Kontrola logu

[Syslao]

Dobrý den,
dnes jsem nějakým způsobem přišel o admin práva. Odinstalace, spravovat tento počítač... nic nemůžu. Dosud bez problémů. V safe mode vše funguje v pořádku, takže tipuju nějakou infekci. SpyBot a Malwarebytes něco našly a opravily ,ale problém přetrvává. Prosím tedy o kontrolu logu. Děkuju moc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01
Ran by syslao (administrator) on SYSLAO-PC (Gigabyte Technology Co., Ltd. P35-DS3) (15-05-2020 22:58:28)
Running from C:\Users\syslao\Desktop
Loaded Profiles: syslao
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [180736 2020-04-27] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {447dd081-cc82-11e7-bd25-001d7d9f8c74} - G:\OriginSetup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {7247e3d2-75b7-11ea-9f62-001d7d9f8c74} - F:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {d664a879-f3aa-11e7-81c3-001d7d9f8c74} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {d664a88d-f3aa-11e7-81c3-001d7d9f8c74} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {e41aad0a-704c-11ea-af9b-001d7d9f8c74} - E:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {e53bca8c-79ba-11ea-b7f4-001d7d9f8c74} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-11-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-08] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DE9996-3E32-4EDF-84DF-D3504F314AFC} - System32\Tasks\{6CC024F3-9951-4886-A119-C929E7569CB5} => C:\Windows\system32\pcalua.exe -a "D:\Stahování\Batman Arkham - Knight\Batman_AK_CZ_V2.0.exe" -d "D:\Stahování\Batman Arkham - Knight"
Task: {0E5BE295-F5C3-496A-8313-CB924C81A568} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-04-21] (Advanced Micro Devices, Inc.) [File not signed]
Task: {0FD24616-7A80-4BEB-B4D8-6C294C3CB3F7} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {265D1E1F-FE7C-49A3-9596-1F2C4C9F9938} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {328B88CB-12AF-453B-99A1-49FB085C828A} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {41E926CA-0BF6-49E6-87D4-DDBB7623DA16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-18] (Google Inc -> Google Inc.)
Task: {694365A3-66C3-4569-BD45-5F78B57E4412} - System32\Tasks\{421B3903-7C97-482B-ACAE-47C6F02BD2A6} => C:\Windows\system32\pcalua.exe -a "c:\Program Files\Zemana Antimalware\Uninstall.exe"
Task: {6EFBB742-0EF8-41B2-9487-1CB43362BA39} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-04-21] (Advanced Micro Devices, Inc.) [File not signed]
Task: {B49E35B9-2030-4F30-A9FE-60B8BB989490} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-04-21] (Advanced Micro Devices, Inc.) [File not signed]
Task: {CC493EA8-BAC2-41F2-BB58-C508A414DD2A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {CDDEC93A-A97A-4627-ABC3-A02E8C653515} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3676952 2013-08-21] (Piriform Ltd -> Piriform Ltd)
Task: {E0CD75F5-56D6-455E-882D-AB4D9EF0ACFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2318BF0-4628-4530-96ED-9E50363AAC09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-18] (Google Inc -> Google Inc.)
Task: {FB8AA67A-0694-4A78-9753-4B136D3BFE08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GMHSkipUAC.job => D:\Stahování\Glarysoft Malware Hunter PRO v.1.97.0.686_Portable cz sk\App\GlarysoftMalwareHunter\MalwareHunter.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{AC8D30A5-CE9A-4405-97C0-6C23A3529BB8}: [DhcpNameServer] 62.129.50.20 85.135.32.100

