Dobrý večer,
prosím o kontrolu logu. Přítelkyni se zpomaluje a seká počítač, Avira jí hlásí několik podezřelých souborů a tr/crypt.xpack.gen.
Moc děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-02-2021
Ran by aja (administrator) on AJA-NTB (Hewlett-Packard HP Pavilion 15 Notebook PC) (13-02-2021 18:41:14)
Running from D:\Plocha
Loaded Profiles: aja
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Discord Inc. -> Discord Inc.) C:\Users\aja\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\aja\AppData\Local\FluxSoftware\Flux\flux.exe
(GlavSoft LLC. -> GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hi-Rez Studios) [File not signed] D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Softland S.R.L. -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Spotify AB -> Spotify Ltd) C:\Users\aja\AppData\Roaming\Spotify\Spotify.exe <6>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-17] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [f.lux] => C:\Users\aja\AppData\Local\FluxSoftware\Flux\flux.exe [1469968 2020-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [Spotify] => C:\Users\aja\AppData\Roaming\Spotify\Spotify.exe [23722056 2021-02-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [Discord] => C:\Users\aja\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: V - V:\setup.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {50822d89-a616-11e8-aa85-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7db-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7ec-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {7ee16692-b395-11e8-93a8-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {999871d2-6be8-11e9-a7b2-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {a8d56778-d315-11e5-908f-a0d3c152f807} - F:\autorun.exe
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw72: C:\Windows\System32\spool\prtprocs\x64\hpzppw72.dll [257024 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\doPDF 7 Monitor: C:\Windows\system32\dopdfmn7.dll [25888 2014-03-19] (Softland S.R.L. -> Softland)
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3lw72: C:\Windows\system32\hpz3lw72.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK [2016-04-28]
ShortcutTarget: Registration Assassin's Creed.LNK -> D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\replacefunckeys.ahk [2018-07-26] () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0AEDDC88-E915-4650-B2E3-4489DFF45B90} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {13C7EB83-2A1A-42D7-A360-69E282AF456C} - \{FDE55449-AF58-4C4F-B28C-94B8154AA81A} -> No File <==== ATTENTION
Task: {1D31571A-D93E-4D54-AD64-3E3EB556A959} - \{981B7714-33E0-432F-A022-0BDDC2ECEA19} -> No File <==== ATTENTION
Task: {1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD} - \{A845BF78-9E3E-4E5F-84B4-96B977815136} -> No File <==== ATTENTION
Task: {2A03F595-A8FA-48E4-AEA3-C3C284E565B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2B0721A9-F356-4D55-95EE-F0B1A5900E64} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [233176 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6} - \{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4} -> No File <==== ATTENTION
Task: {588572F1-85DE-4B98-A5A5-4F895D08ABF0} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {5FDC2A8C-88F6-4FA2-9654-60986524D9A6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {6FFEA7BB-303E-4378-80F4-795771F49269} - \StartDVR -> No File <==== ATTENTION
Task: {73DB9093-89F0-4F5A-9637-21AF08BAB9FC} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E} - \Avast Software\Overseer -> No File <==== ATTENTION
Task: {8E124E2B-E485-44EF-8E2C-CB97BD295EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {9B87201F-0FE4-45E4-887C-2F20D500F12F} - \AMDLinkUpdate -> No File <==== ATTENTION
Task: {B1A7C8FE-9B11-4F6A-87EB-6D88C1A6B3E9} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2649200 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B8CAE4CA-BFB5-482D-B174-A143FA8FD504} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {DF79AF6C-2BED-402E-A374-388A2143DCA2} - \ModifyLinkUpdate -> No File <==== ATTENTION
Task: {F3328174-6D70-43E8-9FBF-8A41CFBDC2AC} - \StartCN -> No File <==== ATTENTION
Task: {F80EB2B8-5E55-44AB-BDB1-30DD05EF0298} - \Defraggler Volume C Task -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{9B50915E-1AA6-4AD9-AD34-A0C9339CDD45}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{B65319CF-2650-44F3-A9F4-A45F7F284BAA}: [DhcpNameServer] 192.168.120.250
FireFox:
========
FF ProfilePath: C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default [2020-11-01]
FF user.js: detected! => C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\user.js [2018-06-07]
FF DownloadDir: C:\Users\Aja\Downloads
FF Homepage: Mozilla\Firefox\Profiles\0yy4fbsg.default -> hxxp://www.google.cz/
FF Session Restore: Mozilla\Firefox\Profiles\0yy4fbsg.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\Extensions\abs@avira.com.xpi [2016-02-28] [Legacy]
FF Extension: (ChatZilla) - C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-01-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default [2021-02-13]
CHR HomePage: Default -> hxxp://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-11]
