmp
C:\Users\sousedovic\AppData\Local\D26D8D.tmp
C:\Users\sousedovic\AppData\Local\D26DA.tmp
C:\Users\sousedovic\AppData\Local\D27C02.tmp
C:\Users\sousedovic\AppData\Local\D27D61.tmp
c:\Users\sousedovic\AppData\Local\D2883A.tmp
C:\Users\sousedovic\AppData\Local\D28BB2.tmp
C:\Users\sousedovic\AppData\Local\D295B3.tmp
C:\Users\sousedovic\AppData\Local\D29B56.tmp
C:\Users\sousedovic\AppData\Local\D2A980.tmp
C:\Users\sousedovic\AppData\Local\D2B88B.tmp
C:\Users\sousedovic\AppData\Local\D2B97D.tmp
C:\Users\sousedovic\AppData\Local\D2BA58.tmp
C:\Users\sousedovic\AppData\Local\D2C733.tmp
C:\Users\sousedovic\AppData\Local\D2D000.tmp
C:\Users\sousedovic\AppData\Local\D2D6EF.tmp
C:\Users\sousedovic\AppData\Local\D2D804.tmp
C:\Users\sousedovic\AppData\Local\D2DD1D.tmp
C:\Users\sousedovic\AppData\Local\D2E2DA.tmp
C:\Users\sousedovic\AppData\Local\D2F346.tmp
C:\Users\sousedovic\AppData\Local\D2FBC9.tmp
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{CC412BF8-7096-45E1-AE7D-7BC3907A925D}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{E79C5258-021E-4D47-8221-A33B4C6A2677}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\Zoom.exe No File
FirewallRules: [{D226F6AF-1565-4982-BD08-0A18A9604DB5}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5A1C32F1-5C94-4A82-9050-35B5A81273AA}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A619259-250B-4B93-8FCF-48603CC3A50D}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{A15B8B20-83A3-4A92-BB3A-0F45150B2D39}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{70A55929-E779-4DE4-88BD-605452F847FA}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{8A8F04FE-88DE-417D-8B80-7E1EE3696523}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{E32A0E68-AB6C-4423-ABA9-BFE213877646}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{32382B25-3BB4-41B1-88AC-127884C8563D}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{90074535-B5CE-42E7-9AE6-7C15C5029193}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{126B7B3A-DA4D-4CD2-BEDE-CA811AE82072}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{4C1F7A5B-DB10-407A-B228-1C4CCA462D32}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{ECBB8917-E35B-4153-BDF3-10713CC03473}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{BAC6E75B-DDD5-44CE-99A5-DBE280DB2ED2}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{F2C58327-416D-4090-A23F-6EA6C962C863}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{98499F09-53C9-495A-9FC2-EC075D393975}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{3D890A2F-639B-494E-913E-C4F7278A3E2D}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{F5433371-487E-4047-862C-B5984B1E78B6}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [UDP Query User{29AD9B98-3CEB-4715-B81B-972D0200117E}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [TCP Query User{BAC5B582-E41A-43BC-B45A-8767C415A1B9}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [UDP Query User{DE65BF55-03A0-4418-AC0F-1C41EC2DD1C7}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [TCP Query User{ABBDC07D-1FD7-4AD8-969A-072015B4933F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [UDP Query User{9345499B-00C0-4760-A12F-9C4ADF06ACED}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Ronnie Basic]