Internet Explorer:
==================
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2017-11-18] (Sun Microsystems, Inc.) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-11-18] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: a8a2883w.default
FF ProfilePath: C:\Users\syslao\AppData\Roaming\Mozilla\Firefox\Profiles\a8a2883w.default [2019-11-22]
FF Homepage: Mozilla\Firefox\Profiles\a8a2883w.default -> google.cz
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2017-11-18] (Sun Microsystems, Inc.) [File not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2017-11-18] (Sun Microsystems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default [2020-05-15]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.cz/"
CHR Extension: (Překladač Google) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-20]
CHR Extension: (Prezentace) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-18]
CHR Extension: (Dokumenty) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-18]
CHR Extension: (Disk Google) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-18]
CHR Extension: (YouTube) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-18]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2018-09-11]
CHR Extension: (Tampermonkey) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-01-12]
CHR Extension: (Hudba Google Play) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-04-22]
CHR Extension: (Tabulky) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [515256 2020-04-21] (Advanced Micro Devices, Inc. -> AMD)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2020-04-21] () [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-09-29] (BattlEye Innovations e.K. -> )
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2019-12-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-09-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2433232 2020-04-27] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-15] (Malwarebytes Inc -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S4 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [28344 2020-04-21] (Advanced Micro Devices, Inc. -> )
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [65743544 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [582840 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2020-05-15] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [105376 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2020-03-27] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2020-03-27] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30352 2017-11-18] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149144 2020-04-27] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [189232 2020-04-27] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [113336 2020-04-27] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-15] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-15] (Malwarebytes Inc -> Malwarebytes)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2017-11-18] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [432840 2019-10-09] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [545568 2019-10-09] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-15 22:58 - 2020-05-15 22:59 - 000019599 _____ C:\Users\syslao\Desktop\FRST.txt
2020-05-15 22:57 - 2020-05-15 22:58 - 000000000 ____D C:\FRST
2020-05-15 22:55 - 2020-05-15 22:55 - 002286080 _____ (Farbar) C:\Users\syslao\Desktop\FRST64.exe
2020-05-15 22:36 - 2020-05-15 22:36 - 000000000 ____D C:\Users\syslao\AppData\Local\mbam
2020-05-15 22:35 - 2020-05-15 22:35 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-05-15 22:35 - 2020-05-15 22:35 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-15 22:35 - 2020-05-15 22:35 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-15 22:35 - 2020-05-15 22:35 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-15 22:35 - 2020-05-15 22:35 - 000000000 ____D C:\Users\syslao\AppData\Local\mbamtray
2020-05-15 22:35 - 2020-05-15 22:34 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-05-15 22:34 - 2020-05-15 22:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-15 22:34 - 2020-05-15 22:34 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-15 22:31 - 2020-05-15 22:31 - 001980016 _____ (Malwarebytes) C:\Users\syslao\Desktop\MBSetup.exe
2020-05-15 22:05 - 2020-05-15 22:05 - 000003100 _____ C:\Windows\system32\Tasks\{421B3903-7C97-482B-ACAE-47C6F02BD2A6}
2020-05-15 22:00 - 2020-05-15 22:59 - 000064578 _____ C:\Windows\ZAM.krnl.trace
2020-05-15 21:41 - 2020-05-15 21:42 - 000001928 _____ C:\Users\syslao\Desktop\Zemana AntiMalware.lnk
2020-05-15 21:41 - 2020-05-15 21:41 - 000001795 _____ C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Start Menu\Zemana AntiMalware.lnk
2020-05-15 21:41 - 2020-05-15 21:41 - 000001749 _____ C:\Users\syslao\Desktop\Zemana Registr.lnk
2020-05-15 21:41 - 2020-05-15 21:41 - 000000000 ____D C:\Program Files\Zemana Antimalware
2020-05-15 21:39 - 2020-05-15 21:39 - 000000000 ___HD C:\$GlaryQuarantine
2020-05-15 21:05 - 2020-05-15 21:05 - 000000368 _____ C:\Windows\Tasks\GMHSkipUAC.job
2020-05-15 21:04 - 2020-05-15 21:42 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2020-05-15 21:04 - 2020-05-15 21:42 - 000000000 ____D C:\Users\syslao\AppData\Local\AMSDK
2020-05-15 21:03 - 2020-05-15 21:03 - 000000000 ____D C:\Users\syslao\AppData\Local\Zemana
2020-05-15 20:30 - 2020-05-15 22:36 - 000131736 _____ C:\Windows\ntbtlog.txt
2020-05-15 20:26 - 2020-05-15 20:26 - 000058213 _____ C:\Users\syslao\Desktop\[CzT]Glarysoft_Malware_Hunter_PRO_v_1_97_0_686_Portable_2020_CZ_SK_.torrent
2020-05-15 20:23 - 2020-05-15 20:23 - 000020551 _____ C:\Users\syslao\Desktop\[CzT]Malwarebytes_Premium_v_3_8_3_2965_CZ_SK_.torrent
2020-05-15 20:19 - 2020-05-15 20:19 - 000008459 _____ C:\Users\syslao\Desktop\[SkT]Zemana_Antimalware_v.3.1.395_CZ_SK.torrent
2020-05-15 20:14 - 2020-05-15 20:14 - 000011095 _____ C:\Users\syslao\Desktop\[SkT]Zemana_AntiMalware_Premium_3.1.395_CZ SK HU_2019_FINAL!.torrent
2020-05-15 19:52 - 2020-05-15 19:52 - 000001294 _____ C:\Users\syslao\Desktop\Computer Management.download
2020-05-15 19:42 - 2020-05-15 19:42 - 000002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2020-05-15 19:42 - 2020-05-15 19:42 - 000001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-05-15 19:42 - 2020-05-15 19:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2020-05-15 19:42 - 2020-05-15 19:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2020-05-15 19:40 - 2020-05-15 19:42 - 000000000 ____D C:\Users\Administrator
2020-05-15 19:40 - 2020-05-15 19:40 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2020-05-15 19:40 - 2009-07-14 09:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2020-05-15 18:59 - 2020-05-15 18:59 - 000000000 ____D C:\Users\syslao\Desktop\sysel
2020-05-15 18:57 - 2020-05-15 18:57 - 000002259 _____ C:\Users\sysel\Desktop\Google Chrome.lnk
2020-05-15 18:57 - 2020-05-15 18:57 - 000001417 _____ C:\Users\sysel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-05-15 18:57 - 2020-05-15 18:57 - 000000000 ____D C:\Users\sysel\AppData\Roaming\Adobe
2020-05-15 18:57 - 2020-05-15 18:57 - 000000000 ____D C:\Users\sysel\AppData\Local\Google
2020-05-15 18:54 - 2020-05-15 18:59 - 000000000 ____D C:\Users\sysel
2020-05-15 18:54 - 2020-05-15 18:54 - 000000020 ___SH C:\Users\sysel\ntuser.ini
2020-05-15 18:54 - 2009-07-14 09:45 - 000000000 ____D C:\Users\sysel\AppData\Roaming\Media Center Programs
2020-05-15 18:37 - 2020-05-15 18:37 - 000069185 _____ C:\Users\syslao\Downloads\[CzT]Foundation_Alpha_v_1_5_11_0203_35879_2019_CZ_.torrent
2020-05-15 17:52 - 2020-05-15 22:43 - 000003106 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-05-14 21:04 - 2020-05-14 21:04 - 000000000 ____D C:\Users\syslao\Documents\Polymorph Games
2020-05-14 17:45 - 2020-05-14 17:45 - 000039009 _____ C:\Users\syslao\Downloads\[CzT]Foundation_v_1_5_9_2019_CZ_.torrent
2020-05-13 18:23 - 2020-05-13 18:23 - 000115610 _____ C:\Users\syslao\Downloads\[CzT]Native_Instrument_Guitar_Rig_Pro_v_5_1_1 (2).torrent
2020-05-10 16:13 - 2020-05-10 16:13 - 000000000 ____D C:\Users\syslao\AppData\Local\Ubisoft Game Launcher
2020-05-10 16:08 - 2020-05-10 16:08 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-05-08 20:39 - 2020-05-08 20:39 - 000000000 ____D C:\Users\syslao\AppData\Local\Saber
2020-05-08 20:39 - 2020-05-08 20:39 - 000000000 ____D C:\Users\Public\Documents\Epic
2020-05-08 20:39 - 2020-05-08 20:39 - 000000000 ____D C:\ProgramData\Documents\Epic
2020-05-08 19:05 - 2020-05-08 19:06 - 000345566 _____ C:\Users\syslao\Downloads\Assassin's_Creed__Odyssey_&#8211;_Deluxe_Edition_v1.0.6_ _3_DLCs_(2018)(CZ)[FitGirl_Repack].torrent
2020-05-08 18:35 - 2020-05-08 18:35 - 000106769 _____ C:\Users\syslao\Downloads\[CzT]Snowrunner_2020_CZ_.torrent
2020-05-08 18:13 - 2020-05-08 18:13 - 000000000 ____D C:\Users\syslao\AppData\Local\ATI
2020-05-08 18:12 - 2020-05-08 18:12 - 000000000 ____D C:\Users\syslao\AppData\Local\cache
2020-05-08 17:59 - 2020-05-15 22:43 - 000003116 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-05-08 17:50 - 2020-05-08 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-05-08 17:42 - 2020-04-21 23:27 - 062858424 _____ C:\Windows\system32\amd_comgr.dll
2020-05-08 17:42 - 2020-04-21 23:27 - 052394168 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-05-08 17:42 - 2020-04-21 23:11 - 000335544 _____ C:\Windows\system32\clinfo.exe
2020-05-08 17:42 - 2020-04-21 23:11 - 000126136 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-05-08 17:42 - 2020-04-21 23:11 - 000112312 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 079081656 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 065465016 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 026733752 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 021286072 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2020-05-08 17:42 - 2020-04-21 23:09 - 078642360 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2020-05-08 17:42 - 2020-04-21 23:02 - 001565744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 034385080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 029762744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 021826024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 013731296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 013041184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 001076712 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 001076712 _____ C:\Windows\system32\vulkan-1.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000935560 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000935560 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000932536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000759992 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000565432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000476344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000350392 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2020-05-08 17:42 - 2020-04-21 23:01 - 000175288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000162920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000153784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000144056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000139224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000129208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000118264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000118264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000097616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000097616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000068792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2020-05-08 17:42 - 2020-04-21 23:01 - 000038072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000035000 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 065743544 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2020-05-08 17:42 - 2020-04-21 23:00 - 041844408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxn64.