CHR Extension: (Dokumenty) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-11]
CHR Extension: (Disk Google) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (MEGA) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2021-02-11]
CHR Extension: (YouTube) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-11]
CHR Extension: (uBlock Origin) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-02-08]
CHR Extension: (Screen Recorder for Google Chrome™) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclbecdgdoahkliaijlpkigldlkojjdn [2020-10-14]
CHR Extension: (Adobe Acrobat) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-17]
CHR Extension: (Tabulky) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-02-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]
CHR Profile: C:\Users\aja\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\aja\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-10-05]
CHR HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1205960 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573960 2021-01-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384360 2020-12-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [246168 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1579880 2013-12-27] (IVT CORPORATION -> IVT Corporation)
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-12-16] (IVT CORPORATION -> IVT Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2019-06-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 hpqwmiex; C:\Users\aja\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe [794112 2014-03-26] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-11-18] (Softland S.R.L. -> Microsoft)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-12-28] (Even Balance, Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC. -> GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-15] (Microsoft Windows -> Microsoft Corporation)
S3 Intel(R) SUR QC SAM; "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [222200 2020-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [178720 2020-05-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (Ralink Technology Corporation -> IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (Ralink Technology Corporation -> IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Mediatek Inc. -> Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (IVT CORPORATION -> Ralink Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-23] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-23] (Disc Soft Ltd -> Disc Soft Ltd)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [787576 2015-06-09] (Kasherlab Technology Inc. -> www.ext2fsd.com)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204936 2014-02-12] (Mediatek Inc. -> Ralink Technology, Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-05-29] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-15] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-15] (Microsoft Corporation) [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (Ralink Technology Corporation -> IVT Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-13 18:40 - 2021-02-13 18:42 - 000000000 ____D C:\FRST
2021-02-12 21:34 - 2021-02-12 21:34 - 000000017 _____ C:\Users\aja\AppData\Local\resmon.resmoncfg
2021-02-12 21:21 - 2021-02-12 21:22 - 000000000 ____D C:\Users\aja\AppData\Local\TeamViewer
2021-02-12 21:21 - 2021-02-12 21:21 - 000000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-07 21:57 - 2021-02-07 21:58 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\aja\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_mCEbU7h-SZDwgbcuVAmr8ktGXDuJkFQMeqeU@JTrx2WoAS8F3AWlm_k0be628b127e0600e_.exe
2021-01-27 00:24 - 2021-01-27 00:25 - 000000000 ____D C:\Users\aja\AppData\Local\Discord
2021-01-19 13:58 - 2021-01-19 13:58 - 000253992 _____ (Cisco Webex LLC) C:\Users\aja\Downloads\webex.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-13 18:46 - 2017-08-27 19:38 - 000000000 ____D C:\Users\aja\AppData\Roaming\discord
2021-02-13 17:58 - 2019-06-30 18:32 - 000000000 ____D C:\Users\aja\AppData\Roaming\Spotify
2021-02-13 14:50 - 2009-07-14 05:45 - 000032448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-13 14:50 - 2009-07-14 05:45 - 000032448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-13 14:43 - 2016-01-07 22:20 - 000000000 __SHD C:\Users\aja\IntelGraphicsProfiles
2021-02-13 14:42 - 2015-12-14 18:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-13 14:40 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-13 14:40 - 2009-07-14 05:45 - 000441064 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-12 21:23 - 2014-03-26 21:12 - 000116656 _____ C:\Users\aja\AppData\Local\GDIPFONTCACHEV1.DAT
2021-02-12 20:50 - 2011-04-12 09:34 - 000669830 _____ C:\Windows\system32\perfh005.dat
2021-02-12 20:50 - 2011-04-12 09:34 - 000141956 _____ C:\Windows\system32\perfc005.dat
2021-02-12 20:50 - 2009-07-14 06:13 - 001586648 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-12 20:50 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-02-12 20:25 - 2016-01-07 21:23 - 000000000 ____D C:\Users\aja\AppData\Roaming\vlc
2021-02-12 18:53 - 2015-12-14 19:08 - 000000000 ____D C:\Users\aja\AppData\Roaming\TeamViewer
2021-02-12 18:53 - 2014-03-26 20:53 - 000000000 ___HD C:\AMD