Done. Here you go - after scan and fix:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by sousedovic (administrator) on SOUSEDOVIC1 (LENOVO 80M5) (08-01-2020 18:39:21)
Running from C:\Users\sousedovic\Desktop
Loaded Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS (Available Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS)
Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) D:\Program Files on Decko\Malwarebytes Antimalware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) D:\Program Files on Decko\Malwarebytes Antimalware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.7.71.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [699728 2015-08-05] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => "D:\Program Files on Decko\AVAST\AvLaunch.exe" /gui
HKLM\...\Run: [winlogui] => C:\WINDOWS\system32\winlogui.exe [2072064 2020-01-07] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => D:\Program Files on Decko\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters).
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC)
Startup: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2020-01-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> D:\Program Files on Decko\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6391BEB3-43B8-487C-8D89-E1C3BC2546CC} - System32\Tasks\Avast Emergency Update => D:\Program Files on Decko\AVAST\AvEmUpdate.exe
Task: {D98F3373-76C8-43B9-9086-139295FDFB15} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
Task: {E0AE94C8-C3DE-4EBA-A523-20D38FBF9CF7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cb5dcfa3-ad02-42b8-868d-007837c5d30c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fd3c6e85-ff39-4590-86ed-b2e60b2c8594}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files on Decko\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files on Decko\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files on Decko\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-247431989-2805255649-28786118-1001: SkypeForBusinessPlugin-15.8 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-247431989-2805255649-28786118-1001: SkypeForBusinessPlugin64-15.8 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","file:///C:/Users/Public/KPMG/Chrome_homepage/Google_Startup.htm","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Notifications: Default -> hxxps://meet.google.com
CHR Profile: C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default [2020-01-07]
CHR DownloadDir: D:\Users\sousedovic\Downloads
CHR Extension: (Docs) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-04]
CHR Extension: (Google Drive) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-04]
CHR Extension: (YouTube) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-04]
CHR Extension: (Sheets) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-04]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-11]
CHR Extension: (Chrome Media Router) - C:\Users\sousedovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [90432 2015-08-05] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2019-03-04] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2017-04-23] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; D:\Program Files on Decko\Malwarebytes Antimalware\MBAMService.exe [6960640 2020-01-07] (Malwarebytes Inc -> Malwarebytes)
S3 MSSQL$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [484944 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
S3 OpenVPNService; D:\Program Files on Decko\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S4 SQLAgent$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [578640 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$SQLEXPRESS; D:\Program Files on Decko\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\Binn\sqlceip.exe [252704 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 aswbIDSAgent; "D:\Program Files on Decko\AVAST\aswidsagent.exe" [X]
S2 avast! Antivirus; "D:\Program Files on Decko\AVAST\AvastSvc.exe" [X]
S2 AvastWscReporter; "D:\Program Files on Decko\AVAST\wsc_proxy.exe" /runassvc /rpcserver [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34368 2018-01-17] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30280 2018-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2019-12-31] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [20624 2019-12-31] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2019-12-31] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-08] (Malwarebytes Inc -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2377344 2018-11-13] (WDKTestCert gxia,130717419938108635 -> Qualcomm Atheros, Inc.)
S4 RsFx0501; C:\WINDOWS\System32\DRIVERS\RsFx0501.sys [261784 2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek Semiconductor Corp -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419576 2015-11-24] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [31232 2009-12-12] (OpenVPN, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-08 18:39 - 2020-01-08 18:41 - 000019792 _____ C:\Users\sousedovic\Desktop\FRST.txt
2020-01-08 18:39 - 2020-01-08 18:39 - 000000000 ____D C:\Users\sousedovic\Desktop\FRST-OlderVersion
2020-01-08 18:35 - 2020-01-08 18:35 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-08 18:35 - 2020-01-08 18:35 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-08 18:35 - 2020-01-08 18:35 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-01-07 22:20 - 2020-01-07 22:20 - 002615296 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartupCheckLibrary.dll
2020-01-07 22:20 - 2020-01-07 22:20 - 002072064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogui.exe
2020-01-07 22:08 - 2020-01-07 22:12 - 000020164 _____ C:\Users\sousedovic\Desktop\Fixlog.txt
2020-01-07 11:03 - 2020-01-07 11:03 - 000000987 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-07 11:03 - 2020-01-07 11:03 - 000000987 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\Users\sousedovic\AppData\Local\mbamtray
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\Users\sousedovic\AppData\Local\mbam
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\Users\sousedovic\AppData\Local\cache
2020-01-07 11:03 - 2020-01-07 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-07 11:02 - 2020-01-07 11:02 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-07 11:02 - 2020-01-07 11:02 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-07 11:02 - 2020-01-07 11:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-07 09:19 - 2020-01-08 18:40 - 000000000 ____D C:\FRST
