virus klavesnice

[pierres]

Mam DVA Mam systemy ve win xp vse v poho klavesnice funguje normalne ve win sedm(nemuzu ted psat cisla virus nedovoli!!!LOL

POMOC AJI MYS TO OVLINUJE ASI

LOG RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pierre at 2020-06-14 12:25:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 15 GB (12%) free of 129 GB
Total RAM: 16350 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:50, on 14.6.2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19597)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\PubMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Pierre\Desktop\MBSetup.exe
C:\Program Files\trend micro\Pierre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: NonSteam.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: EasyAntiCheat - Epic Games, Inc - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Beta Elevation Service (GoogleChromeBetaElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome Beta\Application\84.0.4147.45\elevation_service.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lmadmin - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11070 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Security\ekrn.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe"
C:\Windows\system32\hasplms.exe -run
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe"
"C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
SCIA -T Pierre-PC 11.10 -1 -c scia\SCIA_Software.lic -lmgrd_port 1c0e -x lmremove --lmgrd_start 5ee5f91e -l logs/SCIA.log
rundll32.exe "c:\program files\nvidia corporation\nvstreamsrv\rxdiag.dll" RxDiagSetRuntimeMessagePump
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1048cc13-d408-414c-9c4e-8227adcf0c2c -SystemEventPortName:HostProcess-ad6a4c3a-12a9-4ff8-bf5e-f67ec8d89e8a -IoCancelEventPortName:HostProcess-7126bdce-26db-4eed-8554-ef79055108bf -NonStateChangingEventPortName:HostProcess-18880f39-a729-4989-a53b-71bdcbe6474c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:02e7134d-a2b6-42ca-a035-7768bff80c0b -DeviceGroupId:WpdFsGroup
"taskhost.exe"
taskeng.exe {9046D94F-7532-46A8-A853-B42C2FC20AC7}
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
D:\Pierre\Download\PCMeterV4\PCMeterV0.4.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files (x86)\Steam\steam.exe" -silent
"C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\ESET\ESET Security\eguiproxy.exe" /hide
"C:\Program Files\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Pierre\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Pierre\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=83.0.4103.97 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fee172bd28,0x7fee172bd38,0x7fee172bd48
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1104 /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1316 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe"
"C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/Win64/UnrealCEFSubProcess.exe" --type=gpu-process --no-sandbox --lang=en --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Pierre/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --product-version="EpicGamesLauncher/10.16.3-13607823+++Portal+Release-Live UnrealEngine/4.23.0-13607823+++Portal+Release-Live Chrome/59.0.3071.15" --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,18,19,20,23,41,74 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x10de --gpu-device-id=0x0fc6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=26.21.14.4614 --gpu-driver-date=5-15-2020 --lang=en --locales-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources/locales" --log-file=C:/Users/Pierre/AppData/Local/EpicGamesLauncher/Saved/Logs/cef3.log --log-severity=warning --product-version="EpicGamesLauncher/10.16.3-13607823+++Portal+Release-Live UnrealEngine/4.23.0-13607823+++Portal+Release-Live Chrome/59.0.3071.15" --resources-dir-path="C:/Program Files (x86)/Epic Games/Launcher/Engine/Binaries/ThirdParty/CEF3/Win64/Resources" --service-request-channel-token=2AA1A5EFCA1EDB82D526D816EF4B6931 --mojo-platform-channel-handle=1560 /prefetch:2
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe" /srvupt
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
"C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\PubMonitor.exe" /IU
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Users\Pierre\Desktop\MBSetup.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --instant-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,1258238764660343203,15425447434223300969,131072 --lang=cs --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Pierre\Desktop\rsit.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20 2478864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-04-17 582008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-17 245112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2017-01-24 17406072]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2020-04-02 185648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Voobly"=C:\Program Files (x86)\Voobly\voobly.exe [2018-06-23 172032]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2020-06-04 3375904]
"EpicGamesLauncher"=C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [2020-06-04 32194448]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2018-11-22 456160]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2019-04-01 645456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NonSteam.bat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2020-06-14 12:25:45 ----D---- C:\rsit
2020-06-14 12:25:45 ----D---- C:\Program Files\trend micro
2020-06-13 23:30:15 ----D---- C:\AdwCleaner
2020-06-11 19:05:54 ----D---- C:\ProgramData\ESET
2020-06-11 19:05:54 ----D---- C:\Program Files\ESET
2020-06-07 10:27:04 ----D---- C:\Users\Pierre\AppData\Roaming\EasyAntiCheat
2020-06-07 10:23:20 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2020-06-07 10:23:20 ----A---- C:\Windows\system32\nvspcap64.dll
2020-06-07 10:23:20 ----A---- C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-07 10:22:19 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2020-06-07 10:22:19 ----A---- C:\Windows\system32\nvaudcap64v.dll
2020-06-07 10:21:39 ----A---- C:\Windows\system32\nv3dappshextr.dll
2020-06-07 10:21:39 ----A---- C:\Windows\system32\nv3dappshext.dll
2020-06-07 10:21:31 ----A---- C:\Windows\NvContainerRecovery.bat
2020-06-07 10:20:39 ----D---- C:\Windows\system32\drivers\NVIDIA Corporation
2020-06-07 10:18:38 ----A---- C:\Windows\system32\drivers\nvvhci.sys
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\vulkaninfo-1-999-0-0-0.exe
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\vulkan-1-999-0-0-0.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvptxJitCompiler.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvopencl32.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvofapi.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvfatbinaryLoader.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvcompiler32.dll
2020-06-07 10:18:37 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-06-07 10:18:37 ----A---- C:\Windows\system32\vulkaninfo.exe
2020-06-07 10:18:37 ----A---- C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\vulkan-1.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\OpenCL.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvumdshimx.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvrtum64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvptxJitCompiler.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvoptix.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvopencl64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvoglv64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvoglshim64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvofapi64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvinitx.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\NvIFR64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvhdap64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\NvFBC64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvfatbinaryLoader.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvdispgenco6444614.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvdispco6444614.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvcuvid.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvcuda.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvcompiler64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\nvcbl64.dll
2020-06-07 10:18:37 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2020-06-07 10:18:37 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2020-06-07 10:18:37 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2020-06-07 03:09:27 ----ASH---- C:\pagefile.sys
2020-06-07 02:47:36 ----D---- C:\Program Files (x86)\EasyAntiCheat
2020-06-06 12:54:33 ----A---- C:\Users\Pierre\AppData\Roaming\All CPU MeterV3_Settings.ini
2020-06-06 12:34:25 ----D---- C:\Program Files\Core Temp
2020-06-06 12:08:32 ----D---- C:\Program Files\CrystalDiskInfo
2020-05-09 15:58:26 ----D---- C:\Users\Pierre\AppData\Roaming\Kodi
2020-04-17 23:35:39 ----D---- C:\Solid Edge Standard Parts
2020-04-17 23:19:08 ----D---- C:\Users\Pierre\AppData\Roaming\Unigraphics Solutions
2020-04-17 22:48:24 ----D---- C:\Program Files\Solid Edge ST8
2020-04-15 18:50:04 ----D---- C:\Program Files (x86)\Minimal ADB and Fastboot
2020-04-15 18:25:26 ----D---- C:\Program Files (x86)\Android
2020-04-15 18:08:21 ----D---- C:\Program Files (x86)\ClockworkMod
2020-04-15 17:56:07 ----D---- C:\Program Files\SAMSUNG
2020-04-15 17:54:58 ----D---- C:\ProgramData\Samsung
2020-04-02 13:43:18 ----A---- C:\Windows\system32\drivers\epfwwfp.sys
2020-04-02 13:43:18 ----A---- C:\Windows\system32\drivers\ehdrv.sys
2020-04-02 13:43:18 ----A---- C:\Windows\system32\drivers\eamonm.sys
2020-03-15 21:59:15 ----D---- C:\Users\Pierre\AppData\Roaming\RPS

======List of files/folders modified in the last 3 months======

2020-06-14 12:25:45 ----RD---- C:\Program Files
2020-06-14 12:25:19 ----D---- C:\Windows\Temp
2020-06-14 12:20:51 ----D---- C:\Windows\system32\Tasks
2020-06-14 12:18:42 ----D---- C:\Program Files (x86)\Steam
2020-06-14 12:18:28 ----D---- C:\ProgramData\NVIDIA
2020-06-14 12:12:32 ----D---- C:\Windows\system32\config
2020-06-13 23:57:09 ----SHD---- C:\System Volume Information
2020-06-13 23:17:40 ----D---- C:\ProgramData\ProductData
2020-06-11 19:59:04 ----D---- C:\ProgramData\Performance Tool
2020-06-11 19:32:03 ----D---- C:\Users\Pierre\AppData\Roaming\vlc
2020-06-11 19:06:28 ----D---- C:\Windows\system32\drivers
2020-06-11 19:06:25 ----D---- C:\Windows\system32\DriverStore
2020-06-11 19:06:24 ----SHD---- C:\Windows\Installer
2020-06-11 19:06:23 ----D---- C:\Windows\inf
2020-06-11 19:05:54 ----HD---- C:\ProgramData
2020-06-11 19:00:55 ----RD---- C:\Program Files (x86)
2020-06-11 18:59:41 ----D---- C:\Windows\system32\catroot
2020-06-11 16:45:33 ----D---- C:\Windows\Prefetch
2020-06-11 16:45:17 ----D---- C:\Windows
2020-06-11 16:23:38 ----D---- C:\Windows\System32
2020-06-09 16:20:49 ----A---- C:\ProgramData\version_changelog.txt
2020-06-09 13:10:16 ----D---- C:\Windows\system32\catroot2
2020-06-07 23:10:22 ----D---- C:\ProgramData\FLEXnet
2020-06-07 12:22:07 ----D---- C:\ProgramData\NVIDIA Corporation
2020-06-07 10:25:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-06-07 10:23:20 ----D---- C:\Windows\SysWOW64
2020-06-07 10:23:20 ----D---- C:\Program Files\NVIDIA Corporation
2020-06-07 10:23:20 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2020-06-07 10:21:39 ----D---- C:\Windows\Help
2020-06-07 10:21:26 ----D---- C:\Users\Pierre\AppData\Roaming\NVIDIA
2020-06-07 10:19:06 ----RD---- C:\Users
2020-06-06 12:53:19 ----D---- C:\Windows\system32\wbem
2020-06-04 20:22:33 ----D---- C:\Program Files\Epic Games
2020-05-18 23:18:52 ----A---- C:\Windows\system32\nvwgf2umx.dll
2020-05-18 23:18:40 ----A---- C:\Windows\system32\nvd3dumx.dll
2020-05-18 23:18:34 ----A---- C:\Windows\system32\nvapi64.dll
2020-05-17 10:12:30 ----D---- C:\Windows\system32\MRT
2020-05-17 10:02:10 ----AC---- C:\Windows\system32\MRT.exe
2020-05-16 04:57:45 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2020-05-16 02:34:51 ----A---- C:\Windows\system32\nvsvc64.dll
2020-05-16 02:34:51 ----A---- C:\Windows\system32\nvcpl.dll
2020-05-16 02:34:31 ----A---- C:\Windows\system32\nvsvcr.dll
2020-05-16 02:34:31 ----A---- C:\Windows\system32\nvshext.dll
2020-05-16 02:34:31 ----A---- C:\Windows\system32\nvmctray.dll
2020-05-12 20:19:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2020-05-12 20:19:08 ----D---- C:\Windows\system32\Macromed
2020-05-12 20:19:07 ----D---- C:\Windows\SYSWOW64\Macromed
2020-04-17 22:57:21 ----D---- C:\Windows\winsxs
2020-04-17 22:52:32 ----RSD---- C:\Windows\Fonts
2020-04-02 01:49:56 ----N---- C:\Windows\system32\MpSigStub.exe
2020-03-19 21:18:04 ----D---- C:\Program Files (x86)\Epic Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2018-06-29 516096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2020-04-02 154336]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2020-04-02 188872]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2020-04-02 115960]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2017-06-07 138296]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2015-09-24 109200]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2015-09-24 205528]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2015-09-24 350552]
R2 LGCoreTemp;Logitech CPU Core Tempurature; \??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [2015-06-21 14184]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver; C:\Windows\system32\DRIVERS\ipfnd51.sys [2009-03-18 37888]
R3 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [2019-07-30 25992]
R3 IUProcessFilter;IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [2019-07-30 19280]
R3 IURegistryFilter;IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [2019-07-30 31648]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2017-01-24 36496]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS); C:\Windows\system32\drivers\LGJoyXlCore.sys [2017-01-24 67736]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2017-01-24 26008]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2020-05-16 223120]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2020-05-16 69840]
R3 nvvhci;NVVHCI Enumerator Service; C:\Windows\system32\DRIVERS\nvvhci.sys [2020-05-16 67456]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\Windows\system32\DRIVERS\Rockey4.sys [2020-03-07 36904]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2015-12-21 47736]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\Pierre\AppData\Local\Temp\tmpA977.tmp []
S3 ALSysIO;ALSysIO; \??\C:\Users\Pierre\AppData\Local\Temp\ALSysIO64.sys []
S3 BlueStacksDrv;BlueStacks Hypervisor; \??\C:\Program Files\BlueStacks\BstkDrv.sys [2019-10-16 313112]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fiddrv64;fiddrv64; C:\Windows\system32\drivers\fiddrv64.sys []
S3 MSICDSetup;MSICDSetup; \??\F:\CDriver64.sys []
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2020-05-16 30336]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2020-04-02 2358784]
R2 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2020-03-07 3460072]
R2 hasplms;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2015-09-24 4665168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 lmadmin;lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [2011-08-05 6587728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 LogiRegistryService;Logitech Gaming Registry Service; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2017-01-24 225400]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2020-05-16 850928]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2020-05-16 873272]
R3 ekrnEpfw;ESET Firewall Helper; C:\Program Files\ESET\ESET Security\ekrn.exe [2020-04-02 2358784]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2018-08-04 1044816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-08 153752]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2019-08-23 156944]
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2014-03-02 977088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2020-05-12 335416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2020-06-04 8615864]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2020-06-04 811120]
S3 GoogleChromeBetaElevationService;Google Chrome Beta Elevation Service; C:\Program Files (x86)\Google\Chrome Beta\Application\84.0.4147.45\elevation_service.exe [2020-06-10 1309680]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\elevation_service.exe [2020-06-02 1287152]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-08 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2019-12-17 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2020-06-04 1785120]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2017-06-30 873968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-10-05 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]