2021-02-12 18:11 - 2019-06-30 18:33 - 000000000 ____D C:\Users\aja\AppData\Local\Spotify
2021-02-12 18:04 - 2014-04-25 18:28 - 000000000 ____D C:\Windows\Minidump
2021-02-12 18:04 - 2014-03-26 22:19 - 000000000 ____D C:\Users\aja\AppData\Roaming\uTorrent
2021-02-10 01:03 - 2020-09-30 19:36 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-02-10 01:02 - 2018-09-21 23:34 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-08 22:25 - 2015-04-23 11:56 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-05 16:47 - 2020-10-29 16:27 - 000003596 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2021-02-05 13:16 - 2016-02-01 22:49 - 000003386 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 13:16 - 2016-02-01 22:49 - 000003258 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-03 21:07 - 2020-10-29 16:28 - 000003668 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate
2021-02-03 12:12 - 2017-09-20 04:57 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2021-01-27 11:59 - 2017-10-05 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-01-27 00:25 - 2017-08-27 19:38 - 000000000 ____D C:\Users\aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-01-27 00:25 - 2017-08-27 19:37 - 000000000 ____D C:\Users\aja\AppData\Local\SquirrelTemp
2021-01-21 21:28 - 2020-12-28 21:14 - 000000000 ____D C:\Users\aja\Documents\The Witcher 3
2021-01-18 09:08 - 2020-08-24 21:03 - 000032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories ========
2017-04-15 10:26 - 2017-07-04 13:07 - 007137216 _____ (Geek Unіnstaller) C:\Program Files\geek.exe
2014-06-15 23:52 - 2021-01-01 17:37 - 000011776 _____ () C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-07-01 19:50 - 2020-07-01 19:50 - 000001456 _____ () C:\Users\aja\AppData\Local\psppirerc
2014-08-30 20:25 - 2014-09-02 20:53 - 000000600 _____ () C:\Users\aja\AppData\Local\PUTTY.RND
2020-07-01 19:50 - 2020-07-01 19:50 - 000000722 _____ () C:\Users\aja\AppData\Local\recently-used.xbel
2021-02-12 21:34 - 2021-02-12 21:34 - 000000017 _____ () C:\Users\aja\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-02-11 12:17
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2021
Ran by aja (13-02-2021 18:46:29)
Running from D:\Plocha
Windows 7 Professional Service Pack 1 (X64) (2014-03-26 19:21:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3285070336-867792745-467015435-500 - Administrator - Disabled)
aja (S-1-5-21-3285070336-867792745-467015435-1000 - Administrator - Enabled) => C:\Users\aja
Guest (S-1-5-21-3285070336-867792745-467015435-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . (HKLM\...\{EAA6C597-BD0D-454D-AEB7-FF0A57905C1C}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{8CBC102C-34F4-4EB9-9529-3B222367621F}) (Version: 3.7.0.6 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20135 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
AutoHotkey 1.1.29.01 (HKLM\...\AutoHotkey) (Version: 1.1.29.01 - Lexikos)
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2101.2070 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.1.24458 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.44.15540 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{00BA5D43-DC76-4DF2-A38C-5D3B8FABF5E4}) (Version: 3.54.3529.0458 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4500 (HKLM-x32\...\{9DC11D9A-6DCD-4064-8363-63914A0122AB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cute Screen Recorder Free Version 1.6.0.8 (HKLM-x32\...\Cute Screen Recorder Free Version_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{19BC09B5-F319-4A61-A878-475E7F7054EA}) (Version: 1.1.195.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Flux) (Version: - f.lux Software LLC)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{AA6F009F-0CCD-4DD6-A462-28419C101D54}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\IMVU Avatar chat client software BETA) (Version: - )
Intel(R) Computing Improvement Program (HKLM\...\{93FE134F-7678-4D90-A849-6FF6EB28CCDF}) (Version: 2.4.04289 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{f0bbb6e9-80c3-4fe8-8691-b51d1281d69e}) (Version: 3.7.0.6 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 3.2.1.2664 - Kakao Corp.)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
novaPDF 8 (HKLM\...\{8608C4B2-639F-4F52-9EC5-27E1D8798F6E}) (Version: 8.5.938 - Softland) Hidden
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{A53F3DB0-ECBA-4CA0-A4AC-518FA7347A02}) (Version: 8.6.942 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{80DBAF1D-E308-43B6-8AA7-8F963391885D}) (Version: 8.6.942 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{BB360DC6-5476-44A0-9867-345A993587AB}) (Version: 8.6.942 - Softland)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
osu! (HKLM-x32\...\{2718f898-9bfa-4cb3-800a-fa7564e2d9ba}) (Version: latest - ppy Pty Ltd)
osu! (HKLM-x32\...\{4d51be9e-36ca-4ea4-99cd-31ce8c801648}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PS_AIO_04_C4500_Software_Min (HKLM-x32\...\{CF408B76-8698-4298-B549-5E6A94931B64}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Ralink Bluetooth Stack (HKLM\...\{B346BD6C-AE56-7DD3-175C-2374C7113BCB}) (Version: 11.0.752.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype verze 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Spotify) (Version: 1.1.52.687.gf5565fe5 - Spotify AB)