2020-01-07 09:19 - 2020-01-08 18:39 - 002573312 _____ (Farbar) C:\Users\sousedovic\Desktop\FRST64.exe
2020-01-06 14:34 - 2020-01-06 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\AVAST Software
2020-01-06 14:33 - 2020-01-06 14:33 - 000000932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-01-06 14:31 - 2020-01-07 17:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-01-06 14:30 - 2020-01-07 22:10 - 000004252 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-06 14:29 - 2020-01-06 14:30 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-01-06 14:29 - 2020-01-06 14:30 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-01-06 14:29 - 2020-01-06 14:30 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-01-06 14:29 - 2020-01-06 14:29 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-01-06 14:29 - 2020-01-06 14:28 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-01-06 14:29 - 2020-01-06 14:28 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-01-06 14:29 - 2020-01-06 14:28 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-01-06 14:26 - 2020-01-06 14:29 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-04 19:46 - 2020-01-04 19:38 - 000006018 _____ C:\qzconfig.bkp
2019-12-31 14:40 - 2019-12-31 14:40 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Logitech
2019-12-31 14:34 - 2019-12-31 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Logitech
2019-12-31 14:34 - 2019-12-31 14:34 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Logishrd
2019-12-31 14:22 - 2020-01-03 20:13 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\LGHUB
2019-12-31 14:20 - 2019-12-31 14:20 - 000066808 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2019-12-31 14:20 - 2019-12-31 14:20 - 000038136 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2019-12-31 14:20 - 2019-12-31 14:20 - 000020624 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2019-12-21 12:18 - 2019-12-21 12:18 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Blizzard Entertainment
2019-12-21 12:00 - 2019-12-22 15:15 - 000000495 _____ C:\Users\sousedovic\Desktop\StarCraft II.lnk
2019-12-21 11:21 - 2019-12-21 11:21 - 000000459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.lnk
2019-12-20 00:07 - 2019-06-15 11:09 - 000111184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr14.0.2027.2.dll
2019-12-20 00:07 - 2019-06-15 10:51 - 000259664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SQSRVRES.DLL
2019-12-20 00:07 - 2019-06-15 10:51 - 000128072 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr14.0.2027.2.dll
2019-12-18 11:38 - 2019-12-18 11:38 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2019-12-17 14:42 - 2018-05-07 10:33 - 000000392 _____ C:\WINDOWS\system32\StartupCheck.vbs
2019-12-17 14:42 - 2018-04-29 16:27 - 000024512 _____ C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2019-12-17 14:42 - 2018-01-29 00:09 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
2019-12-17 11:06 - 2019-12-17 11:06 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Steam
2019-12-17 11:06 - 2019-12-17 11:06 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Fallout4
2019-12-16 13:45 - 2019-12-16 13:45 - 000000000 ____D C:\Users\sousedovic\AppData\Local\FOMM
2019-12-16 13:43 - 2019-12-16 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
2019-12-15 17:50 - 2019-12-16 14:02 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Fallout3
2019-12-15 17:43 - 2019-12-15 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3 Unofficial Patch
2019-12-15 17:34 - 2019-12-16 16:04 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Vortex
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\ProgramData\Vortex
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Tree Gaming Ltd
2019-12-15 17:34 - 2019-12-15 17:34 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2019-12-15 17:09 - 2019-12-15 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3 [GOG.com]
2019-12-14 17:21 - 2019-12-14 17:21 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Power BI Desktop
2019-12-14 17:19 - 2019-12-14 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Power BI Desktop
2019-12-14 13:14 - 2019-06-15 11:08 - 000051792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL14.SQLEXPRESS-sqlagtctr.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000186440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hadrres.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000088144 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssres.dll
2019-12-14 13:14 - 2019-06-15 10:50 - 000060728 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL14.SQLEXPRESS-sqlagtctr.dll
2019-12-14 13:13 - 2019-12-14 13:13 - 000000000 ____D C:\WINDOWS\system32\RsFx
2019-12-14 12:30 - 2019-12-14 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server Tools 18
2019-12-14 12:28 - 2019-12-14 12:28 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2019-12-14 12:27 - 2019-12-14 12:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2019-12-14 12:22 - 2019-12-20 00:05 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2019-12-14 12:22 - 2019-12-20 00:05 - 000000000 ____D C:\WINDOWS\system32\1033
2019-12-14 12:21 - 2019-12-14 12:21 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2019-12-14 12:21 - 2019-12-14 12:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2019-12-14 12:20 - 2019-12-14 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2017
2019-12-14 12:20 - 2019-12-14 13:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-12-14 12:15 - 2019-12-14 12:15 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Microsoft_Corporation
2019-12-14 11:27 - 2019-12-14 11:27 - 000000000 ____D C:\ProgramData\VsTelemetry
2019-12-14 11:24 - 2019-12-20 00:02 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2019-12-14 10:36 - 2019-12-14 10:36 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-14 10:36 - 2019-12-14 10:36 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-14 10:36 - 2019-12-14 10:36 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-14 10:36 - 2019-12-14 10:36 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-14 10:36 - 2019-12-14 10:36 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-14 10:36 - 2019-12-14 10:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-12-12 14:45 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D25853.tmpd
2019-12-10 16:02 - 2019-12-14 11:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D26950.tmpd