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 037141688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxn32.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 001775288 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 001775288 _____ C:\Windows\system32\vulkaninfo.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 001365688 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 001365688 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 000150200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000127160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000124432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000109488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000061624 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 024173752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 020606648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 000140472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 000118456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2020-05-08 17:42 - 2020-04-21 22:58 - 001584824 _____ (AMD) C:\Windows\system32\coinst_19.50.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 004576440 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 004085944 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 000544952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 000374968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-05-08 17:42 - 2020-04-21 22:52 - 041540280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2020-05-08 17:42 - 2020-04-21 22:48 - 000188664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2020-05-08 17:42 - 2020-04-21 22:48 - 000158264 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-05-08 17:42 - 2020-04-21 22:48 - 000011136 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 013037576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 010363144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000582840 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2020-05-08 17:42 - 2020-04-21 22:47 - 000515256 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2020-05-08 17:42 - 2020-04-21 22:47 - 000504504 _____ (AMD) C:\Windows\system32\atitmm64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000484536 _____ C:\Windows\system32\dgtrayicon.exe
2020-05-08 17:42 - 2020-04-21 22:47 - 000482488 _____ C:\Windows\system32\GameManager64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000365240 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000199864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000193936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000176432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000156880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000136888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000136888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000127160 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 030992056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 026967224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 001234104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 001234104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000751800 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000475320 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000459960 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000457912 _____ C:\Windows\system32\amdlogum.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000442552 _____ C:\Windows\system32\atieah64.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000364728 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000336568 _____ C:\Windows\SysWOW64\atieah32.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000028344 _____ C:\Windows\system32\Drivers\amdacpksd.sys
2020-05-08 17:42 - 2020-04-21 22:42 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-05-08 17:42 - 2020-04-21 22:42 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-05-08 17:42 - 2020-04-21 22:32 - 000543168 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-05-08 17:42 - 2020-04-21 22:32 - 000543168 _____ C:\Windows\system32\atiapfxx.blb
2020-05-08 17:42 - 2020-03-06 21:57 - 000458368 _____ C:\Windows\system32\ativvaxy_nv.dat
2020-05-08 17:42 - 2020-02-26 08:40 - 001156061 _____ C:\Windows\system32\amdicdxx.dat
2020-05-08 17:42 - 2020-02-20 18:34 - 000000703 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2020-05-08 17:42 - 2020-02-20 18:34 - 000000703 _____ C:\Windows\system32\amd-vulkan64.json
2020-05-08 17:42 - 2019-11-29 22:03 - 000356992 _____ C:\Windows\system32\ativvaxy_rv.dat
2020-05-08 17:42 - 2019-10-28 16:52 - 000281101 _____ C:\Windows\system32\amdefctb.dat
2020-05-08 17:42 - 2019-10-25 20:23 - 000375968 _____ C:\Windows\system32\ativvaxy_el_nd.dat
2020-05-08 17:42 - 2019-10-18 15:56 - 000278560 _____ C:\Windows\system32\ativvaxy_stn_nd.dat
2020-05-08 17:42 - 2019-10-18 15:56 - 000272928 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2020-05-08 17:42 - 2019-10-17 21:30 - 000383264 _____ C:\Windows\system32\ativvaxy_vg20_nd.dat
2020-05-08 17:42 - 2019-10-17 20:52 - 000380448 _____ C:\Windows\system32\ativvaxy_gl_nd.dat
2020-05-08 17:42 - 2019-08-19 20:06 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2020-05-08 17:42 - 2019-07-24 07:53 - 000113288 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2020-05-08 17:42 - 2019-07-24 07:53 - 000105376 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2020-05-08 17:42 - 2019-07-16 21:58 - 000069770 _____ C:\Windows\system32\AMDKernelEvents.man
2020-05-08 17:42 - 2019-06-27 15:56 - 000173344 _____ C:\Windows\system32\amde40a.dat
2020-05-08 17:42 - 2019-06-21 20:44 - 000268244 _____ C:\Windows\system32\ativvaxy_FJ.dat
2020-05-08 17:42 - 2019-06-21 20:44 - 000267984 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2020-05-08 17:42 - 2019-02-26 00:15 - 000166624 _____ C:\Windows\system32\amde34b.dat
2020-05-08 17:42 - 2019-02-26 00:14 - 000166624 _____ C:\Windows\system32\amde34a.dat
2020-05-08 17:42 - 2019-02-12 19:49 - 000324928 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2020-05-08 17:42 - 2019-02-12 19:48 - 000325188 _____ C:\Windows\system32\ativvaxy_vi.dat
2020-05-08 17:42 - 2019-02-12 19:47 - 000234676 _____ C:\Windows\system32\ativvaxy_cik.dat
2020-05-08 17:42 - 2019-02-12 19:47 - 000234416 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2020-05-08 17:39 - 2020-05-08 17:39 - 040550000 _____ (AMD Inc.) C:\Users\syslao\Downloads\radeon-software-adrenalin-2020-20.4.2-minimalsetup-200423_64bit.exe
2020-05-08 17:39 - 2020-05-08 17:39 - 000000000 ____D C:\ProgramData\AMD
2020-05-08 16:55 - 2020-05-08 19:07 - 000000000 ____D C:\Program Files (x86)\Assassin's Creed Origins
2020-05-08 11:57 - 2020-05-08 11:57 - 004510099 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_Origins_2017_CZ_.torrent
2020-04-29 12:34 - 2020-04-29 12:34 - 000160935 _____ C:\Users\syslao\Downloads\[SkT]Assassin's_Creed__Odyssey_(2018)(CZ) (1).torrent
2020-04-29 12:29 - 2020-04-29 12:29 - 000160935 _____ C:\Users\syslao\Downloads\[SkT]Assassin's_Creed__Odyssey_(2018)(CZ).torrent
2020-04-29 12:19 - 2020-04-29 12:19 - 005131140 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_Odyssey_v_1_0_6_2018_CZ_.torrent
2020-04-27 15:43 - 2020-04-27 15:43 - 000057449 _____ C:\Windows\system32\NOTICE_mod
2020-04-27 14:25 - 2020-04-27 14:25 - 000000000 ____D C:\Users\syslao\AppData\Local\Setup Integrity Check
2020-04-22 18:33 - 2020-04-22 18:33 - 000064727 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_IV_Black_Flag_Freedom_Cry_DLC_2013_CZ_EN_.torrent
2020-04-22 12:13 - 2020-04-22 12:13 - 000015516 _____ C:\Users\syslao\Downloads\[CzT]Dcera_carodejky_Hadi_dar_Skammerens_datter_II_Slangens_gave_2019_CZ_.torrent
2020-04-22 12:11 - 2020-04-22 12:11 - 000016074 _____ C:\Users\syslao\Downloads\[CzT]Snezny_kluk_Abominable_2019_CZ_.torrent
2020-04-22 12:10 - 2020-04-22 12:10 - 000016939 _____ C:\Users\syslao\Downloads\[CzT]Jezek_Sonic_Sonic_the_Hedgehog_2020_CZ_WebRip_.torrent
2020-04-22 09:50 - 2020-04-22 09:50 - 000012122 _____ C:\Users\syslao\Downloads\[SkT]Zrcadleni_tmy_(2020)(CZ)[WebRip][720p]_=_CSFD_70%.torrent
2020-04-17 20:32 - 2020-04-17 20:32 - 000000000 ____D C:\ProgramData\Ubisoft
2020-04-17 18:18 - 2020-04-17 18:18 - 000014108 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_II_Assassin_s_Creed_2_CZ_v1_01_.torrent
2020-04-16 16:42 - 2020-04-16 16:43 - 000000000 ____D C:\Users\syslao\Documents\Witcher 2
2020-04-16 16:42 - 2020-04-16 16:42 - 000000000 ____D C:\Users\syslao\AppData\Local\The Witcher 2
2020-04-16 16:09 - 2020-04-17 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 (CZ)
2020-04-16 14:35 - 2020-04-16 14:35 - 000039618 _____ C:\Users\syslao\Downloads\[CzT]Zaklinac_2_Vrahove_Kralu_Rozsirena_Edice_The_Witcher_2_Assassins_of_Kings_Enchanced_Edition_CZ_.torrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-15 22:51 - 2009-07-14 06:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-05-15 22:51 - 2009-07-14 06:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-05-15 22:42 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-05-15 22:32 - 2017-11-18 20:36 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-05-15 21:55 - 2017-12-30 15:45 - 000000000 ____D C:\games
2020-05-15 21:39 - 2019-03-04 22:39 - 000000000 ____D C:\Users\syslao\Downloads\Paint Shop Pro 7.0
2020-05-15 20:29 - 2017-11-18 19:57 - 000000000 ____D C:\Users\syslao\AppData\Roaming\uTorrent
2020-05-15 19:42 - 2009-07-14 06:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2020-05-08 20:39 - 2019-06-14 19:34 - 000000000 ____D C:\Users\syslao\Documents\My Games
2020-05-08 18:11 - 2019-02-26 18:24 - 000000000 ____D C:\Users\syslao\AppData\Local\AMD
2020-05-08 17:50 - 2019-02-26 18:05 - 000003146 _____ C:\Windows\system32\Tasks\StartCN
2020-05-08 17:50 - 2019-02-26 18:05 - 000003066 _____ C:\Windows\system32\Tasks\StartDVR
2020-05-08 17:50 - 2017-11-18 20:10 - 000000000 ____D C:\Program Files\AMD
2020-05-08 17:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-05-08 17:39 - 2019-02-25 22:28 - 000000000 ____D C:\AMD
2020-05-08 11:50 - 2017-11-18 15:14 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-07 22:38 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-04-29 12:18 - 2020-04-04 14:16 - 000000000 ____D C:\Program Files (x86)\Batman Arkham Knight
2020-04-27 15:43 - 2017-08-27 12:07 - 000113336 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2020-04-27 15:43 - 2017-08-10 17:49 - 000189232 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2020-04-27 15:43 - 2017-08-10 17:49 - 000149144 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2020-04-27 14:22 - 2019-12-22 22:01 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2020-04-21 23:02 - 2019-02-20 22:35 - 026035128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2020-04-21 23:02 - 2019-02-20 22:35 - 001919600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-04-21 22:52 - 2019-02-20 22:39 - 049841848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2020-04-21 22:47 - 2019-02-21 01:53 - 000211464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2020-04-21 22:47 - 2019-02-21 01:52 - 000232632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-04-21 22:47 - 2019-02-21 01:52 - 000161464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2020-04-21 22:46 - 2019-02-21 01:52 - 001721528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-04-17 20:32 - 2019-06-22 12:51 - 000000000 ____D C:\Users\syslao\AppData\Roaming\Ubisoft
2020-04-17 20:09 - 2019-12-25 12:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-16 15:47 - 2019-04-02 17:57 - 000000000 ____D C:\Users\syslao\AppData\Local\ElevatedDiagnostics
2020-04-16 14:36 - 2020-04-03 19:14 - 000000000 ____D C:\Program Files (x86)\Call of Duty 4 - Modern Warfare