SRWare Iron verze 55.0.2900.1 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: 55.0.2900.1 - SRWare)
Starshine 1.díl (HKLM-x32\...\{73B3C57B-3ED7-40DB-A554-32EB5D35F84E}) (Version: 1.00.000 - )
Starshine 2.díl (HKLM-x32\...\{2FA1102F-DE05-4E79-8CED-E5BAABFC2FEF}) (Version: 1.00.000 - )
Starshine 3.díl (HKLM-x32\...\{A7123032-A8DA-48AC-9F5D-0A3B14698375}) (Version: 1.00.000 - )
Starshine 4.díl (HKLM-x32\...\{C4ECF493-29C4-4CB7-903E-90C28F3D0C00}) (Version: 1.00.000 - )
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19.4 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneBlade (HKLM-x32\...\{55CB4047-9486-4D47-86B8-D8007F0D8540}) (Version: 1.8.0 - TuneBlade)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VideoCam Suite (HKLM-x32\...\{8113EBFB-1524-4202-AECF-5F2C037FEF8C}) (Version: 1.00.821 - Panasonic) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3285070336-867792745-467015435-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2013-12-16] (IVT CORPORATION -> TODO: <公司名>)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-01-20] (Google LLC -> Google)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-01-20] (Google LLC -> Google)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\aja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\aja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3373c9ebc3a5e445\Chromium.lnk -> C:\Program Files (x86)\SRWare Iron\chrome.exe () -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2018-12-06 19:54 - 2018-12-06 19:54 - 000173432 _____ (AMD PMP-PE CB Code Signer v20180327 -> Advanced Micro Devices, Inc.) [File not signed] C:\Windows\system32\amdihk64.dll
2009-05-21 19:05 - 2009-05-21 19:05 - 000097280 _____ (Hewlett Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 001171456 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000538112 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000307712 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000205824 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000629248 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000032256 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-09-20 10:56 - 2009-09-20 10:56 - 000274432 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000293376 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000049664 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-05-21 19:05 - 2009-05-21 19:05 - 000326144 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000931328 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2009-09-20 11:07 - 2009-09-20 11:07 - 000057856 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000203776 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000285184 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2009-09-20 11:36 - 2009-09-20 11:36 - 000150528 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-09-20 11:07 - 2009-09-20 11:07 - 000485888 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
2010-10-22 12:08 - 2010-10-22 12:08 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2009-05-21 17:57 - 2009-05-21 17:57 - 000040960 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
2009-05-21 17:57 - 2009-05-21 17:57 - 000038912 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\hpzipr12.dll
2016-01-07 20:53 - 2015-12-31 15:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-08-22 11:08 - 2013-08-22 11:08 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-22 11:08 - 2013-08-22 11:08 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-03-26 22:55 - 2014-03-26 22:55 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\msvcm90.dll
2014-03-26 22:54 - 2014-03-26 22:54 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
2014-03-26 22:53 - 2014-03-26 22:53 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2015-09-25 22:34 - 2015-09-28 19:08 - 000255488 _____ (Sysprogs OU) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 8) (Whitelisted) ==========
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3285070336-867792745-467015435-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-10-14 09:52 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2020-04-09 23:53 - 2020-04-10 00:04 - 000000501 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Livestreamer
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\aja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.120.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5F6B1FA5-0498-44EC-8ECB-325AFF201392}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{58E238F7-1057-46D3-840D-2BE44FA98C24}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{E555E798-E081-4D0A-86A7-E786E3512A7B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{07B1DD74-38BD-41D8-BC13-D8481FFB96D3}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{0F92C657-7EFA-447F-97B8-2B5517934CB1}] => (Allow) C:\Users\aja\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{04A6ADA3-D4F7-4915-A80B-2F3931821DAB}] => (Allow) C:\Users\aja\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{877A562D-1622-40FD-9493-F8BBD8E51D08}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC. -> GlavSoft LLC.)