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-08 18:35 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-08 18:35 - 2019-03-04 10:21 - 000000000 __SHD C:\Users\sousedovic\IntelGraphicsProfiles
2020-01-08 18:35 - 2019-03-04 10:15 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-08 18:34 - 2019-09-01 19:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-07 22:22 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-07 22:20 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-01-07 22:06 - 2019-09-01 18:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-07 18:05 - 2019-03-05 09:53 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Battle.net
2020-01-07 18:02 - 2019-12-03 15:14 - 000002584 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-01-07 11:02 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-06 18:19 - 2019-03-04 10:56 - 000000000 ____D C:\Users\sousedovic\Desktop\Gamesky
2020-01-05 10:44 - 2019-03-05 11:57 - 000000000 ____D C:\Users\sousedovic\AppData\Local\CrashDumps
2020-01-05 10:41 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-04 19:25 - 2019-03-05 11:05 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-12-31 14:36 - 2019-03-05 11:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-12-30 20:31 - 2019-03-04 10:58 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\vlc
2019-12-30 20:27 - 2019-03-04 10:59 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Azureus
2019-12-27 17:38 - 2019-09-01 20:19 - 000837548 _____ C:\WINDOWS\system32\perfh005.dat
2019-12-27 17:38 - 2019-09-01 20:19 - 000196704 _____ C:\WINDOWS\system32\perfc005.dat
2019-12-27 17:38 - 2019-09-01 19:05 - 002024426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-23 17:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-23 17:51 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-23 17:51 - 2019-03-03 20:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Packages
2019-12-21 15:07 - 2019-03-05 09:53 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Battle.net
2019-12-20 00:06 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-12-18 12:03 - 2019-03-04 10:32 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-18 11:54 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-17 12:19 - 2019-08-08 12:59 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Zoom
2019-12-16 17:07 - 2019-03-03 20:30 - 000000000 ____D C:\Users\sousedovic\AppData\Local\VirtualStore
2019-12-15 16:51 - 2019-11-25 16:09 - 000000000 ____D C:\Users\sousedovic\AppData\Local\Spotify
2019-12-15 15:00 - 2019-11-25 16:08 - 000000000 ____D C:\Users\sousedovic\AppData\Roaming\Spotify
2019-12-14 13:15 - 2019-09-01 20:34 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-12-14 11:32 - 2019-03-03 20:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-14 11:32 - 2019-03-03 20:30 - 000000000 ___RD C:\Users\sousedovic\3D Objects
2019-12-14 11:31 - 2019-09-01 18:46 - 000359712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-14 11:30 - 2019-12-08 17:45 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D27D61.tmpd
2019-12-14 11:30 - 2019-12-07 17:00 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22485.tmpd
2019-12-14 11:30 - 2019-12-07 11:54 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D2D000.tmpd
2019-12-14 11:30 - 2019-12-07 10:39 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22B5D.tmpd
2019-12-14 11:30 - 2019-12-06 15:11 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D28BB2.tmpd
2019-12-14 11:30 - 2019-12-05 17:48 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D22CB7.tmpd
2019-12-14 11:30 - 2019-12-04 13:58 - 000000000 ____D C:\Users\sousedovic\AppData\Local\D24DAA.tmpd
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-14 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-14 10:48 - 2019-03-04 10:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-14 10:43 - 2019-03-04 10:38 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2019-05-13 12:28 - 2019-05-13 12:28 - 000007618 _____ () C:\Users\sousedovic\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by sousedovic (08-01-2020 18:42:07)
Running from C:\Users\sousedovic\Desktop
Windows 10 Home Version 1909 18363.535 (X64) (2019-09-01 18:10:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-247431989-2805255649-28786118-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-247431989-2805255649-28786118-503 - Limited - Disabled)
Guest (S-1-5-21-247431989-2805255649-28786118-501 - Limited - Disabled)
sousedovic (S-1-5-21-247431989-2805255649-28786118-1001 - Administrator - Enabled) => C:\Users\sousedovic
WDAGUtilityAccount (S-1-5-21-247431989-2805255649-28786118-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation)
Adobe Acrobat  9 Pro - Czech, Hungarian, Polish, Slovak (HKLM-x32\...\{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1611.250 - Alps Electric)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Browser for SQL Server 2017 (HKLM-x32\...\{CF8EEB96-E7E7-4EF7-A0A1-559F09953156}) (Version: 14.0.1000.169 - Microsoft Corporation)
Control (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Control) (Version:  - HOODLUM)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Disco Elysium (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Disco Elysium) (Version:  - HOODLUM)
Dishonored Game Of The Year Edition version 1.0.0.0 (HKLM-x32\...\Dishonored Game Of The Year Edition_is1) (Version: 1.0.0.0 - Mr DJ)
EaseUS Partition Master 12.10 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Fallout 2 (HKLM-x32\...\2_is1) (Version: 2.1.0.17 - GOG.com)
Fallout 3 (HKLM-x32\...\1454315831_is1) (Version: 1.7.0.3 - GOG.com)
Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - )
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
GDR 2027 for SQL Server 2017 (KB4505224) (64-bit) (HKLM\...\KB4505224) (Version: 14.0.2027.2 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Installer (HKLM\...\{E9675998-9B12-4560-8E98-A6CCCDE0BE18}) (Version: 1.0.0 - Default Company Name)
Integration Services (HKLM-x32\...\{D2B37BBC-83A5-4C27-A804-4DC51AFA9E0D}) (Version: 15.0.1900.63 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Into the Breach (HKLM-x32\...\2004253604_is1) (Version: 1.0.17 - GOG.com)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Little Big Adventure 2 (HKLM-x32\...\Little Big Adventure 2_is1) (Version:  - GOG.com)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 2.3 (HKLM-x32\...\Microsoft Help Viewer 2.3) (Version: 2.3.28107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{3B280D1C-02F2-4965-8731-C1614E213D25}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{72AFAF21-33FB-45A5-9468-A9EC07427F82}) (Version: 17.4.1.1 - Microsoft Corporation)
Microsoft Office 2010 pro podnikatele (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{9AA0AFFA-EDB6-4B66-9FD7-BBC828D88B47}) (Version: 18.2.3.0 - Microsoft Corporation)
Microsoft PowerBI Desktop (x64) (HKLM-x32\...\{d01f3aeb-9f94-4334-9d92-fffb7d0c65c0}) (Version: 2.75.5649.961 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2017 (64-bit) (HKLM\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 LocalDB  (HKLM\...\{58180BC0-0DA3-4341-A41F-9A3CF7207EE1}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft SQL Server 2017 Setup (English) (HKLM\...\{05C0EF32-CDE2-4E38-92A1-D82CECECFB39}) (Version: 14.0.2027.2 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{C8A51693-98B9-4AB1-91B8-9A1B86729D5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 18.4 (HKLM-x32\...\{7871da56-98b6-4ef8-b4d4-b7c310e14146}) (Version: 15.0.18206.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}) (Version: 15.0.27520 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2017 (HKLM\...\{20B328C9-C6BB-434A-928A-00F05CD820B8}) (Version: 14.0.1000.169 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6.3 - Notepad++ Team)
Nox (HKLM-x32\...\GOGPACKNOX_is1) (Version: 2.0.0.20 - GOG.com)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenVPN 2.1.1 (HKLM-x32\...\OpenVPN) (Version: 2.1.1 - )
OpenXcom 1.0 (HKLM-x32\...\OpenXcom) (Version: 1.0.0.0 - OpenXcom Developers)
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 11.02 - )
Qualcomm Atheros 61x4 Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.780M - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version:  - Microsoft)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
Spotify (HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\Spotify) (Version: 1.1.21.1654.g282a2807 - Spotify AB)
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools (HKLM\...\{A6A9EFA1-AFEB-4209-B25D-3CFF2E6FAE2C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools (HKLM\...\{BD1502B1-778B-44B6-B2B4-0B77BD0366A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{9D1C0509-D490-4E9E-ACF5-A73E5C53742D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM\...\{B777C4C0-A1CD-4AB9-99B1-AD5FBED6F8E5}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{28EEF6BA-A23A-42D2-86BA-A6BEE723B969}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Services (HKLM\...\{DED314CA-0EFE-4593-9D66-EF75E5289A4C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{0E22DBB4-691B-400C-B52D-8DFE8EC421AA}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Database Engine Shared (HKLM\...\{793F1C1E-5C83-4E33-A29B-6EAA7C1E791C}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{12D2DB8D-80FF-4152-8F51-EDB3BD3C6976}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 XEvent (HKLM\...\{AA2A015C-C210-413B-95F6-BF9D3CDD6E0D}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{3E532AF4-B9B1-4DE0-9511-7ACEB14C8D6D}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{98D7AA09-44E1-4469-AB34-BFDC9A6890DD}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{3D53F8BD-E78B-41E1-A4B5-0AC3F1ED50EF}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{1B1BC009-AA81-48C1-AE01-321DAD884FBB}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{872C7FD8-1063-4CA8-8CE2-B34E206602FC}) (Version: 15.0.18206.0 - Microsoft Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II Legacy of the Void (HKLM\...\U3RhckNyYWZ0SUk=_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrongDC++ 2.41 (HKLM-x32\...\StrongDC++) (Version: 2.41 - Big Muscle)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Transistor (HKLM-x32\...\1429612159_is1) (Version: 2.1.0.2 - GOG.com)
Updated Unofficial Fallout 3 Patch v2.3.2 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 2.3.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.1.5 - Black Tree Gaming Ltd.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
X-COM - UFO Defense (HKLM-x32\...\1445250340_is1) (Version: 2.0.0.4 - GOG.com)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.3 - ZONER software)