-----------------EOF-----------------

[Rudy]

Zdravím!
Tento problém nebývá způsoben virem. PC můžeme vyčistit, ale dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . FRST je přesnější.

[pierres]

info.txt logfile of random's system information tool 1.10 2020-06-14 12:25:51

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AC333BF9C00008001010007FEFFFF3F00000054F0176400FEFFFF07FEFFFF93F017643D269C0000FEFFFF0FFEFFFFD016B464F142BC0F0000000000000000000000000000000055AA

======Uninstall list======

Adobe Flash Player 32 PPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_pepper.exe -maintain pepperplugin
Advanced Port Scanner 2.5-->MsiExec.exe /X{D9C2E1A5-64DA-4AE3-A3FF-F3C0A201533E}
Age of Empires 2 + The Conquerors CZ-->C:\ProgramData\Caphyon\Advanced Installer\{09626896-0C63-439F-9A60-DBBE7F6688E6}\Age of Empires 2 + The Conquerors CZ.exe /i {09626896-0C63-439F-9A60-DBBE7F6688E6}
Android SDK Tools-->C:\Program Files (x86)\Android\android-sdk\uninstall.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
BlueStacks App Player-->C:\Program Files\BlueStacks\BlueStacksUninstaller.exe -tmp
Bonjour Print Services-->MsiExec.exe /I{0DA20600-6130-443B-9D4B-F30520315FA6}
Bonjour-->MsiExec.exe /X{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}
CADS Composite Beam Designer-->C:\PROGRA~2\CADS\COMPOS~1\UNINST~1.EXE C:\PROGRA~2\CADS\COMPOS~1\INSTALL.LOG
CADS WindLoadEngine-->C:\PROGRA~2\COMMON~1\CADSSH~1\WINDLO~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\WINDLO~1\Install.log
Combined Community Codec Pack 64bit 2015-10-18-->"C:\Program Files\Combined Community Codec Pack 64bit\unins000.exe"
Composite Column Designer-->C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\COMPOS~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\COMPOS~1\Install.log
Core Temp version 0.99.7-->"C:\Program Files\Core Temp\unins000.exe"
Counter-Strike: Global Offensive-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/730
CrystalDiskInfo 8.5.2-->"C:\Program Files\CrystalDiskInfo\unins000.exe"
Epic Games Launcher Prerequisites (x64)-->MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF}
Epic Games Launcher-->MsiExec.exe /X{DCE27B29-200D-491A-BBC5-98ECEFEC0843}
ESET Security-->MsiExec.exe /I{0C3F76CB-98AA-49B1-9B72-CD040E3E17E8}
FL Studio 11-->C:\Program Files (x86)\Image-Line\FL Studio 11\uninstall.exe
FlowStone FL 3.0-->"C:\Program Files (x86)\DSPRobotics\FlowStone\uninstall fl version.exe"
Google Chrome Beta-->"C:\Program Files (x86)\Google\Chrome Beta\Application\84.0.4147.45\Installer\setup.exe" --uninstall --chrome-beta --system-level --verbose-logging
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
IDM Crack 6.32 build 6-->C:\Program Files (x86)\Internet Download Manager\IDM Patch Uninstaller 6.32 build 6.exe
IL Download Manager-->C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Identification Utility-->MsiExec.exe /X{1E8FF98A-558E-4534-9A90-0DE0EA62B4A3}
Intel® Trusted Connect Service Client-->MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7}
IObit Uninstaller 9-->"C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe"
Java 8 Update 211 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180211F0}
JDownloader 2-->"C:\Users\Pierre\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe"
KMSpico v9.2.3-->"C:\Program Files\KMSpico\unins000.exe"
Launcher Prerequisites (x64)-->"C:\ProgramData\Package Cache\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}\LauncherPrereqSetup_x64.exe" /uninstall
Logitech Gaming Software 8.91-->C:\Program Files\Logitech Gaming Software\uninstallhlpr.exe /bitness=x64 /silentmode=off /langid=CSY /downgrade=no /firstRun=yes
Microsoft .NET Framework 4.8 (CSY)-->MsiExec.exe /X{39DC4515-B8C1-3AD9-AA88-D7C8A333612F}
Microsoft .NET Framework 4.8 (čeština)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.8.03761\CSY\\Setup.exe /repair /x86 /x64 /lcid 1029
Microsoft .NET Framework 4.8-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.8.03761\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.8-->MsiExec.exe /X{16735AF7-1D8D-3681-94A5-C578A61EC832}
Microsoft Access MUI (Czech) 2013-->MsiExec.exe /X{90150000-0015-0405-1000-0000000FF1CE}
Microsoft Access MUI (English) 2013-->MsiExec.exe /X{90150000-0015-0409-1000-0000000FF1CE}
Microsoft Access Setup Metadata MUI (English) 2013-->MsiExec.exe /X{90150000-0117-0409-1000-0000000FF1CE}
Microsoft DCF MUI (Czech) 2013-->MsiExec.exe /X{90150000-0090-0405-1000-0000000FF1CE}
Microsoft DCF MUI (English) 2013-->MsiExec.exe /X{90150000-0090-0409-1000-0000000FF1CE}
Microsoft DirectX SDK (February 2010)-->C:\Windows\dxsdkuninst.exe "C:\Program Files (x86)\Microsoft DirectX SDK (February 2010)" "Microsoft DirectX SDK (February 2010)"
Microsoft Excel MUI (Czech) 2013-->MsiExec.exe /X{90150000-0016-0405-1000-0000000FF1CE}
Microsoft Excel MUI (English) 2013-->MsiExec.exe /X{90150000-0016-0409-1000-0000000FF1CE}
Microsoft Groove MUI (Czech) 2013-->MsiExec.exe /X{90150000-00BA-0405-1000-0000000FF1CE}
Microsoft Groove MUI (English) 2013-->MsiExec.exe /X{90150000-00BA-0409-1000-0000000FF1CE}
Microsoft InfoPath MUI (Czech) 2013-->MsiExec.exe /X{90150000-0044-0405-1000-0000000FF1CE}
Microsoft InfoPath MUI (English) 2013-->MsiExec.exe /X{90150000-0044-0409-1000-0000000FF1CE}
Microsoft Lync MUI (Czech) 2013-->MsiExec.exe /X{90150000-012B-0405-1000-0000000FF1CE}
Microsoft Lync MUI (English) 2013-->MsiExec.exe /X{90150000-012B-0409-1000-0000000FF1CE}
Microsoft Office 32-bit Components 2013-->MsiExec.exe /X{90150000-00C1-0000-1000-0000000FF1CE}
Microsoft Office Korrekturhilfen 2013 - Deutsch-->MsiExec.exe /X{90150000-001F-0407-1000-0000000FF1CE}
Microsoft Office Language Pack 2013 - Czech/čeština-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall OMUI.CS-CZ /dll OSETUP.DLL
Microsoft Office O MUI (Czech) 2013-->MsiExec.exe /X{90150000-0100-0405-1000-0000000FF1CE}
Microsoft Office OSM MUI (Czech) 2013-->MsiExec.exe /X{90150000-00E1-0405-1000-0000000FF1CE}
Microsoft Office OSM MUI (English) 2013-->MsiExec.exe /X{90150000-00E1-0409-1000-0000000FF1CE}
Microsoft Office OSM UX MUI (Czech) 2013-->MsiExec.exe /X{90150000-00E2-0405-1000-0000000FF1CE}
Microsoft Office OSM UX MUI (English) 2013-->MsiExec.exe /X{90150000-00E2-0409-1000-0000000FF1CE}
Microsoft Office Professional Plus 2013-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2013-->MsiExec.exe /X{90150000-0011-0000-1000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2013-->MsiExec.exe /X{90150000-002C-0405-1000-0000000FF1CE}
Microsoft Office Proofing (English) 2013-->MsiExec.exe /X{90150000-002C-0409-1000-0000000FF1CE}
Microsoft Office Proofing Tools 2013 - English-->MsiExec.exe /X{90150000-001F-0409-1000-0000000FF1CE}
Microsoft Office Proofing Tools 2013 - Español-->MsiExec.exe /X{90150000-001F-0C0A-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (Czech) 2013-->MsiExec.exe /X{90150000-00C1-0405-1000-0000000FF1CE}
Microsoft Office Shared 32-bit MUI (English) 2013-->MsiExec.exe /X{90150000-00C1-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2013-->MsiExec.exe /X{90150000-006E-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2013-->MsiExec.exe /X{90150000-006E-0409-1000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2013-->MsiExec.exe /X{90150000-0115-0409-1000-0000000FF1CE}
Microsoft OneNote MUI (Czech) 2013-->MsiExec.exe /X{90150000-00A1-0405-1000-0000000FF1CE}
Microsoft OneNote MUI (English) 2013-->MsiExec.exe /X{90150000-00A1-0409-1000-0000000FF1CE}
Microsoft Outlook MUI (Czech) 2013-->MsiExec.exe /X{90150000-001A-0405-1000-0000000FF1CE}
Microsoft Outlook MUI (English) 2013-->MsiExec.exe /X{90150000-001A-0409-1000-0000000FF1CE}
Microsoft PowerPoint MUI (Czech) 2013-->MsiExec.exe /X{90150000-0018-0405-1000-0000000FF1CE}
Microsoft PowerPoint MUI (English) 2013-->MsiExec.exe /X{90150000-0018-0409-1000-0000000FF1CE}
Microsoft Publisher MUI (Czech) 2013-->MsiExec.exe /X{90150000-0019-0405-1000-0000000FF1CE}
Microsoft Publisher MUI (English) 2013-->MsiExec.exe /X{90150000-0019-0409-1000-0000000FF1CE}
Microsoft SharePoint Designer MUI (Czech) 2013-->MsiExec.exe /X{90150000-0017-0405-1000-0000000FF1CE}
Microsoft Visual Basic for Applications 7.1 (x64) English-->MsiExec.exe /I{90F60409-7000-11D3-8CFE-0150048383C9}
Microsoft Visual Basic for Applications 7.1 (x64)-->MsiExec.exe /I{90120064-0070-0000-0000-4000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212-->"C:\ProgramData\Package Cache\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212-->MsiExec.exe /X{844ECB74-9B63-3D5C-958C-30BD23F19EE4}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212-->MsiExec.exe /X{37B55901-995A-3650-80B1-BBFD047E2911}
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012-->"C:\ProgramData\Package Cache\{427ada59-85e7-4bc8-b8d5-ebf59db60423}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2017 X64 Additional Runtime - 14.16.27012-->MsiExec.exe /I{DF5B1280-A057-4536-9D03-3BCAA0D4C6F0}
Microsoft Visual C++ 2017 X64 Minimum Runtime - 14.16.27012-->MsiExec.exe /I{3ECD99CB-EDAF-45DA-AD9C-2C4875F375FB}
Microsoft Visual Studio Code-->"C:\Program Files (x86)\Microsoft VS Code\unins000.exe"
Microsoft Word MUI (Czech) 2013-->MsiExec.exe /X{90150000-001B-0405-1000-0000000FF1CE}
Microsoft Word MUI (English) 2013-->MsiExec.exe /X{90150000-001B-0409-1000-0000000FF1CE}
Microsoft X MUI (Czech) 2013-->MsiExec.exe /X{90150000-0101-0405-1000-0000000FF1CE}
Minimal ADB and Fastboot version 1.4.3-->"C:\Program Files (x86)\Minimal ADB and Fastboot\unins000.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština-->MsiExec.exe /X{90150000-001F-0405-1000-0000000FF1CE}
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina-->MsiExec.exe /X{90150000-001F-041B-1000-0000000FF1CE}
NVIDIA GeForce Experience 3.20.3.63-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Ovladač HD audia 1.3.38.26-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Ovladače grafiky 446.14-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Systémový software PhysX 9.19.0218-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
Outils de vérification linguistique 2013 de Microsoft Office - Français-->MsiExec.exe /X{90150000-001F-040C-1000-0000000FF1CE}
Pavtube Video Converter Ultimate Ver 4.7.1.5362-->"C:\Program Files (x86)\Pavtube\Pavtube Video Converter Ultimate\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
SCIA Engineer 15.2-->MsiExec.exe /I{080D26D6-3804-47FA-9734-02FE67AED665}
Scia Licence Server-->MsiExec.exe /X{E592B693-81BE-42D9-B4E4-CABC11C7B101}
SketchUp 2015-->MsiExec.exe /X{319CD380-1AAB-4CAD-BE1D-59189A780FA6}
Solid Edge ST8-->MsiExec.exe /X{C69F7B10-60F2-476C-B0C1-4D61628462B7}
Solid Edge Standard Parts Machinery Library-->MsiExec.exe /I{43D738F1-4417-404E-8834-60BC27B10828}
Solid Edge Standard Parts Piping Library-->MsiExec.exe /I{F8E80E57-9994-4AAF-AB26-1B71F64264E2}
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
SteelMemberDesigner-->C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\STEELM~1\UNINST~1.EXE C:\PROGRA~2\COMMON~1\CADSSH~1\STRUCT~1\STEELM~1\Install.log
TeamSpeak 3 Client-->"C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
Tunngle-->"C:\Program Files (x86)\Tunngle\unins000.exe"
Universal Adb Driver-->MsiExec.exe /I{C0E08D8D-6076-4117-B644-2AF34F35B757}
Update for Microsoft .NET Framework 4.8 (KB4503575)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.8.03761\setup.exe /uninstallpatch {A07E5128-F45C-38FC-A4F2-57864869CF0A}
Update for Microsoft .NET Framework 4.8 (KB4532941)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.8.03761\setup.exe /uninstallpatch {B4401AF9-CE4C-3C52-AE65-3AE791A4229D}
VLC media player-->"C:\Program Files\VideoLAN\VLC\uninstall.exe"
Voobly Game Data-->"C:\Program Files (x86)\Voobly\unins000.exe"
WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe
WinRAR 5.40 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Wireshark 1.6.1-->"C:\Program Files (x86)\Wireshark\uninstall.exe"
ZWCAD 2020 English-->C:\Windows\Installer\{4FB58215-A001-0000-A200-EFD8A78FC2AE}\uninstall.exe /uninstall
ZWCAD 2020 Language Pack - English-->MsiExec.exe /X{4FB58215-A001-1033-A101-EFD8A78FC2AE}
ZWCAD 2020-->MsiExec.exe /X{4FB58215-A001-0000-A001-EFD8A78FC2AE}