==================== Files in the root of some directories ========

2019-12-05 22:15 - 2019-12-05 22:15 - 000000000 _____ () C:\Users\syslao\AppData\Local\oobelibMkey.log
2019-11-23 23:39 - 2019-12-08 15:21 - 000007607 _____ () C:\Users\syslao\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD. -> 0

LastRegBack: 2020-05-07 20:57
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by syslao (15-05-2020 22:59:47)
Running from C:\Users\syslao\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-11-18 13:10:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2223748271-3078650066-3298653764-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2223748271-3078650066-3298653764-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2223748271-3078650066-3298653764-1002 - Limited - Enabled)
syslao (S-1-5-21-2223748271-3078650066-3298653764-1001 - Administrator - Enabled) => C:\Users\syslao

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ACP Application (HKLM\...\{6F0FE248-D39D-4150-918F-E76C9E9F5943}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.4.2 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.71.1081 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Creative Audio Console (HKLM-x32\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{179752EE-BE61-41C4-909A-D4AAC9CF23FD}) (Version: 12.2.31.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Paint Shop Pro 7 Evaluation (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Sims 4 v.1.58.63.1010 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version: - Microsoft)
Vita 2 common (HKLM\...\{C7B5259E-11DC-4B21-BBDD-DDAAA88C1F36}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana Antimalware v.3.1.395 CZ_SK (HKLM-x32\...\Zemana Antimalware v.3.1.395 CZ_SK) (Version: v.3.1.395 CZ_SK - Libbi)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Hudba Google Play.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

==================== Loaded Modules (Whitelisted) =============

2020-03-02 18:11 - 2020-03-02 18:11 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-02-08 13:38 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-04-21 16:43 - 2020-04-21 16:43 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-04-21 16:43 - 2020-04-21 16:43 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-11-22 23:19 - 000001094 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 genuine.adobe.com
127.0.0.1 prod.adobegenuine.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2223748271-3078650066-3298653764-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05152020224329446\Control Panel\Desktop\\Wallpaper -> C:\Users\sysel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdvancedSystemCareService13 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Disc Soft Pro Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: GoogleChromeAutoLaunch_7F0F7518B55C87D0C1D924D7FA29EBC0 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: MalTray => D:\Stahování\Glarysoft Malware Hunter PRO v.1.97.0.686_Portable cz sk\App\GlarysoftMalwareHunter\mhtray.exe /autorun
MSCONFIG\startupreg: mncxbiumpSrv => C:\Windows\inf\mncxbiump.vbe
MSCONFIG\startupreg: MSStp => C:\Windows\system32\msstp.vbe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{22C61BCF-B1BD-48A2-A199-B61989592536}C:\users\syslao\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\syslao\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE4476D5-5202-45E1-89D8-C9446BA7EE0C}C:\users\syslao\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\syslao\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{87A62855-6AB6-42C0-97B2-305425A912FB}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{00D7EEC8-49FF-40A0-ABBA-06E2E8CA9450}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF169246-6BE8-47D6-96BA-90117E88E6DE}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{149B3D29-0255-4AE6-9BE4-9DD0B3ED9CE4}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE16CCC1-7084-4EA2-9E30-304355FC55AC}] => (Allow) C:\Users\syslao\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{37C80491-5AB1-4A75-A3B8-6CF017ABD43C}] => (Allow) C:\Users\syslao\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{E231FF84-A57E-4E39-8DBF-53871FF4EC79}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{C541991F-890E-46CF-824E-7C5EE04B0885}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{62B0A97E-C384-40A4-90E0-50CE74D4636C}] => (Allow) C:\Users\syslao\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{855F70E3-7185-46FD-B67D-E24C36F3C59E}] => (Allow) C:\Users\syslao\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{D3E1D566-8DEF-4E45-9782-8D5B6C6165B5}] => (Allow) C:\Users\syslao\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{07EE83C4-6112-4CBC-B247-B8149C56F742}] => (Allow) C:\Users\syslao\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [TCP Query User{0E80910A-6E7C-40AA-B68A-C13A2DB10FB4}C:\hry\far cry 4\bin\farcry4.exe] => (Block) C:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [UDP Query User{3CD674CC-DFB7-41A0-BD43-ADF113F8D88A}C:\hry\far cry 4\bin\farcry4.exe] => (Block) C:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [TCP Query User{2CB67BD9-BF4F-4197-8E91-FD736EE42FC1}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Block) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe => No File
FirewallRules: [UDP Query User{18E8F5B3-8156-4F34-9CA2-60FCFC06F301}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Block) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe => No File
FirewallRules: [TCP Query User{35FAC8C1-90A9-4704-A4BD-6935C3ACE253}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Block) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe => No File
FirewallRules: [UDP Query User{79E3267A-126A-4D72-BC11-05879D49407B}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Block) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe => No File
FirewallRules: [{D6AF88CF-3110-4F5D-B787-31B9FD338D69}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

Check "VSS" service


==================== Faulty Device Manager Devices ============

Name: AMD Log Utility Driver
Description: AMD Log Utility Driver
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/15/2020 09:55:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\syslao\AppData\Local\Temp\{916E96DD-B44C-4E1F-A314-0B4089733F2C}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\" -tempdisk1folder:"C:\Users\syslao\AppData\Local\Temp\{916E96DD-B44C-4E1F-A314-0B4089733F2C}\"; Popis = Removed Ubisoft Game Launcher; Chyba = 0x8007043c).

Error: (05/15/2020 07:17:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TS4_x64.exe verze 1.58.63.1010 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 108c

Čas spuštění: 01d62adc14b911ee

Čas ukončení: 15

Cesta k aplikaci: C:\games\The Sims 4\Game\Bin\TS4_x64.exe

ID hlášení:

Error: (05/15/2020 06:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SDFiles.exe, verze: 1.6.1.7, časové razítko: 0x2a425e19
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23391, časové razítko: 0x56e9a73c
Kód výjimky: 0x0eedfade
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0xaac
Čas spuštění chybující aplikace: 0x01d62ad927abe2e7
Cesta k chybující aplikaci: C:\Users\syslao\Desktop\SpyBot Search & Destroy 1.6.2.46 DC 13.01.2016 Portable\SDFiles.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 65b65640-96cc-11ea-9239-001d7d9f8c74

Error: (05/15/2020 06:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SDFiles.exe, verze: 1.6.1.7, časové razítko: 0x2a425e19
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23391, časové razítko: 0x56e9a73c
Kód výjimky: 0x0eedfade
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x12b4
Čas spuštění chybující aplikace: 0x01d62ad6421891c5
Cesta k chybující aplikaci: C:\Users\syslao\Desktop\SpyBot Search & Destroy 1.6.2.46 DC 13.01.2016 Portable\SDFiles.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 801940fa-96c9-11ea-9239-001d7d9f8c74

Error: (05/15/2020 06:01:37 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/14/2020 05:37:32 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/13/2020 06:29:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/11/2020 06:45:44 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (05/15/2020 10:50:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (05/15/2020 10:50:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (05/15/2020 10:45:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Peer Name Resolution Protocol byla ukončena s následující chybou:
%%-2140993535

Error: (05/15/2020 10:45:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Peer Networking Grouping závisí na službě Peer Name Resolution Protocol, která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (05/15/2020 10:45:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Peer Name Resolution Protocol byla ukončena s následující chybou:
%%-2140993535

Error: (05/15/2020 10:45:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Peer Networking Grouping závisí na službě Peer Name Resolution Protocol, která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (05/15/2020 10:45:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.

Error: (05/15/2020 10:45:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F14 06/18/2009
Motherboard: Gigabyte Technology Co., Ltd. P35-DS3
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 7166.49 MB
Available physical RAM: 3246.75 MB
Total Virtual: 14331.17 MB
Available Virtual: 8942.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:105.24 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.88 GB) (Free:91.1 GB) NTFS
Drive e: (SnowRunner) (CDROM) (Total:10.39 GB) (Free:0 GB) UDF

\\?\Volume{dc012002-cc5c-11e7-b570-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 8E71E94C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 081E081D)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

[Conder]

Ahoj

Zobrazuje sa aj nejaka chybova hlaska pri pokuse o administratorsku akciu?