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-20] (Dolby Laboratories)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-13] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-04] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2019-08-07] (Samsung Electronics Co. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files on Decko\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\x86\ashShell.dll -> No File
ContextMenuHandlers3-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\x86\ashShell.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files on Decko\Malwarebytes Antimalware\mbshlext.dll [2020-01-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => D:\Program Files on Decko\Adobe Acrobat 9\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\x86\ashShell.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Program Files on Decko\Malwarebytes Antimalware\mbshlext.dll [2020-01-07] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Add a new TAP virtual ethernet adapter.lnk -> D:\Program Files on Decko\OpenVPN\bin\addtap.bat ()
Shortcut: C:\Users\sousedovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> D:\Program Files on Decko\OpenVPN\bin\deltapall.bat ()
ShortcutWithArgument: C:\Users\sousedovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-09-01 18:52 - 2016-12-29 13:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;D:\Program Files on Decko\Microsoft SQL Server (x86)\140\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\140\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\140\Tools\Binn\;D:\Program Files on Decko\Microsoft SQL Server (x86)\150\DTS\Binn\;D:\Program Files on Decko\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;D:\Program Files on Decko\Microsoft SQL Server (x86)\140\Tools\Binn\
HKU\S-1-5-21-247431989-2805255649-28786118-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sousedovic\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\water.jpg
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-247431989-2805255649-28786118-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{AEE4CB31-F0DD-4678-AC1A-D1FF71A5BF13}D:\program files on decko\vuze\azureus.exe] => (Allow) D:\program files on decko\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{F248ECE4-8C67-474D-BA6A-84C15C922D9B}D:\program files on decko\vuze\azureus.exe] => (Allow) D:\program files on decko\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{9D782CCC-C77A-4B33-9FE0-873FC4860DCE}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [TCP Query User{FE4216BA-9252-425A-8A16-7820C78995CC}D:\hry\into the breach\breach.exe] => (Allow) D:\hry\into the breach\breach.exe () [File not signed]
FirewallRules: [{A7BA426C-3F3B-4BE6-8951-8812BB78F35A}] => (Block) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [{8563786C-B156-4FD4-AC4C-389E96387D16}] => (Block) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [UDP Query User{2A1BDD2C-6156-4B29-B873-EF66A4849F69}D:\program files on decko\strongdc++\strongdc.exe] => (Allow) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [TCP Query User{57D3E071-03F3-463C-82AB-9AD66D22300C}D:\program files on decko\strongdc++\strongdc.exe] => (Allow) D:\program files on decko\strongdc++\strongdc.exe () [File not signed]
FirewallRules: [{DA390157-36E2-495F-9E9C-A4B2BF056D4C}] => (Allow) D:\Program Files on Decko\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{23A0E3F2-0BC7-49D5-83FD-9D2D8E04EDD6}] => (Allow) D:\Program Files on Decko\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B23C99F8-6F1D-41C3-836E-5380BBE6B72A}] => (Allow) D:\Program Files on Decko\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B6EB687D-4C58-4286-8217-6FFA7892C6A6}] => (Allow) D:\Program Files on Decko\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FB001767-9D6D-44D7-B30B-EC459B9E3A31}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF1007EF-DCC1-4266-A43A-0FEF36922422}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6152F47-E322-4390-A2B4-20D696F915CB}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79AB0461-E357-44BF-93B4-3C0C430F4F61}] => (Allow) D:\Program Files on Decko\Zoner Photo Studio 17\Program32\MediaServer.exe (ZONER software, a.s. -> ZONER software)
FirewallRules: [{FB078E3C-8A7F-4410-9830-4DBA8A63DC88}] => (Allow) D:\Program Files on Decko\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{C8E73FD8-CEB7-485C-8430-BEBD30D0DD16}] => (Allow) D:\Program Files on Decko\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C9225A0A-245E-4193-8530-5E37D9AC3EC2}D:\hry\diablo iii\x64\diablo iii64.exe] => (Allow) D:\hry\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{86D18726-D6CD-483E-A8FB-DE2D61DDD69A}D:\hry\diablo iii\x64\diablo iii64.exe] => (Allow) D:\hry\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{404E2E85-F2A7-4EB1-8CEA-0863F6DB35F6}] => (Allow) D:\Hry\Dishonored GOTY\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{0CED5BE0-2A8B-47E3-AEB1-9EC76A752ECC}] => (Allow) D:\Hry\Dishonored GOTY\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [TCP Query User{97B2BAAE-5949-4648-90A2-6AAB73C47E08}D:\hry\diablo ii\game.exe] => (Allow) D:\hry\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{EE87633A-ABD0-441A-AEE9-A47A0A8B4F21}D:\hry\diablo ii\game.exe] => (Allow) D:\hry\diablo ii\game.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{DE7E992C-9D54-499D-8067-EBE71EDF53EA}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0BE494E1-5539-4568-A694-83715601430B}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F5CA5F9E-5D98-44C3-B3B7-0A2C8C0D34DD}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{43B8C1E8-32B5-4BE8-B463-D7D34ADCF587}C:\users\sousedovic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sousedovic\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{9FA61215-EDBB-451A-BCD9-3877C3B760C6}C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6C867705-1A25-4A9D-84F8-F603AECE2DF2}C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe] => (Allow) C:\users\sousedovic\appdata\local\microsoft\skypeforbusinessplugin\15.8.20020.400\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6CE4DCEF-5F1A-40CE-8104-BA68AE47B9B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD361D9A-CDF5-436E-A6C6-284E3CF56C8F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76525913-0FB9-4B15-87C6-DD34F20DEAF7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{127A2CE5-9E31-40FC-A10E-51EF1C56411D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{606C2874-85A1-41FE-896C-10F07E460B3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D7D8575-00D5-47A5-A0F6-DE10B5877E3D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0CDCB53D-BC84-4B1C-8E86-0A6A761BA407}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A93E57F4-DC53-4A40-B787-13DA4E14ABAB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{97B82355-D094-4506-BBBE-144151135A7D}] => (Allow) D:\Program Files on Decko\Power BI\bin\msmdsrv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C28A45A-2BBB-458E-B9A4-5EC821626F95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{01FD9B02-B76D-4C60-942B-5FE59B96568E}D:\hry\starcraft ii\versions\base77661\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base77661\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{FF487AE0-E9D3-476D-A4A0-EBD7F19196F7}D:\hry\starcraft ii\versions\base77661\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base77661\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{BA450086-5A0A-47BC-BD4E-19790684DEAE}] => (Allow) D:\Program Files on Decko\Steam\steamapps\common\Quake Live\quakelive_steam.exe (id Software Inc.) [File not signed]
FirewallRules: [{860D8405-F2FD-458F-B775-D0D47EF3F3DE}] => (Allow) D:\Program Files on Decko\Steam\steamapps\common\Quake Live\quakelive_steam.exe (id Software Inc.) [File not signed]