======System event log======

Computer Name: Pierre-PC
Event Code: 7036
Message: Stav služby Služba WinHTTP WPAD byl změněn na: Zastaveno
Record Number: 110204
Source Name: Service Control Manager
Time Written: 20190918205646.939180-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 7036
Message: Stav služby Služba WinHTTP WPAD byl změněn na: Spuštěno
Record Number: 110203
Source Name: Service Control Manager
Time Written: 20190918204016.937966-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 7036
Message: Stav služby Služba WinHTTP WPAD byl změněn na: Zastaveno
Record Number: 110202
Source Name: Service Control Manager
Time Written: 20190918202645.829468-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 7036
Message: Stav služby Adobe Flash Player Update Service byl změněn na: Zastaveno
Record Number: 110201
Source Name: Service Control Manager
Time Written: 20190918201902.701659-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 7036
Message: Stav služby Adobe Flash Player Update Service byl změněn na: Spuštěno
Record Number: 110200
Source Name: Service Control Manager
Time Written: 20190918201902.701659-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: Pierre-PC
Event Code: 900
Message: Služba Ochrana softwaru se spouští.

Record Number: 33634
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20191023095913.000000-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 903
Message: The Software Protection service has stopped.

Record Number: 33633
Source Name: Office Software Protection Platform Service
Time Written: 20191023071442.000000-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 16384
Message: Successfully scheduled Software Protection service for re-start at 2019-11-21T20:58:41Z. Reason: GVLK.
Record Number: 33632
Source Name: Office Software Protection Platform Service
Time Written: 20191023071442.000000-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 1003
Message: The Software Protection service has completed licensing status check.
Application Id=0ff1ce15-a989-479d-af46-f275c6370663
Licensing Status=
1: 2b88c4f2-ea8f-43cd-805e-4d41346e18a7, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: b322da9c-a2e2-4058-9e4e-f59a6970bd69, 1, 0 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 30 0 msft:rm/algorithm/volume/1.0 0x00000000 258590)(?)(?)(?)])(1 )(2 )]


Record Number: 33631
Source Name: Office Software Protection Platform Service
Time Written: 20191023070940.000000-000
Event Type: Informace
User:

Computer Name: Pierre-PC
Event Code: 1033
Message: These policies are being excluded since they are only defined with override-only attribute.
Policy Names=(Security-SPP-Reserved-EnableNotificationMode)
App Id=0ff1ce15-a989-479d-af46-f275c6370663
Sku Id=b322da9c-a2e2-4058-9e4e-f59a6970bd69
Record Number: 33630
Source Name: Office Software Protection Platform Service
Time Written: 20191023070940.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Pierre-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PIERRE-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x23c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 18545
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181121135012.427942-000
Event Type: Úspěšný audit
User:

Computer Name: Pierre-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-21-2651151121-1816977454-1081676049-1003
Název účtu: UpdatusUser
Doména účtu: Pierre-PC
ID přihlášení: 0x44b85

Oprávnění: SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege
Record Number: 18544
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181121135011.164340-000
Event Type: Úspěšný audit
User:

Computer Name: Pierre-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PIERRE-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-21-2651151121-1816977454-1081676049-1003
Název účtu: UpdatusUser
Doména účtu: Pierre-PC
ID přihlášení: 0x44b85
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x23c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice: PIERRE-PC
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 18543
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181121135011.164340-000
Event Type: Úspěšný audit
User:

Computer Name: Pierre-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: PIERRE-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: UpdatusUser
Doména účtu: Pierre-PC
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x23c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 18542
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181121135011.164340-000
Event Type: Úspěšný audit
User:

Computer Name: Pierre-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 18541
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181121134824.865754-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Microsoft VS Code\bin;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"DXSDK_DIR"=C:\Program Files (x86)\Microsoft DirectX SDK (February 2010)\
"P_SCHEMA"=C:\Program Files\Solid Edge ST8\Schema
"KEYSHOT_EXTERNAL_LICENSE_FOLDER"=C:\Program Files\Solid Edge ST8\Program
"ESET_OPTIONS"=