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Spustit skenovani a pockaj na dokoncenie
• V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
• V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
• Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede

[Syslao]

Image1.jpg (21.36 KiB) Zobrazeno 946 x

Chybové hlášky jsou. Někdy hláška a někdy se prostě nestane nic a system nereaguje . Třeba log nešel zobrazit a odkaz na AdwCleaner byl zablokován Nodem32.
Téměř vše musím dělat v safe mode.

díky moc

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-05-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-16-2020
# Duration: 00:00:03
# OS: Windows 7 Ultimate
# Cleaned: 22
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Tencent
Deleted C:\Users\syslao\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\syslao\AppData\Local\Tencent
Deleted C:\Users\syslao\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\syslao\AppData\Roaming\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{07EE83C4-6112-4CBC-B247-B8149C56F742}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{62B0A97E-C384-40A4-90E0-50CE74D4636C}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{855F70E3-7185-46FD-B67D-E24C36F3C59E}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D3E1D566-8DEF-4E45-9782-8D5B6C6165B5}
Deleted HKLM\Software\Classes\METNSD
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted AVG Secure Search
Deleted AVG Secure Search
Deleted Bing
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted Trovi search
Deleted Trovi search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3166 octets] - [16/05/2020 09:36:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-05-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-16-2020
# Duration: 00:00:33
# OS: Windows 7 Ultimate
# Scanned: 31864
# Detected: 22


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\syslao\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\syslao\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Tencent
PUP.Optional.Legacy C:\Users\syslao\AppData\Local\Tencent
PUP.Optional.Legacy C:\Users\syslao\AppData\Roaming\Tencent
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{07EE83C4-6112-4CBC-B247-B8149C56F742}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{62B0A97E-C384-40A4-90E0-50CE74D4636C}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{855F70E3-7185-46FD-B67D-E24C36F3C59E}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D3E1D566-8DEF-4E45-9782-8D5B6C6165B5}
PUP.Optional.Legacy HKLM\Software\Classes\METNSD

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Babylon Search the web (Babylon)
PUP.Optional.Babylon Search the web (Babylon)
PUP.Optional.Legacy AVG Secure Search
PUP.Optional.Legacy Bing
PUP.Optional.Legacy Trovi search
PUP.Optional.MySearch AVG Secure Search
PUP.Optional.Trovi Trovi search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt #####

[Syslao]

Ještě nový log z FRST :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01
Ran by syslao (administrator) on SYSLAO-PC (Gigabyte Technology Co., Ltd. P35-DS3) (16-05-2020 11:10:33)
Running from C:\Users\syslao\Desktop
Loaded Profiles: syslao
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [180736 2020-04-27] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {447dd081-cc82-11e7-bd25-001d7d9f8c74} - G:\OriginSetup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {7247e3d2-75b7-11ea-9f62-001d7d9f8c74} - F:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {d664a879-f3aa-11e7-81c3-001d7d9f8c74} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {d664a88d-f3aa-11e7-81c3-001d7d9f8c74} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {e41aad0a-704c-11ea-af9b-001d7d9f8c74} - E:\setup.exe
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\...\MountPoints2: {e53bca8c-79ba-11ea-b7f4-001d7d9f8c74} - H:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-11-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-08] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DE9996-3E32-4EDF-84DF-D3504F314AFC} - System32\Tasks\{6CC024F3-9951-4886-A119-C929E7569CB5} => C:\Windows\system32\pcalua.exe -a "D:\Stahování\Batman Arkham - Knight\Batman_AK_CZ_V2.0.exe" -d "D:\Stahování\Batman Arkham - Knight"
Task: {0FD24616-7A80-4BEB-B4D8-6C294C3CB3F7} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {162F5A67-5817-45D1-B3AE-B4B8ED90AF0A} - System32\Tasks\AdwCleaner_onReboot => C:\Users\syslao\Desktop\adwcleaner_8.0.4.exe [8196784 2020-05-16] (Malwarebytes Inc -> Malwarebytes)
Task: {265D1E1F-FE7C-49A3-9596-1F2C4C9F9938} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {328B88CB-12AF-453B-99A1-49FB085C828A} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {41E926CA-0BF6-49E6-87D4-DDBB7623DA16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-18] (Google Inc -> Google Inc.)
Task: {694365A3-66C3-4569-BD45-5F78B57E4412} - System32\Tasks\{421B3903-7C97-482B-ACAE-47C6F02BD2A6} => C:\Windows\system32\pcalua.exe -a "c:\Program Files\Zemana Antimalware\Uninstall.exe"
Task: {6EFBB742-0EF8-41B2-9487-1CB43362BA39} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-04-21] (Advanced Micro Devices, Inc.) [File not signed]
Task: {CC493EA8-BAC2-41F2-BB58-C508A414DD2A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {CDDEC93A-A97A-4627-ABC3-A02E8C653515} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3676952 2013-08-21] (Piriform Ltd -> Piriform Ltd)
Task: {E0CD75F5-56D6-455E-882D-AB4D9EF0ACFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2318BF0-4628-4530-96ED-9E50363AAC09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-18] (Google Inc -> Google Inc.)
Task: {ECE6194D-FB16-46EB-AEE5-A2D8982B78F5} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-04-21] (Advanced Micro Devices, Inc.) [File not signed]
Task: {EF8A3534-D075-4102-A0FA-B3BA0821C549} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-04-21] (Advanced Micro Devices, Inc.) [File not signed]
Task: {FB8AA67A-0694-4A78-9753-4B136D3BFE08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GMHSkipUAC.job => D:\Stahování\Glarysoft Malware Hunter PRO v.1.97.0.686_Portable cz sk\App\GlarysoftMalwareHunter\MalwareHunter.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{AC8D30A5-CE9A-4405-97C0-6C23A3529BB8}: [DhcpNameServer] 62.129.50.20 85.135.32.100