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:100.14 GB) (Free:57.61 GB) (58%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/07/2020 10:22:20 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/07/2020 10:13:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7804,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 05:23:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8272,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 04:38:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6704,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 04:28:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5656,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 03:23:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3684,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 03:16:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12432,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/07/2020 12:08:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3156,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (01/08/2020 06:35:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
The system cannot find the file specified.

Error: (01/08/2020 06:34:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastWscReporter service failed to start due to the following error: 
The system cannot find the file specified.

Error: (01/07/2020 10:21:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
The system cannot find the file specified.

Error: (01/07/2020 10:21:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastWscReporter service failed to start due to the following error: 
The system cannot find the file specified.

Error: (01/07/2020 10:20:02 PM) (Source: DCOM) (EventID: 10005) (User: Window Manager)
Description: DCOM got error "1084" attempting to start the service DispBrokerDesktopSvc with arguments "Unavailable" in order to run the server:
DispBrokerDesktop.GlobalBrokerInstance

Error: (01/07/2020 10:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/07/2020 10:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NlaSvc service depends on the Dhcp service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (01/07/2020 10:20:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the Dnscache service which failed to start because of the following error: 
The dependency service or group failed to start.


Windows Defender:
===================================
Date: 2020-01-04 19:32:32.334
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {41DC6138-AB95-413B-8D29-5BAF7C18D98A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-26 16:41:26.026
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8E069509-B740-4792-A4E8-499F471BE9FA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-26 12:16:32.377
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {21693A42-179E-4FC2-ADA1-91D6D1132532}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-19 16:25:16.589
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {28598E74-7B51-4650-AD1F-96D718A5945F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-19 16:00:44.342
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F0C8478C-5747-4CD8-88C0-C95C7BBFCCDF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-12-17 11:41:11.549
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.557.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240022
Error description: The program can't check for definition updates. 