-----------------EOF-----------------

[pierres]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Pierre (administrator) on PIERRE-PC (ATComputers OFFICEPRO 1000) (14-06-2020 12:42:33)
Running from C:\Users\Pierre\Desktop
Loaded Profiles: Pierre
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AddGadgets IT -> AddGadgets) D:\Pierre\Download\PCMeterV4\PCMeterV0.4.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Flexera Software, Inc. -> Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Flexera Software, Inc. -> Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\PubMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nemetschek SCIA) [File not signed] C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\SCIA.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-24] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-04-02] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2018-11-22] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2018-06-23] (Voobly) [File not signed]
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32194448 2020-06-04] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: G - G:\autostart.exe
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: {cd7985ca-a8ee-11e9-a951-10feed00bace} - M:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2010-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\Windows\system32\xrxs1l6.dll [34304 2012-11-09] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8237E44A-0054-442C-B6B6-EA0509993955}] -> C:\Program Files (x86)\Google\Chrome Beta\Application\84.0.4147.45\Installer\chrmstp.exe [2020-06-11] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NonSteam.bat [2018-02-18] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {52D650B6-C97A-480C-829F-19140A9A0E02} - System32\Tasks\PCMeter\Startup => D:\Pierre\Download\PCMeterV4\PCMeterV0.4.exe [119008 2013-11-06] (AddGadgets IT -> AddGadgets)
Task: {5B3C3130-3594-4A8A-98DA-636D8535C706} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {887EFBF5-8641-4A50-B9A5-B6999E4D97CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C34223D3-F5DA-4DE4-9118-2ED10B92E80D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D86A774E-EAAD-46CE-9AA6-779326D68E40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [566592 2008-07-30] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824 2010-05-18] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B077A091-35E7-42E2-8C68-8BC2EBE5D53E}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default [2020-06-14]
CHR Notifications: Default -> hxxps://21stoleti.cz; hxxps://www.ecigarko.cz; hxxps://www.mesec.cz; hxxps://www1p.sherwoodsutton.pro
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR Extension: (Prezentace) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Dokumenty) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Disk Google) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-08]
CHR Extension: (YouTube) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-08]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-16]
CHR Extension: (Tabulky) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-21]
CHR Profile: C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-11]
StartMenuInternet: Google Chrome Beta - C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-06-04] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-06-04] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
S3 GoogleChromeBetaElevationService; C:\Program Files (x86)\Google\Chrome Beta\Application\84.0.4147.45\elevation_service.exe [1309680 2020-06-10] (Google LLC -> Google LLC)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [6587728 2011-08-05] (Flexera Software, Inc. -> Flexera Software, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-24] (Logitech Inc -> Logitech Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [873272 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] (@ByELDI -> ) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-16] (Bluestack Systems, Inc. -> Bluestack System Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [154336 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188872 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [115960 2020-04-02] (ESET, spol. s r.o. -> ESET)
S3 fiddrv64; no ImagePath
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.)
R3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [37888 2009-03-18] (Microsoft Windows Hardware Compatibility Publisher -> IC Plus Corp.)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [31648 2019-07-30] (IObit CO., LTD -> IObit)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-01-24] (Logitech Inc -> Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [67456 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2020-03-07] (Feitian Technologies Co., Ltd. -> Feitian Technologies Co., Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net GmbH -> Tunngle.net)
S3 ALSysIO; \??\C:\Users\Pierre\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Pierre\AppData\Local\Temp\tmpA977.tmp [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-14 12:42 - 2020-06-14 12:43 - 000020237 _____ C:\Users\Pierre\Desktop\FRST.txt
2020-06-14 12:42 - 2020-06-14 12:43 - 000000000 ____D C:\FRST
2020-06-14 12:41 - 2020-06-14 12:41 - 002289152 _____ (Farbar) C:\Users\Pierre\Desktop\FRST64.exe
2020-06-14 12:25 - 2020-06-14 12:25 - 001222144 _____ C:\Users\Pierre\Desktop\rsit.exe
2020-06-14 12:25 - 2020-06-14 12:25 - 000000000 ____D C:\rsit
2020-06-14 12:25 - 2020-06-14 12:25 - 000000000 ____D C:\Program Files\trend micro
2020-06-13 23:30 - 2020-06-13 23:31 - 000000000 ____D C:\AdwCleaner
2020-06-13 23:30 - 2020-06-13 23:30 - 008402608 _____ (Malwarebytes) C:\Users\Pierre\Desktop\adwcleaner_8.0.5.exe
2020-06-13 23:13 - 2020-06-13 23:13 - 000000000 ____D C:\Users\Pierre\AppData\Local\ESET
2020-06-11 19:05 - 2020-06-11 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-06-11 19:05 - 2020-06-11 19:05 - 000000000 ____D C:\ProgramData\ESET
2020-06-11 19:05 - 2020-06-11 19:05 - 000000000 ____D C:\Program Files\ESET
2020-06-11 18:57 - 2020-06-11 18:57 - 001988280 _____ (Malwarebytes) C:\Users\Pierre\Desktop\MBSetup.exe
2020-06-11 18:53 - 2020-06-11 18:53 - 005504960 _____ (ESET) C:\Users\Pierre\Desktop\nod.exe
2020-06-11 18:49 - 2020-06-11 18:49 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pierre\Desktop\hijackthis.exe
2020-06-08 00:47 - 2020-06-08 00:47 - 039170653 _____ C:\Users\Pierre\Desktop\tich dom2.rar
2020-06-07 13:02 - 2020-06-07 13:02 - 000000000 ____D C:\Users\Pierre\Desktop\tich dom
2020-06-07 10:35 - 2020-06-07 10:35 - 000000000 ___SH C:\Users\Public\Shared Files
2020-06-07 10:27 - 2020-06-07 10:27 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\EasyAntiCheat
2020-06-07 10:25 - 2020-06-09 21:10 - 000000000 ____D C:\Users\Pierre\AppData\Local\NVIDIA
2020-06-07 10:25 - 2020-06-07 10:25 - 000001374 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-06-07 10:25 - 2020-06-07 10:25 - 000001374 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-06-07 10:25 - 2020-06-07 10:25 - 000000000 ____D C:\Users\Pierre\ansel
2020-06-07 10:23 - 2020-06-07 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-06-07 10:23 - 2020-05-16 04:57 - 002799416 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-07 10:23 - 2020-05-16 04:57 - 002159592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-07 10:23 - 2020-05-16 04:57 - 001314792 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-07 10:22 - 2020-05-16 04:57 - 000170472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2020-06-07 10:22 - 2020-05-16 04:57 - 000146408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2020-06-07 10:21 - 2020-05-16 04:57 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2020-06-07 10:21 - 2020-05-16 02:34 - 000987448 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-06-07 10:21 - 2020-05-16 02:34 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-06-07 10:20 - 2020-06-07 10:20 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-06-07 10:18 - 2020-05-18 23:24 - 001729232 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001729232 _____ C:\Windows\system32\vulkaninfo.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001078992 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 001078992 _____ C:\Windows\system32\vulkan-1.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000501664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000445160 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000342944 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 132262800 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 040450472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 031023856 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 030669544 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 026343664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 011944864 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 010286480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 000419232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 029696240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 023060376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-06-07 10:18 - 2020-05-18 23:22 - 017601424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 015160208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 005448432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 004862888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 002071792 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001722096 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444614.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001565080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001484184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444614.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001482136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001350568 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001141672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001048488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000626584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000543984 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000516848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000471464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000428440 _____ C:\Windows\system32\nvofapi64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000378776 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000182168 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000164264 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000158104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000144280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-06-07 10:18 - 2020-05-18 23:21 - 040556264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler64.dll
2020-06-07 10:18 - 2020-05-18 23:21 - 035418016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler32.dll
2020-06-07 10:18 - 2020-05-18 23:21 - 000632544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2020-06-07 10:18 - 2020-05-18 23:18 - 035464864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2020-06-07 10:18 - 2020-05-18 23:18 - 018527624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-06-07 10:18 - 2020-05-18 23:18 - 004216256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-06-07 10:18 - 2020-05-16 04:57 - 000223120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2020-06-07 10:18 - 2020-05-16 04:57 - 000069840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2020-06-07 10:18 - 2020-05-16 04:57 - 000067456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2020-06-07 10:18 - 2020-05-16 04:57 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2020-06-07 10:18 - 2020-05-16 04:57 - 000000671 _____ C:\Windows\SysWOW64\nv-vk32.json
2020-06-07 10:18 - 2020-05-16 04:57 - 000000671 _____ C:\Windows\system32\nv-vk64.json
2020-06-07 02:47 - 2020-06-07 10:27 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2020-06-07 02:47 - 2020-06-07 02:47 - 000000300 _____ C:\Users\Pierre\Desktop\Fortnite.url
2020-06-06 12:54 - 2020-06-11 16:48 - 000000624 _____ C:\Users\Pierre\AppData\Roaming\All CPU MeterV3_Settings.ini
2020-06-06 12:53 - 2020-06-06 12:53 - 000000000 ____D C:\Windows\system32\Tasks\PCMeter
2020-06-06 12:34 - 2020-06-06 15:36 - 000000000 ____D C:\Program Files\Core Temp
2020-06-06 12:34 - 2020-06-06 12:34 - 000000824 _____ C:\Users\Pierre\Desktop\Core Temp.lnk
2020-06-06 12:34 - 2020-06-06 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2020-06-06 12:08 - 2020-06-06 12:08 - 000001787 _____ C:\Users\Pierre\Desktop\CrystalDiskInfo.lnk
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2020-06-01 22:24 - 2020-06-01 22:24 - 000000000 ____D C:\Users\Pierre\Desktop\TUV

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-14 12:28 - 2009-07-14 06:45 - 000034640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-14 12:28 - 2009-07-14 06:45 - 000034640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-14 12:18 - 2020-01-16 17:54 - 000000000 ____D C:\Program Files (x86)\Steam
2020-06-14 12:18 - 2017-04-08 09:09 - 000000000 ____D C:\ProgramData\NVIDIA
2020-06-14 12:16 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-13 23:17 - 2019-09-19 12:13 - 000000000 ____D C:\ProgramData\ProductData
2020-06-11 21:16 - 2017-11-21 13:33 - 000000000 ____D C:\Users\Pierre\GSplay
2020-06-11 19:59 - 2019-01-05 19:01 - 000000000 ____D C:\ProgramData\Performance Tool
2020-06-11 19:32 - 2017-10-03 22:01 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\vlc
2020-06-11 19:06 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-06-11 16:28 - 2018-10-20 23:27 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome Beta.lnk
2020-06-11 16:28 - 2018-10-20 23:27 - 000002238 _____ C:\Users\Public\Desktop\Google Chrome Beta.lnk
2020-06-11 16:28 - 2018-10-20 23:27 - 000002238 _____ C:\ProgramData\Desktop\Google Chrome Beta.lnk
2020-06-09 16:20 - 2019-12-12 01:21 - 000000007 _____ C:\ProgramData\version_changelog.txt
2020-06-09 00:15 - 2017-04-08 09:25 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-09 00:15 - 2017-04-08 09:25 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-09 00:15 - 2017-04-08 09:25 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-08 22:33 - 2020-05-09 15:58 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\Kodi
2020-06-07 23:10 - 2018-08-04 20:59 - 000000000 ____D C:\ProgramData\FLEXnet
2020-06-07 12:25 - 2018-01-12 02:55 - 000000000 ____D C:\Users\Pierre\AppData\Local\NVIDIA Corporation
2020-06-07 12:22 - 2017-04-08 09:07 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-06-07 10:51 - 2017-04-06 19:31 - 000000020 ___SH C:\Users\Pierre\ntuser.ini
2020-06-07 10:35 - 2009-07-14 05:20 - 000000000 __SHD C:\Users\Public\Libraries
2020-06-07 10:25 - 2017-04-06 19:31 - 000000000 ____D C:\Users\Pierre
2020-06-07 10:25 - 2011-04-12 10:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2020-06-07 10:25 - 2011-04-12 10:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2020-06-07 10:25 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-07 10:23 - 2017-04-08 09:07 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-06-07 10:23 - 2017-04-08 09:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-06-07 10:21 - 2017-11-21 14:30 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\NVIDIA
2020-06-07 10:21 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Help
2020-06-07 02:49 - 2018-01-12 02:04 - 000000000 ____D C:\Users\Pierre\AppData\Local\UnrealEngine
2020-06-04 20:22 - 2018-01-12 02:07 - 000000000 ____D C:\Program Files\Epic Games
2020-05-18 23:18 - 2017-04-08 09:06 - 041111584 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-05-18 23:18 - 2017-04-08 09:06 - 022226656 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-05-18 23:18 - 2017-04-08 09:06 - 004770272 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-05-17 10:12 - 2017-04-08 14:49 - 000000000 ____D C:\Windows\system32\MRT
2020-05-17 10:02 - 2017-04-08 14:49 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-05-16 04:57 - 2017-04-08 09:11 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2020-05-16 04:57 - 2017-04-08 09:07 - 000053678 _____ C:\Windows\system32\nvinfo.pb
2020-05-16 02:34 - 2017-04-08 09:08 - 005582824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 002632680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 000446264 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories ========

2019-01-05 17:55 - 2019-01-05 18:30 - 107573848 _____ () C:\Users\Pierre\JustCause2-patch_1.0.2-FIXED.exe
2020-06-06 12:54 - 2020-06-11 16:48 - 000000624 _____ () C:\Users\Pierre\AppData\Roaming\All CPU MeterV3_Settings.ini
2017-04-08 13:02 - 2018-10-24 21:39 - 000007597 _____ () C:\Users\Pierre\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-07 07:31
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Pierre (14-06-2020 12:43:57)
Running from C:\Users\Pierre\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-04-06 17:31:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2651151121-1816977454-1081676049-500 - Administrator - Disabled)
Guest (S-1-5-21-2651151121-1816977454-1081676049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2651151121-1816977454-1081676049-1002 - Limited - Enabled)
Pierre (S-1-5-21-2651151121-1816977454-1081676049-1000 - Administrator - Enabled) => C:\Users\Pierre