Internet Explorer:
==================
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2017-11-18] (Sun Microsystems, Inc.) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-11-18] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: a8a2883w.default
FF ProfilePath: C:\Users\syslao\AppData\Roaming\Mozilla\Firefox\Profiles\a8a2883w.default [2019-11-22]
FF Homepage: Mozilla\Firefox\Profiles\a8a2883w.default -> google.cz
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2017-11-18] (Sun Microsystems, Inc.) [File not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2017-11-18] (Sun Microsystems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default [2020-05-16]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.cz/"
CHR Extension: (Překladač Google) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-20]
CHR Extension: (Prezentace) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-18]
CHR Extension: (Dokumenty) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-18]
CHR Extension: (Disk Google) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-18]
CHR Extension: (YouTube) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-18]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2018-09-11]
CHR Extension: (Tampermonkey) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-01-12]
CHR Extension: (Hudba Google Play) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-04-22]
CHR Extension: (Tabulky) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\syslao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [515256 2020-04-21] (Advanced Micro Devices, Inc. -> AMD)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2020-04-21] () [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7252656 2018-09-29] (BattlEye Innovations e.K. -> )
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2019-12-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-09-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2433232 2020-04-27] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-15] (Malwarebytes Inc -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 AGMService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" [X]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S4 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [28344 2020-04-21] (Advanced Micro Devices, Inc. -> )
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [65743544 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [582840 2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2020-05-15] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [105376 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2020-03-27] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2020-03-27] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30352 2017-11-18] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149144 2020-04-27] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [189232 2020-04-27] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [113336 2020-04-27] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-05-15] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2017-11-18] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [432840 2019-10-09] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [545568 2019-10-09] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 cpuz145; \??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-16 10:57 - 2020-05-16 10:58 - 000000000 ____D C:\Users\syslao\AppData\LocalLow\IGDump
2020-05-16 10:23 - 2020-05-16 10:54 - 000003098 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-05-16 10:14 - 2020-05-16 11:11 - 000019598 _____ C:\Users\syslao\Desktop\FRST.txt
2020-05-16 09:46 - 2020-05-16 09:46 - 000248968 ____N (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-16 09:35 - 2020-05-16 09:36 - 000000000 ____D C:\AdwCleaner
2020-05-16 09:34 - 2020-05-16 09:34 - 008196784 _____ (Malwarebytes) C:\Users\syslao\Desktop\adwcleaner_8.0.4.exe
2020-05-15 22:57 - 2020-05-16 11:10 - 000000000 ____D C:\FRST
2020-05-15 22:55 - 2020-05-15 22:55 - 002286080 _____ (Farbar) C:\Users\syslao\Desktop\FRST64.exe
2020-05-15 22:36 - 2020-05-15 22:36 - 000000000 ____D C:\Users\syslao\AppData\Local\mbam
2020-05-15 22:35 - 2020-05-15 22:35 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-15 22:35 - 2020-05-15 22:35 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-15 22:35 - 2020-05-15 22:35 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-15 22:35 - 2020-05-15 22:35 - 000000000 ____D C:\Users\syslao\AppData\Local\mbamtray
2020-05-15 22:35 - 2020-05-15 22:34 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-05-15 22:34 - 2020-05-15 22:34 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-15 22:34 - 2020-05-15 22:34 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-15 22:31 - 2020-05-15 22:31 - 001980016 _____ (Malwarebytes) C:\Users\syslao\Desktop\MBSetup.exe
2020-05-15 22:05 - 2020-05-15 22:05 - 000003100 _____ C:\Windows\system32\Tasks\{421B3903-7C97-482B-ACAE-47C6F02BD2A6}
2020-05-15 22:00 - 2020-05-16 11:11 - 000059180 _____ C:\Windows\ZAM.krnl.trace
2020-05-15 21:41 - 2020-05-15 21:42 - 000001928 _____ C:\Users\syslao\Desktop\Zemana AntiMalware.lnk
2020-05-15 21:41 - 2020-05-15 21:41 - 000001795 _____ C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Start Menu\Zemana AntiMalware.lnk
2020-05-15 21:41 - 2020-05-15 21:41 - 000001749 _____ C:\Users\syslao\Desktop\Zemana Registr.lnk
2020-05-15 21:41 - 2020-05-15 21:41 - 000000000 ____D C:\Program Files\Zemana Antimalware
2020-05-15 21:39 - 2020-05-15 21:39 - 000000000 ___HD C:\$GlaryQuarantine
2020-05-15 21:05 - 2020-05-15 21:05 - 000000368 _____ C:\Windows\Tasks\GMHSkipUAC.job
2020-05-15 21:04 - 2020-05-15 21:42 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2020-05-15 21:04 - 2020-05-15 21:42 - 000000000 ____D C:\Users\syslao\AppData\Local\AMSDK
2020-05-15 21:03 - 2020-05-15 21:03 - 000000000 ____D C:\Users\syslao\AppData\Local\Zemana
2020-05-15 20:30 - 2020-05-16 09:48 - 000263608 _____ C:\Windows\ntbtlog.txt
2020-05-15 19:52 - 2020-05-15 19:52 - 000001294 _____ C:\Users\syslao\Desktop\Computer Management.download
2020-05-15 19:42 - 2020-05-15 19:42 - 000002255 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2020-05-15 19:42 - 2020-05-15 19:42 - 000001413 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-05-15 19:42 - 2020-05-15 19:42 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2020-05-15 19:42 - 2020-05-15 19:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2020-05-15 19:40 - 2020-05-15 19:42 - 000000000 ____D C:\Users\Administrator
2020-05-15 19:40 - 2020-05-15 19:40 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2020-05-15 19:40 - 2009-07-14 09:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2020-05-15 18:37 - 2020-05-15 18:37 - 000069185 _____ C:\Users\syslao\Downloads\[CzT]Foundation_Alpha_v_1_5_11_0203_35879_2019_CZ_.torrent
2020-05-15 17:52 - 2020-05-16 10:26 - 000003106 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-05-14 21:04 - 2020-05-14 21:04 - 000000000 ____D C:\Users\syslao\Documents\Polymorph Games
2020-05-14 17:45 - 2020-05-14 17:45 - 000039009 _____ C:\Users\syslao\Downloads\[CzT]Foundation_v_1_5_9_2019_CZ_.torrent
2020-05-13 18:23 - 2020-05-13 18:23 - 000115610 _____ C:\Users\syslao\Downloads\[CzT]Native_Instrument_Guitar_Rig_Pro_v_5_1_1 (2).torrent
2020-05-10 16:13 - 2020-05-10 16:13 - 000000000 ____D C:\Users\syslao\AppData\Local\Ubisoft Game Launcher
2020-05-10 16:08 - 2020-05-10 16:08 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-05-08 20:39 - 2020-05-08 20:39 - 000000000 ____D C:\Users\syslao\AppData\Local\Saber
2020-05-08 20:39 - 2020-05-08 20:39 - 000000000 ____D C:\Users\Public\Documents\Epic
2020-05-08 20:39 - 2020-05-08 20:39 - 000000000 ____D C:\ProgramData\Documents\Epic
2020-05-08 19:05 - 2020-05-08 19:06 - 000345566 _____ C:\Users\syslao\Downloads\Assassin's_Creed__Odyssey_&#8211;_Deluxe_Edition_v1.0.6_ _3_DLCs_(2018)(CZ)[FitGirl_Repack].torrent
2020-05-08 18:35 - 2020-05-08 18:35 - 000106769 _____ C:\Users\syslao\Downloads\[CzT]Snowrunner_2020_CZ_.torrent
2020-05-08 18:13 - 2020-05-08 18:13 - 000000000 ____D C:\Users\syslao\AppData\Local\ATI
2020-05-08 18:12 - 2020-05-08 18:12 - 000000000 ____D C:\Users\syslao\AppData\Local\cache
2020-05-08 17:59 - 2020-05-16 10:26 - 000003116 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-05-08 17:50 - 2020-05-08 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-05-08 17:42 - 2020-04-21 23:27 - 062858424 _____ C:\Windows\system32\amd_comgr.dll
2020-05-08 17:42 - 2020-04-21 23:27 - 052394168 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-05-08 17:42 - 2020-04-21 23:11 - 000335544 _____ C:\Windows\system32\clinfo.exe
2020-05-08 17:42 - 2020-04-21 23:11 - 000126136 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-05-08 17:42 - 2020-04-21 23:11 - 000112312 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 079081656 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 065465016 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 026733752 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2020-05-08 17:42 - 2020-04-21 23:10 - 021286072 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2020-05-08 17:42 - 2020-04-21 23:09 - 078642360 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2020-05-08 17:42 - 2020-04-21 23:02 - 001565744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 034385080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 029762744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 021826024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 013731296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 013041184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 001076712 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 001076712 _____ C:\Windows\system32\vulkan-1.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000935560 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000935560 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000932536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000759992 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000565432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000476344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000350392 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2020-05-08 17:42 - 2020-04-21 23:01 - 000175288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000162920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000153784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000144056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000139224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000129208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000118264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000118264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000097616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000097616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000068792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2020-05-08 17:42 - 2020-04-21 23:01 - 000038072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-05-08 17:42 - 2020-04-21 23:01 - 000035000 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 065743544 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2020-05-08 17:42 - 2020-04-21 23:00 - 041844408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxn64.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 037141688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxn32.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 001775288 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 001775288 _____ C:\Windows\system32\vulkaninfo.