Date: 2019-12-14 10:37:33.413
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.356.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2019-11-27 14:45:55.852
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-11-27 14:45:55.851
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2019-11-27 14:45:55.850
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.305.2789.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2020-01-07 22:06:51.630
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 22:06:51.624
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 17:18:42.136
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 17:18:42.129
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 17:18:42.105
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 17:18:42.098
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 17:18:40.020
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 17:18:40.015
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files on Decko\AVAST\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: LENOVO AFCN21WW(V1.08) 04/21/2015
Motherboard: LENOVO Lenovo U31-70
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 8105.84 MB
Available physical RAM: 5684.91 MB
Total Virtual: 10537.84 MB
Available Virtual: 8302.59 MB

==================== Drives ================================

Drive c: (Cecko) (Fixed) (Total:100.14 GB) (Free:57.61 GB) NTFS
Drive d: (Decko) (Fixed) (Total:830 GB) (Free:55.96 GB) NTFS
Drive z: (EFI_SYS_PAR) (Fixed) (Total:0.29 GB) (Free:0.27 GB) FAT32

\\?\Volume{7ab96f1f-2710-0000-f75e-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.18 GB) NTFS
\\?\Volume{10dec59d-ea23-40a5-833f-3c8eb1023adb}\ () (Fixed) (Total:0.54 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0F3A2E73)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

Potřebuji vidět obsah souboru fixlog.txt. Měl byste ho mít na ploše.

[Ronnie Basic]