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.371 - Adobe)
Advanced Port Scanner 2.5 (HKLM-x32\...\{D9C2E1A5-64DA-4AE3-A3FF-F3C0A201533E}) (Version: 2.5.3581 - Famatech)
Age of Empires 2 + The Conquerors CZ (HKLM-x32\...\Age of Empires 2 + The Conquerors CZ 1.1.0) (Version: 1.1.0 - Microsoft Game Studios)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.140.11.1002 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CADS Composite Beam Designer (HKLM-x32\...\CADS Composite Beam Designer) (Version: 3.27.319.1 - Computer And Design Services Ltd)
CADS WindLoadEngine (HKLM-x32\...\WindLoadEngine) (Version: 1.10.63.0 - Computer And Design Services Ltd)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Composite Column Designer (HKLM-x32\...\Composite Column Designer) (Version: 1.0.69.0 - Computer And Design Services Ltd)
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
CrystalDiskInfo 8.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.5.2 - Crystal Dew World)
Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{0C3F76CB-98AA-49B1-9B72-CD040E3E17E8}) (Version: 13.1.21.0 - ESET, spol. s r.o.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
Google Chrome Beta (HKLM-x32\...\Google Chrome Beta) (Version: 84.0.4147.45 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
IDM Crack 6.32 build 6 (HKLM-x32\...\IDM Crack 6.32 build 6) (Version: 6.32 build 6 - Crackingpatching.com Team)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Identification Utility (HKLM-x32\...\{1E8FF98A-558E-4534-9A90-0DE0EA62B4A3}) (Version: 6.0.0211 - Intel Corporation) Hidden
Intel® Processor Identification Utility (HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Intel® Processor Identification Utility 6.0.0211) (Version: 6.0.0211 - Intel Corporation)
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.0.2.40 - IObit)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kodi (HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Kodi) (Version: - XBMC Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft DirectX SDK (February 2010) (HKLM-x32\...\Microsoft DirectX SDK (February 2010)) (Version: 9.28.1886.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.32.3 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 446.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 446.14 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 446.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 446.14 - NVIDIA Corporation) Hidden
Pavtube Video Converter Ultimate Ver 4.7.1.5362 (HKLM-x32\...\Pavtube Video Converter Ultimate_is1) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SCIA Engineer 15.2 (HKLM-x32\...\{080D26D6-3804-47FA-9734-02FE67AED665}) (Version: 15.2.99 - SCIA)
Scia Licence Server (HKLM-x32\...\{E592B693-81BE-42D9-B4E4-CABC11C7B101}) (Version: 2.2.5 - Nemetschek Scia)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
Solid Edge ST8 (HKLM\...\{C69F7B10-60F2-476C-B0C1-4D61628462B7}) (Version: 108.00.00091 - Siemens)
Solid Edge Standard Parts Machinery Library (HKLM-x32\...\{43D738F1-4417-404E-8834-60BC27B10828}) (Version: 108.00.00091 - Siemens)
Solid Edge Standard Parts Piping Library (HKLM-x32\...\{F8E80E57-9994-4AAF-AB26-1B71F64264E2}) (Version: 108.00.00091 - Siemens)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelMemberDesigner (HKLM-x32\...\SteelMemberDesigner) (Version: 1.04.207.0 - Computer And Design Services Ltd)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a release candidate 1 - Ghisler Software GmbH)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 1.6.1 (HKLM-x32\...\Wireshark) (Version: 1.6.1 - The Wireshark developer community, hxxp://www.wireshark.org)
ZWCAD 2020 (HKLM\...\{4FB58215-A001-0000-A001-EFD8A78FC2AE}) (Version: 20.20.1008.53615 - ZWSOFT) Hidden
ZWCAD 2020 English (HKLM\...\{4FB58215-A001-0000-A200-EFD8A78FC2AE}) (Version: 20.20.1008.53615 - ZWSOFT)
ZWCAD 2020 Language Pack - English (HKLM\...\{4FB58215-A001-1033-A101-EFD8A78FC2AE}) (Version: 20.20.1008.53615 - ZWSOFT) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2651151121-1816977454-1081676049-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Users\Pierre\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll (AddGadgets IT -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (February 2010)\Utilities\bin\x64\TxView.dll [2010-02-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1470976 2012-11-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Pierre\Desktop\ZWCAD 2020.lnk -> D:\Pierre\Download\ZWCAD.2020.Sp2.v2020.01.07.53615.x64_p30download.com\Cracked file\ZWCAD 2020 RESET.bat ()

==================== Loaded Modules (Whitelisted) =============

2018-01-12 02:04 - 2018-01-12 02:04 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-01-12 02:04 - 2018-01-12 02:04 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-01-12 02:04 - 2018-01-12 02:04 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2013-08-15 11:07 - 2013-08-15 11:07 - 004579328 _____ (Flexera Software, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\SCIA_libFNP.dll
2018-01-12 02:04 - 2018-01-12 02:04 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Pierre\ntuser.ini:NTV [11664]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: ZWCAD.SCR.2020 => <==== ATTENTION

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Microsoft VS Code\bin;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{05D91637-DFBE-44D1-BA04-60DDEAE75BDD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{B550D543-4D88-4795-AFE1-0956F2DB0859}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{F607D175-DA4A-4892-8732-96F5E352A95D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{4A83CD2E-4ECE-4386-884B-D007C23EECEC}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{E7CCD5EF-1159-4B47-B44F-194B899F950B}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{127C8FA0-E99C-4626-B05B-CFA76CA831B6}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [TCP Query User{4BF2F07D-485A-465E-9940-49E9DF9B9FAE}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH) [File not signed]
FirewallRules: [UDP Query User{D3741A13-A98A-49DB-BD22-797B293B8C4F}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH) [File not signed]
FirewallRules: [TCP Query User{8AFC9B8C-8CFF-4F3A-80CE-E7467BC94444}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{3AECC42A-152C-4418-BEB7-5B78863146D5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{C354ACE8-2B24-4BDB-848B-6E73A51E0BB0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{4D0BD3D9-4A16-4B97-BA58-44B4C23E3F05}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{A6A243BE-92F6-4B97-A393-014152E7121B}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{F0283E8D-FD28-416B-93B9-E8A64322B73E}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [TCP Query User{080D7223-5663-4429-A565-20E1ADCF927B}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{289CCDF8-A67D-4EA9-924C-A35CBFFA74F7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{265408AD-6571-4905-BD79-0F3B1593C8FF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{713572F8-83F4-4E1B-868D-B56B9C45FD99}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{0B915564-17FA-493E-AA20-24C901151FC0}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{A3B63B64-5C6D-47D5-BF3B-7112F54CE804}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{CBA8A5B9-29FD-47FC-B52F-7099CABB373E}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{08649B17-D0F6-41F3-B6D0-C6497F6B388E}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [TCP Query User{AF035AF8-579F-4D78-8726-28BAB3D301E8}D:\games\warcraft 3\warcraft iii\war3.exe] => (Allow) D:\games\warcraft 3\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{ACCE2801-637B-459C-8D80-473C692431D4}D:\games\warcraft 3\warcraft iii\war3.exe] => (Allow) D:\games\warcraft 3\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{E0E13F33-8EA5-43BA-9E0F-011CCD40629C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515A9CBD-DAB3-48CD-A46B-90EC3CF0EFF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A3ABC1F-E209-4FFE-8DCA-2C4CAF7540B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F927342-0BE8-481D-B45B-FAD0ACDB867E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7028E6D0-85C3-441B-86F4-57FAF8F13B93}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4874B15C-5F84-4DAC-8505-EED7936AB9A2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{14A90AD2-0820-4395-BB88-FAC877744C50}] => (Allow) C:\Program Files (x86)\SCIA\Engineer15.2\DesignForms_CalcExe.exe (Nemetschek Scia NV -> Petr Slepicka)
FirewallRules: [{7A81ED6D-EBFF-415D-921B-369C8C081D68}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{904E5BB5-88BA-4855-8F27-3C698A7B057B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{D133FE95-95ED-4091-B9CF-E90BF4D645F8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{65B53F37-A5BE-4D29-9A3B-A4A8C47EDE0A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{A4D3C107-152B-4DEB-9911-E950AA129C42}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet, Inc. -> SafeNet Inc.)
FirewallRules: [TCP Query User{8FE0BADE-47BD-4CBE-B0E6-F032B7A0177A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{76304769-C38B-460C-AF75-A2CBF863B8D3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1463144E-6806-4E8F-A580-ACBF673F827B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{CFB2C89C-B3D9-453A-9699-E7C3D566A690}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{F2720267-248F-420A-8772-35A2FBAB8117}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{45ACBC14-5BF6-4467-BD3F-A35A6D1B0C3B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{BDEB98C2-11C6-49DF-B9B6-8E7E93F7D21E}] => (Allow) C:\Program Files (x86)\Age of Empires II - The Conquerors\empires2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{845BF4B5-4218-4A1C-99AD-184D56FABC72}] => (Allow) C:\Program Files (x86)\Age of Empires II - The Conquerors\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{2E6993A5-6472-4B4D-90E8-BBEB6374BF1A}] => (Allow) LPort=1688
FirewallRules: [{2525DAE5-2FFE-4AB2-969B-89ED75000585}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{A28BFB93-F736-407E-A387-522BAF258312}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE4E4D15-31FD-4115-9937-51657DA99A1B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39B1A1D9-DCAA-40B5-9E69-1E04D30B3C3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2CBF9B72-8143-48D2-8A92-210A373DD709}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{460EC63F-7CD6-4C87-8C16-3C0F78F9157F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5ECAEB3E-CCAF-40D7-BACC-C23CDA304631}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FAA61A0E-6328-405E-8F66-FBCF682081C9}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1BC692E4-0B66-40B6-9B88-21744C452905}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1629DD18-6A8E-45D1-9766-980A5DFC61DC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1E5AB36A-77E5-430D-86C9-11DE724017D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{851DCAFB-349C-430D-849B-DFDCC4BCAFB2}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZWCAD.exe (ZWSOFT CO., LTD.(Guangzhou) -> ) [File not signed]
FirewallRules: [{98EA493F-7E9B-4054-9BA4-C430F74FD196}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwUpdHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{520680F5-E10C-4120-B5C3-EED605F456AE}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwAuthHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{138EF802-64CA-4BEF-9040-25941D4A80EB}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\CrashReportManagement.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{33606C69-D29B-4907-92FB-6A309CF5D151}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZWCAD.exe (ZWSOFT CO., LTD.(Guangzhou) -> ) [File not signed]
FirewallRules: [{1118EC0A-7E64-4ECB-9087-2EA64E286054}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\CrashReportManagement.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{77A00096-A857-4D4E-ACCF-5EB93610A16A}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwUpdHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{52647FC2-2FF9-4FBD-991F-C1DEE4530AE8}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwAuthHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{5333736A-3FE5-4546-B300-6376DC10BB8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E33FCC46-A289-483E-BD69-79E6F6596FE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{270BC65A-D636-44A8-B251-316F80987474}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EE0E6C02-9BDA-421D-B6AB-9E434762CFBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{004F8CBC-FF47-4AD3-85D1-462BE8D379BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{819A633D-10C7-46FF-B5C0-1BE8EC372339}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4789E551-405C-44C1-9FB0-389F5AD96F8E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2406089B-38A3-4255-9CC4-8A00173CDA63}] => (Allow) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/14/2020 12:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/14/2020 12:17:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.1.0.0, časové razítko: 0x5313ef48
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x000007fe85f40b6f
ID chybujícího procesu: 0xa6c
Čas spuštění chybující aplikace: 0x01d64234f217287b
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 4065f5b8-ae28-11ea-acb6-10feed00bace

Error: (06/14/2020 12:12:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/14/2020 12:12:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.1.0.0, časové razítko: 0x5313ef48
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x000007fe855d0b6f
ID chybujícího procesu: 0xa9c
Čas spuštění chybující aplikace: 0x01d64234355ff293
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 834b2ff1-ae27-11ea-bfe4-10feed00bace

Error: (06/13/2020 11:44:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/13/2020 11:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/13/2020 11:11:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.1.0.0, časové razítko: 0x5313ef48
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x000007fe85bb0b6f
ID chybujícího procesu: 0xa94
Čas spuštění chybující aplikace: 0x01d641c729906ec0
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 84582c6b-adba-11ea-9374-10feed00bace

Error: (06/13/2020 10:47:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.1.0.0, časové razítko: 0x5313ef48
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x000007fe85dc0b6f
ID chybujícího procesu: 0xb24
Čas spuštění chybující aplikace: 0x01d641c3b58d9db9
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 0a246884-adb7-11ea-9b7b-10feed00bace