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 001365688 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 001365688 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-05-08 17:42 - 2020-04-21 23:00 - 000150200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000127160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000124432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000109488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-05-08 17:42 - 2020-04-21 23:00 - 000061624 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 024173752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 020606648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 000140472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2020-05-08 17:42 - 2020-04-21 22:59 - 000118456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2020-05-08 17:42 - 2020-04-21 22:58 - 001584824 _____ (AMD) C:\Windows\system32\coinst_19.50.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 004576440 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 004085944 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 000544952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-05-08 17:42 - 2020-04-21 22:57 - 000374968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-05-08 17:42 - 2020-04-21 22:52 - 041540280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2020-05-08 17:42 - 2020-04-21 22:48 - 000188664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2020-05-08 17:42 - 2020-04-21 22:48 - 000158264 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-05-08 17:42 - 2020-04-21 22:48 - 000011136 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 013037576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 010363144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000582840 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2020-05-08 17:42 - 2020-04-21 22:47 - 000515256 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2020-05-08 17:42 - 2020-04-21 22:47 - 000504504 _____ (AMD) C:\Windows\system32\atitmm64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000484536 _____ C:\Windows\system32\dgtrayicon.exe
2020-05-08 17:42 - 2020-04-21 22:47 - 000482488 _____ C:\Windows\system32\GameManager64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000365240 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000199864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000193936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000176432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000156880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000136888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000136888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000127160 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-05-08 17:42 - 2020-04-21 22:47 - 000011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 030992056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 026967224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 001234104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 001234104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000751800 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000475320 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000459960 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000457912 _____ C:\Windows\system32\amdlogum.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000442552 _____ C:\Windows\system32\atieah64.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000364728 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-05-08 17:42 - 2020-04-21 22:46 - 000336568 _____ C:\Windows\SysWOW64\atieah32.exe
2020-05-08 17:42 - 2020-04-21 22:46 - 000028344 _____ C:\Windows\system32\Drivers\amdacpksd.sys
2020-05-08 17:42 - 2020-04-21 22:42 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-05-08 17:42 - 2020-04-21 22:42 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-05-08 17:42 - 2020-04-21 22:32 - 000543168 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-05-08 17:42 - 2020-04-21 22:32 - 000543168 _____ C:\Windows\system32\atiapfxx.blb
2020-05-08 17:42 - 2020-03-06 21:57 - 000458368 _____ C:\Windows\system32\ativvaxy_nv.dat
2020-05-08 17:42 - 2020-02-26 08:40 - 001156061 _____ C:\Windows\system32\amdicdxx.dat
2020-05-08 17:42 - 2020-02-20 18:34 - 000000703 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2020-05-08 17:42 - 2020-02-20 18:34 - 000000703 _____ C:\Windows\system32\amd-vulkan64.json
2020-05-08 17:42 - 2019-11-29 22:03 - 000356992 _____ C:\Windows\system32\ativvaxy_rv.dat
2020-05-08 17:42 - 2019-10-28 16:52 - 000281101 _____ C:\Windows\system32\amdefctb.dat
2020-05-08 17:42 - 2019-10-25 20:23 - 000375968 _____ C:\Windows\system32\ativvaxy_el_nd.dat
2020-05-08 17:42 - 2019-10-18 15:56 - 000278560 _____ C:\Windows\system32\ativvaxy_stn_nd.dat
2020-05-08 17:42 - 2019-10-18 15:56 - 000272928 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2020-05-08 17:42 - 2019-10-17 21:30 - 000383264 _____ C:\Windows\system32\ativvaxy_vg20_nd.dat
2020-05-08 17:42 - 2019-10-17 20:52 - 000380448 _____ C:\Windows\system32\ativvaxy_gl_nd.dat
2020-05-08 17:42 - 2019-08-19 20:06 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2020-05-08 17:42 - 2019-07-24 07:53 - 000113288 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2020-05-08 17:42 - 2019-07-24 07:53 - 000105376 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2020-05-08 17:42 - 2019-07-16 21:58 - 000069770 _____ C:\Windows\system32\AMDKernelEvents.man
2020-05-08 17:42 - 2019-06-27 15:56 - 000173344 _____ C:\Windows\system32\amde40a.dat
2020-05-08 17:42 - 2019-06-21 20:44 - 000268244 _____ C:\Windows\system32\ativvaxy_FJ.dat
2020-05-08 17:42 - 2019-06-21 20:44 - 000267984 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2020-05-08 17:42 - 2019-02-26 00:15 - 000166624 _____ C:\Windows\system32\amde34b.dat
2020-05-08 17:42 - 2019-02-26 00:14 - 000166624 _____ C:\Windows\system32\amde34a.dat
2020-05-08 17:42 - 2019-02-12 19:49 - 000324928 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2020-05-08 17:42 - 2019-02-12 19:48 - 000325188 _____ C:\Windows\system32\ativvaxy_vi.dat
2020-05-08 17:42 - 2019-02-12 19:47 - 000234676 _____ C:\Windows\system32\ativvaxy_cik.dat
2020-05-08 17:42 - 2019-02-12 19:47 - 000234416 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2020-05-08 17:39 - 2020-05-08 17:39 - 040550000 _____ (AMD Inc.) C:\Users\syslao\Downloads\radeon-software-adrenalin-2020-20.4.2-minimalsetup-200423_64bit.exe
2020-05-08 17:39 - 2020-05-08 17:39 - 000000000 ____D C:\ProgramData\AMD
2020-05-08 16:55 - 2020-05-08 19:07 - 000000000 ____D C:\Program Files (x86)\Assassin's Creed Origins
2020-05-08 11:57 - 2020-05-08 11:57 - 004510099 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_Origins_2017_CZ_.torrent
2020-04-29 12:34 - 2020-04-29 12:34 - 000160935 _____ C:\Users\syslao\Downloads\[SkT]Assassin's_Creed__Odyssey_(2018)(CZ) (1).torrent
2020-04-29 12:29 - 2020-04-29 12:29 - 000160935 _____ C:\Users\syslao\Downloads\[SkT]Assassin's_Creed__Odyssey_(2018)(CZ).torrent
2020-04-29 12:19 - 2020-04-29 12:19 - 005131140 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_Odyssey_v_1_0_6_2018_CZ_.torrent
2020-04-27 15:43 - 2020-04-27 15:43 - 000057449 _____ C:\Windows\system32\NOTICE_mod
2020-04-27 14:25 - 2020-04-27 14:25 - 000000000 ____D C:\Users\syslao\AppData\Local\Setup Integrity Check
2020-04-22 18:33 - 2020-04-22 18:33 - 000064727 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_IV_Black_Flag_Freedom_Cry_DLC_2013_CZ_EN_.torrent
2020-04-22 12:13 - 2020-04-22 12:13 - 000015516 _____ C:\Users\syslao\Downloads\[CzT]Dcera_carodejky_Hadi_dar_Skammerens_datter_II_Slangens_gave_2019_CZ_.torrent
2020-04-22 12:11 - 2020-04-22 12:11 - 000016074 _____ C:\Users\syslao\Downloads\[CzT]Snezny_kluk_Abominable_2019_CZ_.torrent
2020-04-22 12:10 - 2020-04-22 12:10 - 000016939 _____ C:\Users\syslao\Downloads\[CzT]Jezek_Sonic_Sonic_the_Hedgehog_2020_CZ_WebRip_.torrent
2020-04-22 09:50 - 2020-04-22 09:50 - 000012122 _____ C:\Users\syslao\Downloads\[SkT]Zrcadleni_tmy_(2020)(CZ)[WebRip][720p]_=_CSFD_70%.torrent
2020-04-17 20:32 - 2020-04-17 20:32 - 000000000 ____D C:\ProgramData\Ubisoft
2020-04-17 18:18 - 2020-04-17 18:18 - 000014108 _____ C:\Users\syslao\Downloads\[CzT]Assassin_s_Creed_II_Assassin_s_Creed_2_CZ_v1_01_.torrent
2020-04-16 16:42 - 2020-04-16 16:43 - 000000000 ____D C:\Users\syslao\Documents\Witcher 2
2020-04-16 16:42 - 2020-04-16 16:42 - 000000000 ____D C:\Users\syslao\AppData\Local\The Witcher 2
2020-04-16 16:09 - 2020-04-17 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 (CZ)
2020-04-16 14:35 - 2020-04-16 14:35 - 000039618 _____ C:\Users\syslao\Downloads\[CzT]Zaklinac_2_Vrahove_Kralu_Rozsirena_Edice_The_Witcher_2_Assassins_of_Kings_Enchanced_Edition_CZ_.torrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-16 11:06 - 2017-11-18 14:58 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-05-16 10:33 - 2009-07-14 06:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-05-16 10:33 - 2009-07-14 06:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-05-16 10:26 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-05-16 10:25 - 2017-11-18 20:36 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-05-16 09:36 - 2019-11-22 20:42 - 000000000 ____D C:\Users\syslao\AppData\LocalLow\IObit
2020-05-16 09:36 - 2019-11-22 20:40 - 000000000 ____D C:\Users\syslao\AppData\Roaming\IObit
2020-05-15 21:55 - 2017-12-30 15:45 - 000000000 ____D C:\games
2020-05-15 21:39 - 2019-03-04 22:39 - 000000000 ____D C:\Users\syslao\Downloads\Paint Shop Pro 7.0
2020-05-15 20:29 - 2017-11-18 19:57 - 000000000 ____D C:\Users\syslao\AppData\Roaming\uTorrent
2020-05-15 19:42 - 2009-07-14 06:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2020-05-08 20:39 - 2019-06-14 19:34 - 000000000 ____D C:\Users\syslao\Documents\My Games
2020-05-08 18:11 - 2019-02-26 18:24 - 000000000 ____D C:\Users\syslao\AppData\Local\AMD
2020-05-08 17:50 - 2019-02-26 18:05 - 000003146 _____ C:\Windows\system32\Tasks\StartCN
2020-05-08 17:50 - 2019-02-26 18:05 - 000003066 _____ C:\Windows\system32\Tasks\StartDVR
2020-05-08 17:50 - 2017-11-18 20:10 - 000000000 ____D C:\Program Files\AMD
2020-05-08 17:48 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-05-08 17:39 - 2019-02-25 22:28 - 000000000 ____D C:\AMD
2020-05-08 11:50 - 2017-11-18 15:14 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-07 22:38 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-04-29 12:18 - 2020-04-04 14:16 - 000000000 ____D C:\Program Files (x86)\Batman Arkham Knight
2020-04-27 15:43 - 2017-08-27 12:07 - 000113336 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2020-04-27 15:43 - 2017-08-10 17:49 - 000189232 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2020-04-27 15:43 - 2017-08-10 17:49 - 000149144 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2020-04-27 14:22 - 2019-12-22 22:01 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2020-04-21 23:02 - 2019-02-20 22:35 - 026035128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2020-04-21 23:02 - 2019-02-20 22:35 - 001919600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-04-21 22:52 - 2019-02-20 22:39 - 049841848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2020-04-21 22:47 - 2019-02-21 01:53 - 000211464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2020-04-21 22:47 - 2019-02-21 01:52 - 000232632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-04-21 22:47 - 2019-02-21 01:52 - 000161464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2020-04-21 22:46 - 2019-02-21 01:52 - 001721528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-04-17 20:32 - 2019-06-22 12:51 - 000000000 ____D C:\Users\syslao\AppData\Roaming\Ubisoft
2020-04-17 20:09 - 2019-12-25 12:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-16 15:47 - 2019-04-02 17:57 - 000000000 ____D C:\Users\syslao\AppData\Local\ElevatedDiagnostics
2020-04-16 14:36 - 2020-04-03 19:14 - 000000000 ____D C:\Program Files (x86)\Call of Duty 4 - Modern Warfare