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by sousedovic (07-01-2020 22:08:48) Run:1
Running from C:\Users\sousedovic\Desktop
Loaded Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS (Available Profiles: sousedovic & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {17D59B4E-2685-44B8-8264-4F155D09FDA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
Task: {DC3FC9C4-971F-4FFE-9F51-2F8B80587B78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-04] (Google Inc -> Google Inc.)
C:\Users\sousedovic\AppData\Local\D25853.tmp
C:\Users\sousedovic\AppData\Local\D26950.tmp
C:\Users\sousedovic\AppData\Local\D27D61.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\sousedovic\AppData\Local\D219BF.tmp
C:\Users\sousedovic\AppData\Local\D22485.tmp
C:\Users\sousedovic\AppData\Local\D22B5D.tmp
C:\Users\sousedovic\AppData\Local\D22CB7.tmp
C:\Users\sousedovic\AppData\Local\D24CEF.tmp
C:\Users\sousedovic\AppData\Local\D24DAA.tmp
C:\Users\sousedovic\AppData\Local\D25853.tmp
C:\Users\sousedovic\AppData\Local\D25A77.tmp
C:\Users\sousedovic\AppData\Local\D26950.tmp
C:\Users\sousedovic\AppData\Local\D26D8D.tmp
C:\Users\sousedovic\AppData\Local\D26DA.tmp
C:\Users\sousedovic\AppData\Local\D27C02.tmp
C:\Users\sousedovic\AppData\Local\D27D61.tmp
c:\Users\sousedovic\AppData\Local\D2883A.tmp
C:\Users\sousedovic\AppData\Local\D28BB2.tmp
C:\Users\sousedovic\AppData\Local\D295B3.tmp
C:\Users\sousedovic\AppData\Local\D29B56.tmp
C:\Users\sousedovic\AppData\Local\D2A980.tmp
C:\Users\sousedovic\AppData\Local\D2B88B.tmp
C:\Users\sousedovic\AppData\Local\D2B97D.tmp
C:\Users\sousedovic\AppData\Local\D2BA58.tmp
C:\Users\sousedovic\AppData\Local\D2C733.tmp
C:\Users\sousedovic\AppData\Local\D2D000.tmp
C:\Users\sousedovic\AppData\Local\D2D6EF.tmp
C:\Users\sousedovic\AppData\Local\D2D804.tmp
C:\Users\sousedovic\AppData\Local\D2DD1D.tmp
C:\Users\sousedovic\AppData\Local\D2E2DA.tmp
C:\Users\sousedovic\AppData\Local\D2F346.tmp
C:\Users\sousedovic\AppData\Local\D2FBC9.tmp
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\sousedovic\AppData\Local\Microsoft\OneDrive\19.002.0107.0008_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files on Decko\AVAST\ashShell.dll [2020-01-06] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{CC412BF8-7096-45E1-AE7D-7BC3907A925D}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{E79C5258-021E-4D47-8221-A33B4C6A2677}] => (Allow) C:\Users\sousedovic\AppData\Roaming\Zoom\bin\Zoom.exe No File
FirewallRules: [{D226F6AF-1565-4982-BD08-0A18A9604DB5}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5A1C32F1-5C94-4A82-9050-35B5A81273AA}] => (Allow) D:\Program Files - REUSE\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3A619259-250B-4B93-8FCF-48603CC3A50D}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{A15B8B20-83A3-4A92-BB3A-0F45150B2D39}] => (Allow) D:\Program Files - REUSE\Steam\Steam.exe No File
FirewallRules: [{70A55929-E779-4DE4-88BD-605452F847FA}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{8A8F04FE-88DE-417D-8B80-7E1EE3696523}] => (Allow) D:\Program Files on Decko\Microsoft Office\Office12\ONENOTE.EXE No File
FirewallRules: [{E32A0E68-AB6C-4423-ABA9-BFE213877646}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{32382B25-3BB4-41B1-88AC-127884C8563D}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{90074535-B5CE-42E7-9AE6-7C15C5029193}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{126B7B3A-DA4D-4CD2-BEDE-CA811AE82072}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [{4C1F7A5B-DB10-407A-B228-1C4CCA462D32}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{ECBB8917-E35B-4153-BDF3-10713CC03473}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Warframe.x64.exe No File
FirewallRules: [{BAC6E75B-DDD5-44CE-99A5-DBE280DB2ED2}] => (Allow) C:\Users\sousedovic\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe No File
FirewallRules: [{F2C58327-416D-4090-A23F-6EA6C962C863}] => (Allow) D:\Hry\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe No File
FirewallRules: [TCP Query User{98499F09-53C9-495A-9FC2-EC075D393975}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{3D890A2F-639B-494E-913E-C4F7278A3E2D}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{F5433371-487E-4047-862C-B5984B1E78B6}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [UDP Query User{29AD9B98-3CEB-4715-B81B-972D0200117E}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base76114\sc2_x64.exe No File
FirewallRules: [TCP Query User{BAC5B582-E41A-43BC-B45A-8767C415A1B9}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [UDP Query User{DE65BF55-03A0-4418-AC0F-1C41EC2DD1C7}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe No File
FirewallRules: [TCP Query User{ABBDC07D-1FD7-4AD8-969A-072015B4933F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File
FirewallRules: [UDP Query User{9345499B-00C0-4760-A12F-9C4ADF06ACED}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17D59B4E-2685-44B8-8264-4F155D09FDA2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17D59B4E-2685-44B8-8264-4F155D09FDA2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC3FC9C4-971F-4FFE-9F51-2F8B80587B78}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC3FC9C4-971F-4FFE-9F51-2F8B80587B78}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\Users\sousedovic\AppData\Local\D25853.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D26950.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D27D61.tmp => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\sousedovic\AppData\Local\D219BF.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D22485.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D22B5D.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D22CB7.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D24CEF.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D24DAA.tmp => moved successfully
"C:\Users\sousedovic\AppData\Local\D25853.tmp" => not found
C:\Users\sousedovic\AppData\Local\D25A77.tmp => moved successfully
"C:\Users\sousedovic\AppData\Local\D26950.tmp" => not found
C:\Users\sousedovic\AppData\Local\D26D8D.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D26DA.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D27C02.tmp => moved successfully
"C:\Users\sousedovic\AppData\Local\D27D61.tmp" => not found
c:\Users\sousedovic\AppData\Local\D2883A.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D28BB2.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D295B3.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D29B56.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2A980.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2B88B.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2B97D.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2BA58.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2C733.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2D000.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2D6EF.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2D804.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2DD1D.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2E2DA.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2F346.tmp => moved successfully
C:\Users\sousedovic\AppData\Local\D2FBC9.tmp => moved successfully
HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F} => removed successfully
HKU\S-1-5-21-247431989-2805255649-28786118-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC412BF8-7096-45E1-AE7D-7BC3907A925D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E79C5258-021E-4D47-8221-A33B4C6A2677}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D226F6AF-1565-4982-BD08-0A18A9604DB5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A1C32F1-5C94-4A82-9050-35B5A81273AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A619259-250B-4B93-8FCF-48603CC3A50D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A15B8B20-83A3-4A92-BB3A-0F45150B2D39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70A55929-E779-4DE4-88BD-605452F847FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A8F04FE-88DE-417D-8B80-7E1EE3696523}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E32A0E68-AB6C-4423-ABA9-BFE213877646}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32382B25-3BB4-41B1-88AC-127884C8563D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90074535-B5CE-42E7-9AE6-7C15C5029193}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{126B7B3A-DA4D-4CD2-BEDE-CA811AE82072}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C1F7A5B-DB10-407A-B228-1C4CCA462D32}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECBB8917-E35B-4153-BDF3-10713CC03473}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAC6E75B-DDD5-44CE-99A5-DBE280DB2ED2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2C58327-416D-4090-A23F-6EA6C962C863}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{98499F09-53C9-495A-9FC2-EC075D393975}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3D890A2F-639B-494E-913E-C4F7278A3E2D}D:\hry\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F5433371-487E-4047-862C-B5984B1E78B6}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{29AD9B98-3CEB-4715-B81B-972D0200117E}D:\hry\starcraft ii\versions\base76114\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BAC5B582-E41A-43BC-B45A-8767C415A1B9}C:\program files\lghub\lghub_agent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DE65BF55-03A0-4418-AC0F-1C41EC2DD1C7}C:\program files\lghub\lghub_agent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ABBDC07D-1FD7-4AD8-969A-072015B4933F}C:\program files\logitech gaming software\lcore.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9345499B-00C0-4760-A12F-9C4ADF06ACED}C:\program files\logitech gaming software\lcore.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68527249 B
Java, Flash, Steam htmlcache => 101053523 B
Windows/system/drivers => 26746443 B
Edge => 2226653 B
Chrome => 338700214 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4172 B
NetworkService => 244072 B
sousedovic => 174628355 B
SQLTELEMETRY$SQLEXPRESS => 174628355 B
MSSQL$SQLEXPRESS => 174628355 B

RecycleBin => 12245991 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:12:26 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[Ronnie Basic]

Vypada to dobre. Pustil jsem pak znovu avast, ktery nasel jakysi botnet a hodil ho do quarantine.
Takze vyreseno, zda se.
Dekuji uctive!! Tlacitko donate vam stale funguje?

[Rudy]

Nemáte zač! . Tlačítko je stále funkční.