System errors:
=============
Error: (06/14/2020 12:23:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/14/2020 12:17:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/14/2020 12:13:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/13/2020 11:52:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/13/2020 11:52:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (06/13/2020 11:52:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (06/13/2020 11:52:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/13/2020 11:52:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2020-04-16 16:55:20.895
Description:
Modul programu %1 byl ukončen v důsledku neočekávané chyby.
Typ chyby:%5
Kód výjimky:%6
Zdroj:%3

Date: 2018-07-04 11:39:08.090
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci.
Nová verze podpisu:1.271.442.0
Předchozí verze podpisu:1.269.1075.0
Zdroj aktualizace:Uživatel
Typ podpisu:Antispywarový program
Typ aktualizace:Delta
Uživatel:NT AUTHORITY\SYSTEM
Aktuální verze modulu:1.1.15000.2
Předchozí verze modulu:1.1.14901.4
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2018-07-04 11:39:08.075
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.15000.2
Předchozí verze modulu:1.1.14901.4
Zdroj aktualizace:Uživatel
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===================================

Date: 2017-10-05 02:15:07.822
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-05 02:15:07.775
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 17:09:59.612
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 17:09:59.550
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 15:57:09.025
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 15:57:08.978
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-03 22:41:31.434
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-03 22:41:31.387
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. FF 12/14/2012
Motherboard: Gigabyte Technology Co., Ltd. H61M-S2PV
Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 16349.9 MB
Available physical RAM: 11615.79 MB
Total Virtual: 32697.95 MB
Available Virtual: 27351.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:125.88 GB) (Free:14.99 GB) NTFS
Drive d: () (Fixed) (Total:800.75 GB) (Free:96.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Instalace win 7) (Fixed) (Total:4.88 GB) (Free:4.82 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9CBF33C3)
Partition 1: (Active) - (Size=800.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=125.9 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

[Rudy]

Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[pierres]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-06-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-14-2020
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted banggood.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3797 octets] - [13/06/2020 23:30:52]
AdwCleaner[C00].txt - [3565 octets] - [13/06/2020 23:31:52]
AdwCleaner[S01].txt - [1546 octets] - [13/06/2020 23:51:28]
AdwCleaner[C01].txt - [1716 octets] - [13/06/2020 23:52:02]
AdwCleaner[S02].txt - [1668 octets] - [14/06/2020 20:45:25]
AdwCleaner[S03].txt - [1729 octets] - [14/06/2020 20:46:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########
ůůůůůůů

porad to blůůůbne, no snaží se to psát dlouhé u 3ůůůůůůůůůůůůůůůůůůůůůůůůůůůůůůů jůaůk ůůůůůůůůůůůůůůůůůů zmaůůůůůůůůůůůůůůůůůůůů ckůnu 3ů nebo aůůůůůůůůůůůůůůůůůůůů
loůlůůůůůůůůůůůůů loůlů

[Rudy]

Dejte nové logy FRST+Addition.

[pierres]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Pierre (administrator) on PIERRE-PC (ATComputers OFFICEPRO 1000) (14-06-2020 22:04:34)
Running from C:\Users\Pierre\Desktop
Loaded Profiles: Pierre
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AddGadgets IT -> AddGadgets) D:\Pierre\Download\PCMeterV4\PCMeterV0.4.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Flexera Software, Inc. -> Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Flexera Software, Inc. -> Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LU_1\LogitechUpdate.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LU_1\LULnchr.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nemetschek SCIA) [File not signed] C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\SCIA.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-24] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-04-02] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2018-11-22] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2018-06-23] (Voobly) [File not signed]
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32194448 2020-06-04] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: G - G:\autostart.exe
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: {cd7985ca-a8ee-11e9-a951-10feed00bace} - M:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2010-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\Windows\system32\xrxs1l6.dll [34304 2012-11-09] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8237E44A-0054-442C-B6B6-EA0509993955}] -> C:\Program Files (x86)\Google\Chrome Beta\Application\84.0.4147.45\Installer\chrmstp.exe [2020-06-11] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NonSteam.bat [2018-02-18] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {52D650B6-C97A-480C-829F-19140A9A0E02} - System32\Tasks\PCMeter\Startup => D:\Pierre\Download\PCMeterV4\PCMeterV0.4.exe [119008 2013-11-06] (AddGadgets IT -> AddGadgets)
Task: {5B3C3130-3594-4A8A-98DA-636D8535C706} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {887EFBF5-8641-4A50-B9A5-B6999E4D97CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C34223D3-F5DA-4DE4-9118-2ED10B92E80D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D86A774E-EAAD-46CE-9AA6-779326D68E40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [566592 2008-07-30] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824 2010-05-18] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B077A091-35E7-42E2-8C68-8BC2EBE5D53E}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default [2020-06-14]
CHR Notifications: Default -> hxxps://21stoleti.cz; hxxps://www.ecigarko.cz; hxxps://www.mesec.cz; hxxps://www1p.sherwoodsutton.pro
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR Extension: (Prezentace) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Dokumenty) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Disk Google) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-08]
CHR Extension: (YouTube) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-08]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-16]
CHR Extension: (Tabulky) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-09]
CHR Extension: (Chrome Media Router) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-21]
CHR Profile: C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-11]
StartMenuInternet: Google Chrome Beta - C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-06-04] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-06-04] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
S3 GoogleChromeBetaElevationService; C:\Program Files (x86)\Google\Chrome Beta\Application\84.0.4147.45\elevation_service.exe [1309680 2020-06-10] (Google LLC -> Google LLC)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [6587728 2011-08-05] (Flexera Software, Inc. -> Flexera Software, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-24] (Logitech Inc -> Logitech Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [873272 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] (@ByELDI -> ) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-16] (Bluestack Systems, Inc. -> Bluestack System Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [154336 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188872 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [115960 2020-04-02] (ESET, spol. s r.o. -> ESET)
S3 fiddrv64; no ImagePath
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-24] (SafeNet, Inc. -> SafeNet Inc.)
R3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [37888 2009-03-18] (Microsoft Windows Hardware Compatibility Publisher -> IC Plus Corp.)
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-01-24] (Logitech Inc -> Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [67456 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2020-03-07] (Feitian Technologies Co., Ltd. -> Feitian Technologies Co., Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net GmbH -> Tunngle.net)
S3 ALSysIO; \??\C:\Users\Pierre\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Pierre\AppData\Local\Temp\tmpD20D.tmp [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-14 12:43 - 2020-06-14 12:47 - 000044763 _____ C:\Users\Pierre\Desktop\Addition.txt
2020-06-14 12:42 - 2020-06-14 22:05 - 000020653 _____ C:\Users\Pierre\Desktop\FRST.txt
2020-06-14 12:42 - 2020-06-14 22:05 - 000000000 ____D C:\FRST
2020-06-14 12:41 - 2020-06-14 12:41 - 002289152 _____ (Farbar) C:\Users\Pierre\Desktop\FRST64.exe
2020-06-14 12:25 - 2020-06-14 12:25 - 001222144 _____ C:\Users\Pierre\Desktop\rsit.exe
2020-06-14 12:25 - 2020-06-14 12:25 - 000000000 ____D C:\rsit
2020-06-14 12:25 - 2020-06-14 12:25 - 000000000 ____D C:\Program Files\trend micro
2020-06-13 23:30 - 2020-06-13 23:31 - 000000000 ____D C:\AdwCleaner
2020-06-13 23:30 - 2020-06-13 23:30 - 008402608 _____ (Malwarebytes) C:\Users\Pierre\Desktop\adwcleaner_8.0.5.exe
2020-06-13 23:13 - 2020-06-13 23:13 - 000000000 ____D C:\Users\Pierre\AppData\Local\ESET
2020-06-11 19:05 - 2020-06-11 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-06-11 19:05 - 2020-06-11 19:05 - 000000000 ____D C:\ProgramData\ESET
2020-06-11 19:05 - 2020-06-11 19:05 - 000000000 ____D C:\Program Files\ESET
2020-06-11 18:57 - 2020-06-11 18:57 - 001988280 _____ (Malwarebytes) C:\Users\Pierre\Desktop\MBSetup.exe
2020-06-11 18:53 - 2020-06-11 18:53 - 005504960 _____ (ESET) C:\Users\Pierre\Desktop\nod.exe
2020-06-11 18:49 - 2020-06-11 18:49 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pierre\Desktop\hijackthis.exe
2020-06-08 00:47 - 2020-06-08 00:47 - 039170653 _____ C:\Users\Pierre\Desktop\tich dom2.rar
2020-06-07 13:02 - 2020-06-07 13:02 - 000000000 ____D C:\Users\Pierre\Desktop\tich dom
2020-06-07 10:35 - 2020-06-07 10:35 - 000000000 ___SH C:\Users\Public\Shared Files
2020-06-07 10:27 - 2020-06-07 10:27 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\EasyAntiCheat
2020-06-07 10:25 - 2020-06-09 21:10 - 000000000 ____D C:\Users\Pierre\AppData\Local\NVIDIA
2020-06-07 10:25 - 2020-06-07 10:25 - 000001374 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-06-07 10:25 - 2020-06-07 10:25 - 000001374 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-06-07 10:25 - 2020-06-07 10:25 - 000000000 ____D C:\Users\Pierre\ansel
2020-06-07 10:23 - 2020-06-07 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2020-06-07 10:23 - 2020-05-16 04:57 - 002799416 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-07 10:23 - 2020-05-16 04:57 - 002159592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-07 10:23 - 2020-05-16 04:57 - 001314792 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-07 10:22 - 2020-05-16 04:57 - 000170472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2020-06-07 10:22 - 2020-05-16 04:57 - 000146408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2020-06-07 10:21 - 2020-05-16 04:57 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2020-06-07 10:21 - 2020-05-16 02:34 - 000987448 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-06-07 10:21 - 2020-05-16 02:34 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-06-07 10:20 - 2020-06-07 10:20 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-06-07 10:18 - 2020-05-18 23:24 - 001729232 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001729232 _____ C:\Windows\system32\vulkaninfo.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001329360 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-06-07 10:18 - 2020-05-18 23:24 - 001078992 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 001078992 _____ C:\Windows\system32\vulkan-1.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000937680 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000501664 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000445160 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-06-07 10:18 - 2020-05-18 23:24 - 000342944 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 132262800 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 040450472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 031023856 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 030669544 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 026343664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 011944864 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 010286480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2020-06-07 10:18 - 2020-05-18 23:23 - 000419232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 029696240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 023060376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-06-07 10:18 - 2020-05-18 23:22 - 017601424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 015160208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 005448432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 004862888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 002071792 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001722096 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444614.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001565080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001484184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444614.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001482136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001350568 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001141672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 001048488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000626584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000543984 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000516848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000471464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000428440 _____ C:\Windows\system32\nvofapi64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000378776 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000182168 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000164264 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000158104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-06-07 10:18 - 2020-05-18 23:22 - 000144280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-06-07 10:18 - 2020-05-18 23:21 - 040556264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler64.dll
2020-06-07 10:18 - 2020-05-18 23:21 - 035418016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler32.dll
2020-06-07 10:18 - 2020-05-18 23:21 - 000632544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2020-06-07 10:18 - 2020-05-18 23:18 - 035464864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2020-06-07 10:18 - 2020-05-18 23:18 - 018527624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-06-07 10:18 - 2020-05-18 23:18 - 004216256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-06-07 10:18 - 2020-05-16 04:57 - 000223120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2020-06-07 10:18 - 2020-05-16 04:57 - 000069840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2020-06-07 10:18 - 2020-05-16 04:57 - 000067456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2020-06-07 10:18 - 2020-05-16 04:57 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2020-06-07 10:18 - 2020-05-16 04:57 - 000000671 _____ C:\Windows\SysWOW64\nv-vk32.json
2020-06-07 10:18 - 2020-05-16 04:57 - 000000671 _____ C:\Windows\system32\nv-vk64.json
2020-06-07 02:47 - 2020-06-07 10:27 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2020-06-07 02:47 - 2020-06-07 02:47 - 000000300 _____ C:\Users\Pierre\Desktop\Fortnite.url
2020-06-06 12:54 - 2020-06-11 16:48 - 000000624 _____ C:\Users\Pierre\AppData\Roaming\All CPU MeterV3_Settings.ini
2020-06-06 12:53 - 2020-06-06 12:53 - 000000000 ____D C:\Windows\system32\Tasks\PCMeter
2020-06-06 12:34 - 2020-06-06 15:36 - 000000000 ____D C:\Program Files\Core Temp
2020-06-06 12:34 - 2020-06-06 12:34 - 000000824 _____ C:\Users\Pierre\Desktop\Core Temp.lnk
2020-06-06 12:34 - 2020-06-06 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2020-06-06 12:08 - 2020-06-06 12:08 - 000001787 _____ C:\Users\Pierre\Desktop\CrystalDiskInfo.lnk
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2020-06-01 22:24 - 2020-06-01 22:24 - 000000000 ____D C:\Users\Pierre\Desktop\TUV