==================== Files in the root of some directories ========

2019-12-05 22:15 - 2019-12-05 22:15 - 000000000 _____ () C:\Users\syslao\AppData\Local\oobelibMkey.log
2019-11-23 23:39 - 2019-12-08 15:21 - 000007607 _____ () C:\Users\syslao\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD. -> 0

LastRegBack: 2020-05-07 20:57
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by syslao (16-05-2020 11:12:26)
Running from C:\Users\syslao\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-11-18 13:10:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2223748271-3078650066-3298653764-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2223748271-3078650066-3298653764-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2223748271-3078650066-3298653764-1002 - Limited - Enabled)
syslao (S-1-5-21-2223748271-3078650066-3298653764-1001 - Administrator - Enabled) => C:\Users\syslao

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ACP Application (HKLM\...\{6F0FE248-D39D-4150-918F-E76C9E9F5943}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}) (Version: 10.1.102.64 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.4.2 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.71.1081 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Creative Audio Console (HKLM-x32\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{179752EE-BE61-41C4-909A-D4AAC9CF23FD}) (Version: 12.2.31.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Paint Shop Pro 7 Evaluation (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Sims 4 v.1.58.63.1010 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version: - Microsoft)
Vita 2 common (HKLM\...\{C7B5259E-11DC-4B21-BBDD-DDAAA88C1F36}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana Antimalware v.3.1.395 CZ_SK (HKLM-x32\...\Zemana Antimalware v.3.1.395 CZ_SK) (Version: v.3.1.395 CZ_SK - Libbi)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-04-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Hudba Google Play.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

==================== Loaded Modules (Whitelisted) =============

2020-03-02 18:11 - 2020-03-02 18:11 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-02-08 13:38 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-04-21 16:43 - 2020-04-21 16:43 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-03-02 18:11 - 2020-03-02 18:11 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-04-21 16:43 - 2020-04-21 16:43 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-11-22 23:19 - 000001094 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 genuine.adobe.com
127.0.0.1 prod.adobegenuine.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2223748271-3078650066-3298653764-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\syslao\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdvancedSystemCareService13 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Disc Soft Pro Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: GoogleChromeAutoLaunch_7F0F7518B55C87D0C1D924D7FA29EBC0 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: MalTray => D:\Stahování\Glarysoft Malware Hunter PRO v.1.97.0.686_Portable cz sk\App\GlarysoftMalwareHunter\mhtray.exe /autorun
MSCONFIG\startupreg: mncxbiumpSrv => C:\Windows\inf\mncxbiump.vbe
MSCONFIG\startupreg: MSStp => C:\Windows\system32\msstp.vbe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{22C61BCF-B1BD-48A2-A199-B61989592536}C:\users\syslao\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\syslao\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE4476D5-5202-45E1-89D8-C9446BA7EE0C}C:\users\syslao\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\syslao\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{87A62855-6AB6-42C0-97B2-305425A912FB}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{00D7EEC8-49FF-40A0-ABBA-06E2E8CA9450}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF169246-6BE8-47D6-96BA-90117E88E6DE}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{149B3D29-0255-4AE6-9BE4-9DD0B3ED9CE4}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE16CCC1-7084-4EA2-9E30-304355FC55AC}] => (Allow) C:\Users\syslao\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{37C80491-5AB1-4A75-A3B8-6CF017ABD43C}] => (Allow) C:\Users\syslao\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{E231FF84-A57E-4E39-8DBF-53871FF4EC79}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{C541991F-890E-46CF-824E-7C5EE04B0885}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{0E80910A-6E7C-40AA-B68A-C13A2DB10FB4}C:\hry\far cry 4\bin\farcry4.exe] => (Block) C:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [UDP Query User{3CD674CC-DFB7-41A0-BD43-ADF113F8D88A}C:\hry\far cry 4\bin\farcry4.exe] => (Block) C:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [TCP Query User{2CB67BD9-BF4F-4197-8E91-FD736EE42FC1}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Block) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe => No File
FirewallRules: [UDP Query User{18E8F5B3-8156-4F34-9CA2-60FCFC06F301}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Block) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe => No File
FirewallRules: [TCP Query User{35FAC8C1-90A9-4704-A4BD-6935C3ACE253}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Block) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe => No File
FirewallRules: [UDP Query User{79E3267A-126A-4D72-BC11-05879D49407B}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Block) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe => No File
FirewallRules: [{D6AF88CF-3110-4F5D-B787-31B9FD338D69}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

Check "VSS" service


==================== Faulty Device Manager Devices ============

Name: AMD Log Utility Driver
Description: AMD Log Utility Driver
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/16/2020 09:22:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/15/2020 09:55:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\syslao\AppData\Local\Temp\{916E96DD-B44C-4E1F-A314-0B4089733F2C}\setup.exe -runfromtemp -l0x0409 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\" -tempdisk1folder:"C:\Users\syslao\AppData\Local\Temp\{916E96DD-B44C-4E1F-A314-0B4089733F2C}\"; Popis = Removed Ubisoft Game Launcher; Chyba = 0x8007043c).

Error: (05/15/2020 07:17:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TS4_x64.exe verze 1.58.63.1010 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 108c

Čas spuštění: 01d62adc14b911ee

Čas ukončení: 15

Cesta k aplikaci: C:\games\The Sims 4\Game\Bin\TS4_x64.exe

ID hlášení:

Error: (05/15/2020 06:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SDFiles.exe, verze: 1.6.1.7, časové razítko: 0x2a425e19
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23391, časové razítko: 0x56e9a73c
Kód výjimky: 0x0eedfade
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0xaac
Čas spuštění chybující aplikace: 0x01d62ad927abe2e7
Cesta k chybující aplikaci: C:\Users\syslao\Desktop\SpyBot Search & Destroy 1.6.2.46 DC 13.01.2016 Portable\SDFiles.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 65b65640-96cc-11ea-9239-001d7d9f8c74

Error: (05/15/2020 06:31:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SDFiles.exe, verze: 1.6.1.7, časové razítko: 0x2a425e19
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.23391, časové razítko: 0x56e9a73c
Kód výjimky: 0x0eedfade
Posun chyby: 0x0000c54f
ID chybujícího procesu: 0x12b4
Čas spuštění chybující aplikace: 0x01d62ad6421891c5
Cesta k chybující aplikaci: C:\Users\syslao\Desktop\SpyBot Search & Destroy 1.6.2.46 DC 13.01.2016 Portable\SDFiles.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 801940fa-96c9-11ea-9239-001d7d9f8c74

Error: (05/15/2020 06:01:37 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/14/2020 05:37:32 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/13/2020 06:29:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (05/16/2020 10:34:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (05/16/2020 10:34:08 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (05/16/2020 10:27:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Peer Name Resolution Protocol byla ukončena s následující chybou:
%%-2140993535

Error: (05/16/2020 10:27:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Peer Networking Grouping závisí na službě Peer Name Resolution Protocol, která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (05/16/2020 10:27:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Peer Name Resolution Protocol byla ukončena s následující chybou:
%%-2140993535

Error: (05/16/2020 10:27:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Peer Networking Grouping závisí na službě Peer Name Resolution Protocol, která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (05/16/2020 10:27:35 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.

Error: (05/16/2020 10:27:35 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F14 06/18/2009
Motherboard: Gigabyte Technology Co., Ltd. P35-DS3
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 7166.49 MB
Available physical RAM: 3633.79 MB
Total Virtual: 14331.17 MB
Available Virtual: 9719.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:104.57 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.88 GB) (Free:91.1 GB) NTFS
Drive e: (SnowRunner) (CDROM) (Total:10.39 GB) (Free:0 GB) UDF

\\?\Volume{dc012002-cc5c-11e7-b570-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 8E71E94C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 081E081D)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

[Conder]

Urob v Malwarebytes uplny sken (v PC by uz mal byt nainstalovany):

• Ovor Malwarebytes a klikni na "Vyhledavac"
• Klikni na "Pokrocile kontroly" a potom na "Nastavit kontrolu"
• Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Skenovani na rootkity"
• Klikni na "Sken" a pockaj na dokoncenie
• Po dokonceni klikni na "Zobrazit zpravu" -> "Export" -> "Kopirovat do schranky"
• Skopirovany log vloz do dalsej odpovede

[Syslao]

Takže už vyřešeno jiným způsobem.Ale děkuju moc za pomoc

[Conder]

OK, nie je zaco Kazdopadne ak by si chcel dokoncit aspon precistenie od zbytocnosti, tak mozes poslat nove logy.