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-14 21:44 - 2020-01-16 17:54 - 000000000 ____D C:\Program Files (x86)\Steam
2020-06-14 21:19 - 2009-07-14 06:45 - 000034640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-14 21:19 - 2009-07-14 06:45 - 000034640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-14 20:50 - 2017-04-08 09:09 - 000000000 ____D C:\ProgramData\NVIDIA
2020-06-14 20:48 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-14 20:44 - 2020-05-09 15:58 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\Kodi
2020-06-13 23:17 - 2019-09-19 12:13 - 000000000 ____D C:\ProgramData\ProductData
2020-06-11 21:16 - 2017-11-21 13:33 - 000000000 ____D C:\Users\Pierre\GSplay
2020-06-11 19:59 - 2019-01-05 19:01 - 000000000 ____D C:\ProgramData\Performance Tool
2020-06-11 19:32 - 2017-10-03 22:01 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\vlc
2020-06-11 19:06 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-06-11 16:28 - 2018-10-20 23:27 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome Beta.lnk
2020-06-11 16:28 - 2018-10-20 23:27 - 000002238 _____ C:\Users\Public\Desktop\Google Chrome Beta.lnk
2020-06-11 16:28 - 2018-10-20 23:27 - 000002238 _____ C:\ProgramData\Desktop\Google Chrome Beta.lnk
2020-06-09 16:20 - 2019-12-12 01:21 - 000000007 _____ C:\ProgramData\version_changelog.txt
2020-06-09 00:15 - 2017-04-08 09:25 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-09 00:15 - 2017-04-08 09:25 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-09 00:15 - 2017-04-08 09:25 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-07 23:10 - 2018-08-04 20:59 - 000000000 ____D C:\ProgramData\FLEXnet
2020-06-07 12:25 - 2018-01-12 02:55 - 000000000 ____D C:\Users\Pierre\AppData\Local\NVIDIA Corporation
2020-06-07 12:22 - 2017-04-08 09:07 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-06-07 10:51 - 2017-04-06 19:31 - 000000020 ___SH C:\Users\Pierre\ntuser.ini
2020-06-07 10:35 - 2009-07-14 05:20 - 000000000 __SHD C:\Users\Public\Libraries
2020-06-07 10:25 - 2017-04-06 19:31 - 000000000 ____D C:\Users\Pierre
2020-06-07 10:25 - 2011-04-12 10:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2020-06-07 10:25 - 2011-04-12 10:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2020-06-07 10:25 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-07 10:23 - 2017-04-08 09:07 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-06-07 10:23 - 2017-04-08 09:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-06-07 10:21 - 2017-11-21 14:30 - 000000000 ____D C:\Users\Pierre\AppData\Roaming\NVIDIA
2020-06-07 10:21 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\Help
2020-06-07 02:49 - 2018-01-12 02:04 - 000000000 ____D C:\Users\Pierre\AppData\Local\UnrealEngine
2020-06-04 20:22 - 2018-01-12 02:07 - 000000000 ____D C:\Program Files\Epic Games
2020-05-18 23:18 - 2017-04-08 09:06 - 041111584 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-05-18 23:18 - 2017-04-08 09:06 - 022226656 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-05-18 23:18 - 2017-04-08 09:06 - 004770272 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-05-17 10:12 - 2017-04-08 14:49 - 000000000 ____D C:\Windows\system32\MRT
2020-05-17 10:02 - 2017-04-08 14:49 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-05-16 04:57 - 2017-04-08 09:11 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2020-05-16 04:57 - 2017-04-08 09:07 - 000053678 _____ C:\Windows\system32\nvinfo.pb
2020-05-16 02:34 - 2017-04-08 09:08 - 005582824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 002632680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 000446264 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-05-16 02:34 - 2017-04-08 09:08 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories ========

2019-01-05 17:55 - 2019-01-05 18:30 - 107573848 _____ () C:\Users\Pierre\JustCause2-patch_1.0.2-FIXED.exe
2020-06-06 12:54 - 2020-06-11 16:48 - 000000624 _____ () C:\Users\Pierre\AppData\Roaming\All CPU MeterV3_Settings.ini
2017-04-08 13:02 - 2018-10-24 21:39 - 000007597 _____ () C:\Users\Pierre\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-07 07:31
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Pierre (14-06-2020 22:06:09)
Running from C:\Users\Pierre\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-04-06 17:31:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2651151121-1816977454-1081676049-500 - Administrator - Disabled)
Guest (S-1-5-21-2651151121-1816977454-1081676049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2651151121-1816977454-1081676049-1002 - Limited - Enabled)
Pierre (S-1-5-21-2651151121-1816977454-1081676049-1000 - Administrator - Enabled) => C:\Users\Pierre

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.371 - Adobe)
Advanced Port Scanner 2.5 (HKLM-x32\...\{D9C2E1A5-64DA-4AE3-A3FF-F3C0A201533E}) (Version: 2.5.3581 - Famatech)
Age of Empires 2 + The Conquerors CZ (HKLM-x32\...\Age of Empires 2 + The Conquerors CZ 1.1.0) (Version: 1.1.0 - Microsoft Game Studios)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.140.11.1002 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CADS Composite Beam Designer (HKLM-x32\...\CADS Composite Beam Designer) (Version: 3.27.319.1 - Computer And Design Services Ltd)
CADS WindLoadEngine (HKLM-x32\...\WindLoadEngine) (Version: 1.10.63.0 - Computer And Design Services Ltd)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Composite Column Designer (HKLM-x32\...\Composite Column Designer) (Version: 1.0.69.0 - Computer And Design Services Ltd)
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
CrystalDiskInfo 8.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.5.2 - Crystal Dew World)
Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{0C3F76CB-98AA-49B1-9B72-CD040E3E17E8}) (Version: 13.1.21.0 - ESET, spol. s r.o.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
Google Chrome Beta (HKLM-x32\...\Google Chrome Beta) (Version: 84.0.4147.45 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
IDM Crack 6.32 build 6 (HKLM-x32\...\IDM Crack 6.32 build 6) (Version: 6.32 build 6 - Crackingpatching.com Team)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Identification Utility (HKLM-x32\...\{1E8FF98A-558E-4534-9A90-0DE0EA62B4A3}) (Version: 6.0.0211 - Intel Corporation) Hidden
Intel® Processor Identification Utility (HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Intel® Processor Identification Utility 6.0.0211) (Version: 6.0.0211 - Intel Corporation)
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.0.2.40 - IObit)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kodi (HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\Kodi) (Version: - XBMC Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech Gaming Software 8.91 (HKLM\...\Logitech Gaming Software) (Version: 8.91.48 - Logitech Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft DirectX SDK (February 2010) (HKLM-x32\...\Microsoft DirectX SDK (February 2010)) (Version: 9.28.1886.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.32.3 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 446.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 446.14 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 446.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 446.14 - NVIDIA Corporation) Hidden
Pavtube Video Converter Ultimate Ver 4.7.1.5362 (HKLM-x32\...\Pavtube Video Converter Ultimate_is1) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.3 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SCIA Engineer 15.2 (HKLM-x32\...\{080D26D6-3804-47FA-9734-02FE67AED665}) (Version: 15.2.99 - SCIA)
Scia Licence Server (HKLM-x32\...\{E592B693-81BE-42D9-B4E4-CABC11C7B101}) (Version: 2.2.5 - Nemetschek Scia)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
Solid Edge ST8 (HKLM\...\{C69F7B10-60F2-476C-B0C1-4D61628462B7}) (Version: 108.00.00091 - Siemens)
Solid Edge Standard Parts Machinery Library (HKLM-x32\...\{43D738F1-4417-404E-8834-60BC27B10828}) (Version: 108.00.00091 - Siemens)
Solid Edge Standard Parts Piping Library (HKLM-x32\...\{F8E80E57-9994-4AAF-AB26-1B71F64264E2}) (Version: 108.00.00091 - Siemens)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelMemberDesigner (HKLM-x32\...\SteelMemberDesigner) (Version: 1.04.207.0 - Computer And Design Services Ltd)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 9.0a release candidate 1 - Ghisler Software GmbH)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireshark 1.6.1 (HKLM-x32\...\Wireshark) (Version: 1.6.1 - The Wireshark developer community, hxxp://www.wireshark.org)
ZWCAD 2020 (HKLM\...\{4FB58215-A001-0000-A001-EFD8A78FC2AE}) (Version: 20.20.1008.53615 - ZWSOFT) Hidden
ZWCAD 2020 English (HKLM\...\{4FB58215-A001-0000-A200-EFD8A78FC2AE}) (Version: 20.20.1008.53615 - ZWSOFT)
ZWCAD 2020 Language Pack - English (HKLM\...\{4FB58215-A001-1033-A101-EFD8A78FC2AE}) (Version: 20.20.1008.53615 - ZWSOFT) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2651151121-1816977454-1081676049-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Users\Pierre\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll (AddGadgets IT -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (February 2010)\Utilities\bin\x64\TxView.dll [2010-02-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\system32\vorbis.acm [1470976 2012-11-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Pierre\Desktop\ZWCAD 2020.lnk -> D:\Pierre\Download\ZWCAD.2020.Sp2.v2020.01.07.53615.x64_p30download.com\Cracked file\ZWCAD 2020 RESET.bat ()

==================== Loaded Modules (Whitelisted) =============

2018-01-12 02:04 - 2018-01-12 02:04 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-01-12 02:04 - 2018-01-12 02:04 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-01-12 02:04 - 2018-01-12 02:04 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2013-08-15 11:07 - 2013-08-15 11:07 - 004579328 _____ (Flexera Software, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\scia\SCIA_libFNP.dll
2018-01-12 02:04 - 2018-01-12 02:04 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Pierre\ntuser.ini:NTV [11664]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: ZWCAD.SCR.2020 => <==== ATTENTION

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Microsoft VS Code\bin;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{05D91637-DFBE-44D1-BA04-60DDEAE75BDD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{B550D543-4D88-4795-AFE1-0956F2DB0859}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{F607D175-DA4A-4892-8732-96F5E352A95D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{4A83CD2E-4ECE-4386-884B-D007C23EECEC}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{E7CCD5EF-1159-4B47-B44F-194B899F950B}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{127C8FA0-E99C-4626-B05B-CFA76CA831B6}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [TCP Query User{4BF2F07D-485A-465E-9940-49E9DF9B9FAE}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH) [File not signed]
FirewallRules: [UDP Query User{D3741A13-A98A-49DB-BD22-797B293B8C4F}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH) [File not signed]
FirewallRules: [TCP Query User{8AFC9B8C-8CFF-4F3A-80CE-E7467BC94444}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{3AECC42A-152C-4418-BEB7-5B78863146D5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{C354ACE8-2B24-4BDB-848B-6E73A51E0BB0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{4D0BD3D9-4A16-4B97-BA58-44B4C23E3F05}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{A6A243BE-92F6-4B97-A393-014152E7121B}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{F0283E8D-FD28-416B-93B9-E8A64322B73E}C:\users\pierre\gsplay\csko\hl.exe] => (Allow) C:\users\pierre\gsplay\csko\hl.exe (Valve) [File not signed]
FirewallRules: [TCP Query User{080D7223-5663-4429-A565-20E1ADCF927B}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{289CCDF8-A67D-4EA9-924C-A35CBFFA74F7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{265408AD-6571-4905-BD79-0F3B1593C8FF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{713572F8-83F4-4E1B-868D-B56B9C45FD99}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{0B915564-17FA-493E-AA20-24C901151FC0}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{A3B63B64-5C6D-47D5-BF3B-7112F54CE804}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{CBA8A5B9-29FD-47FC-B52F-7099CABB373E}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{08649B17-D0F6-41F3-B6D0-C6497F6B388E}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [TCP Query User{AF035AF8-579F-4D78-8726-28BAB3D301E8}D:\games\warcraft 3\warcraft iii\war3.exe] => (Allow) D:\games\warcraft 3\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{ACCE2801-637B-459C-8D80-473C692431D4}D:\games\warcraft 3\warcraft iii\war3.exe] => (Allow) D:\games\warcraft 3\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{E0E13F33-8EA5-43BA-9E0F-011CCD40629C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515A9CBD-DAB3-48CD-A46B-90EC3CF0EFF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A3ABC1F-E209-4FFE-8DCA-2C4CAF7540B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F927342-0BE8-481D-B45B-FAD0ACDB867E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7028E6D0-85C3-441B-86F4-57FAF8F13B93}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4874B15C-5F84-4DAC-8505-EED7936AB9A2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{14A90AD2-0820-4395-BB88-FAC877744C50}] => (Allow) C:\Program Files (x86)\SCIA\Engineer15.2\DesignForms_CalcExe.exe (Nemetschek Scia NV -> Petr Slepicka)
FirewallRules: [{7A81ED6D-EBFF-415D-921B-369C8C081D68}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{904E5BB5-88BA-4855-8F27-3C698A7B057B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{D133FE95-95ED-4091-B9CF-E90BF4D645F8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{65B53F37-A5BE-4D29-9A3B-A4A8C47EDE0A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{A4D3C107-152B-4DEB-9911-E950AA129C42}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet, Inc. -> SafeNet Inc.)
FirewallRules: [TCP Query User{8FE0BADE-47BD-4CBE-B0E6-F032B7A0177A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{76304769-C38B-460C-AF75-A2CBF863B8D3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1463144E-6806-4E8F-A580-ACBF673F827B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{CFB2C89C-B3D9-453A-9699-E7C3D566A690}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{F2720267-248F-420A-8772-35A2FBAB8117}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{45ACBC14-5BF6-4467-BD3F-A35A6D1B0C3B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> ) [File not signed]
FirewallRules: [{BDEB98C2-11C6-49DF-B9B6-8E7E93F7D21E}] => (Allow) C:\Program Files (x86)\Age of Empires II - The Conquerors\empires2.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{845BF4B5-4218-4A1C-99AD-184D56FABC72}] => (Allow) C:\Program Files (x86)\Age of Empires II - The Conquerors\age2_x1\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{2E6993A5-6472-4B4D-90E8-BBEB6374BF1A}] => (Allow) LPort=1688
FirewallRules: [{2525DAE5-2FFE-4AB2-969B-89ED75000585}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{A28BFB93-F736-407E-A387-522BAF258312}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EE4E4D15-31FD-4115-9937-51657DA99A1B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39B1A1D9-DCAA-40B5-9E69-1E04D30B3C3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2CBF9B72-8143-48D2-8A92-210A373DD709}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{460EC63F-7CD6-4C87-8C16-3C0F78F9157F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5ECAEB3E-CCAF-40D7-BACC-C23CDA304631}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FAA61A0E-6328-405E-8F66-FBCF682081C9}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1BC692E4-0B66-40B6-9B88-21744C452905}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1629DD18-6A8E-45D1-9766-980A5DFC61DC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1E5AB36A-77E5-430D-86C9-11DE724017D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{851DCAFB-349C-430D-849B-DFDCC4BCAFB2}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZWCAD.exe (ZWSOFT CO., LTD.(Guangzhou) -> ) [File not signed]
FirewallRules: [{98EA493F-7E9B-4054-9BA4-C430F74FD196}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwUpdHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{520680F5-E10C-4120-B5C3-EED605F456AE}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwAuthHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{138EF802-64CA-4BEF-9040-25941D4A80EB}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\CrashReportManagement.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{33606C69-D29B-4907-92FB-6A309CF5D151}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZWCAD.exe (ZWSOFT CO., LTD.(Guangzhou) -> ) [File not signed]
FirewallRules: [{1118EC0A-7E64-4ECB-9087-2EA64E286054}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\CrashReportManagement.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{77A00096-A857-4D4E-ACCF-5EB93610A16A}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwUpdHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{52647FC2-2FF9-4FBD-991F-C1DEE4530AE8}] => (Allow) D:\Program Files\ZWSOFT\ZWCAD 2020\ZwAuthHost.exe (ZWSOFT CO., LTD.(Guangzhou) -> )
FirewallRules: [{5333736A-3FE5-4546-B300-6376DC10BB8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E33FCC46-A289-483E-BD69-79E6F6596FE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{270BC65A-D636-44A8-B251-316F80987474}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EE0E6C02-9BDA-421D-B6AB-9E434762CFBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{004F8CBC-FF47-4AD3-85D1-462BE8D379BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{819A633D-10C7-46FF-B5C0-1BE8EC372339}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4789E551-405C-44C1-9FB0-389F5AD96F8E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2406089B-38A3-4255-9CC4-8A00173CDA63}] => (Allow) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

14-06-2020 21:37:58 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/14/2020 08:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/14/2020 08:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.1.0.0, časové razítko: 0x5313ef48
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x000007fe85980b6f
ID chybujícího procesu: 0xad8
Čas spuštění chybující aplikace: 0x01d6427c726f548b
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: beefa31f-ae6f-11ea-9179-10feed00bace

Error: (06/14/2020 12:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/14/2020 12:17:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.1.0.0, časové razítko: 0x5313ef48
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x000007fe85f40b6f
ID chybujícího procesu: 0xa6c
Čas spuštění chybující aplikace: 0x01d64234f217287b
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 4065f5b8-ae28-11ea-acb6-10feed00bace

Error: (06/14/2020 12:12:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/14/2020 12:12:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.1.0.0, časové razítko: 0x5313ef48
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x000007fe855d0b6f
ID chybujícího procesu: 0xa9c
Čas spuštění chybující aplikace: 0x01d64234355ff293
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 834b2ff1-ae27-11ea-bfe4-10feed00bace

Error: (06/13/2020 11:44:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/13/2020 11:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (06/14/2020 08:56:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/14/2020 08:49:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/14/2020 08:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/14/2020 08:46:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/14/2020 08:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FLEXnet Licensing Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/14/2020 08:46:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (06/14/2020 08:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Logitech Gaming Registry Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/14/2020 08:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba lmadmin byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2020-04-16 16:55:20.895
Description:
Modul programu %1 byl ukončen v důsledku neočekávané chyby.
Typ chyby:%5
Kód výjimky:%6
Zdroj:%3

Date: 2018-07-04 11:39:08.090
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci.
Nová verze podpisu:1.271.442.0
Předchozí verze podpisu:1.269.1075.0
Zdroj aktualizace:Uživatel
Typ podpisu:Antispywarový program
Typ aktualizace:Delta
Uživatel:NT AUTHORITY\SYSTEM
Aktuální verze modulu:1.1.15000.2
Předchozí verze modulu:1.1.14901.4
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2018-07-04 11:39:08.075
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.15000.2
Předchozí verze modulu:1.1.14901.4
Zdroj aktualizace:Uživatel
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===================================

Date: 2017-10-05 02:15:07.822
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-05 02:15:07.775
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 17:09:59.612
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 17:09:59.550
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 15:57:09.025
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-04 15:57:08.978
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-03 22:41:31.434
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-03 22:41:31.387
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. FF 12/14/2012
Motherboard: Gigabyte Technology Co., Ltd. H61M-S2PV
Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16349.9 MB
Available physical RAM: 12025.5 MB
Total Virtual: 32697.95 MB
Available Virtual: 27786.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:125.88 GB) (Free:13.4 GB) NTFS
Drive d: () (Fixed) (Total:800.75 GB) (Free:96.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Instalace win 7) (Fixed) (Total:4.88 GB) (Free:4.82 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9CBF33C3)
Partition 1: (Active) - (Size=800.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=125.9 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: G - G:\autostart.exe
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: {cd7985ca-a8ee-11e9-a951-10feed00bace} - M:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 fiddrv64; no ImagePath
S3 ALSysIO; \??\C:\Users\Pierre\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
R3 WinRing0_1_2_0; \??\C:\Users\Pierre\AppData\Local\Temp\tmpD20D.tmp [X] <==== ATTENTION
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Shortcut: C:\Users\Pierre\Desktop\ZWCAD 2020.lnk -> D:\Pierre\Download\ZWCAD.2020.Sp2.v2020.01.07.53615.x64_p30download.com\Cracked file\ZWCAD 2020 RESET.bat ()
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Pierre\ntuser.ini:NTV [11664]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]
C:\Program Files\KMSpico

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[pierres]

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Pierre (15-06-2020 21:44:27) Run:1
Running from C:\Users\Pierre\Desktop
Loaded Profiles: Pierre
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: G - G:\autostart.exe
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\...\MountPoints2: {cd7985ca-a8ee-11e9-a951-10feed00bace} - M:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 fiddrv64; no ImagePath
S3 ALSysIO; \??\C:\Users\Pierre\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
R3 WinRing0_1_2_0; \??\C:\Users\Pierre\AppData\Local\Temp\tmpD20D.tmp [X] <==== ATTENTION
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Shortcut: C:\Users\Pierre\Desktop\ZWCAD 2020.lnk -> D:\Pierre\Download\ZWCAD.2020.Sp2.v2020.01.07.53615.x64_p30download.com\Cracked file\ZWCAD 2020 RESET.bat ()
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Pierre\ntuser.ini:NTV [11664]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]
C:\Program Files\KMSpico

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKU\S-1-5-21-2651151121-1816977454-1081676049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd7985ca-a8ee-11e9-a951-10feed00bace} => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\fiddrv64 => removed successfully
fiddrv64 => service removed successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
WinRing0_1_2_0 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully
WinRing0_1_2_0 => service removed successfully
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.) => Error: No automatic fix found for this entry.
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) => Error: No automatic fix found for this entry.
C:\Users\Pierre\Desktop\ZWCAD 2020.lnk => moved successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully
C:\Users\Pierre\ntuser.ini => ":NTV" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Program Files\KMSpico => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37764345 B
Java, Flash, Steam htmlcache => 70613563 B
Windows/system/drivers => 456126190 B
Edge => 0 B
Chrome => 1024818896 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 58651823 B
systemprofile32 => 58718179 B
LocalService => 58784407 B
NetworkService => 59525011 B
Pierre => 1476410598 B
UpdatusUser => 1476410598 B

RecycleBin => 336178 B
EmptyTemp: => 4.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:48:00 ====

[pierres]

Jinak ten bordel mi asi zakázal síťovou kartu asi nějak poškodil ovladač, tak to dělám nějak přes mobil, ale je to psycho...

[Rudy]

Takže změna k lepšímu nenastala?

[pierres]

Přijde mi že to už ovlivňuje klávesnici ještě před výběrem systému, že by se ta mrcha dostala do BIOSu?

[JaRon]

jednorazovo zaskocim:
ZMAZ subor C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NonSteam.bat
restart
prescanuj PC s MBAM - log sem

[pierres]

Soubor jsem smazal mbam jsem nainstaloval ale když jsem ho spustil že zástupce na plose, tak se nic nestalo, nenajel, nevím co s tim, asi reinstalace win