FirewallRules: [TCP Query User{05FB8F5B-ABBE-44B8-A873-3F1CCB41C680}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{D6399B91-D2EB-41C0-93BD-3AEDEFDC3567}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A352CD74-F3C4-489C-8EAE-BC250F37B02C}D:\hry\cs16\hl.exe] => (Allow) D:\hry\cs16\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{BC1BCED3-E083-4F64-9A0B-CE8BB42C36B4}D:\hry\cs16\hl.exe] => (Allow) D:\hry\cs16\hl.exe (Valve) [File not signed]
FirewallRules: [{17090002-63C5-4B64-A364-C88676642C04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{6BD8BE7C-ED84-4030-80A4-D2ECB59F5B51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{079E7FB4-21B6-4CB7-8E00-7814C3CCDB23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{68426033-68E1-4FCB-A983-2A6862E97582}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{61C80B22-33D2-49BC-A43C-DB44B86B5A15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{AD6653D7-4530-44A3-866F-B745556DF24E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{E843EB28-4214-4DA3-A432-AC86B8C10392}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D05BE9D7-0D7C-46D4-84BB-1774B03D89CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{E9013AAC-0D67-400D-B978-DA54ACDED9FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{43BB1492-E98A-4873-A050-01DCF942F61B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{31BB9555-6B1D-4ACB-BB5B-008F0C353288}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{CB122C81-4005-4F91-9EC9-C170F0366EAF}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{BF950AD4-3AD9-4523-8B7A-2F478E220BA7}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{12C13813-7CF6-488D-AEF9-4A47C5E29AFC}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{63250475-385C-4A8D-9187-B009CFE9B0D0}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{CAFED2BD-013D-40AF-9749-FA888B989680}] => (Allow) D:\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3898DF7B-0BE2-4C84-A021-B8BF95DFE6E9}] => (Allow) D:\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7228E6DA-77BC-4654-9F6B-7DF119ACAC80}] => (Allow) D:\Hry\Hearthstone\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{9AEC69BF-70BC-451E-A0BB-D25E992964FC}] => (Allow) D:\Hry\Hearthstone\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{0789CD24-D8E7-4C50-93F7-A7DF953A9C32}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{C20335D3-0CB0-41DD-8B8E-29165FB21D37}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4D8BB909-C5D4-43B8-8945-DDD64D07A614}D:\hry\warcraft iii platinovka\war3.exe] => (Allow) D:\hry\warcraft iii platinovka\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{2238B2BE-EC9D-4C6A-8257-8208F418DF56}D:\hry\warcraft iii platinovka\war3.exe] => (Allow) D:\hry\warcraft iii platinovka\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{BA41ED42-7482-4527-80D6-C2FADECCEACA}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{4BD2F1A8-FF3D-4771-85F4-045DAEF0FE37}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{9F0803E8-E2CF-49CC-9F19-6867410A3165}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{972D6CA6-5E2F-4B6D-84D8-52DA713449C9}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [TCP Query User{4895B475-AA0C-4911-83ED-FDB8467A27D5}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [UDP Query User{B4B3B143-827F-423E-886F-74E45C95DB9C}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [{AFBBFDC0-B84A-491A-91E4-37427E15F274}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8FC25935-9C9E-4576-8D67-B9CB19750375}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{60AC36D8-D012-49AE-9122-51CDCAF24B97}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{45F4D565-D423-423A-A7DD-F7CEAE35326B}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{A5CDBC47-BB2E-4249-8143-D88A4171AD26}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{1AB90708-4CFD-484E-A5A0-7E53679B918F}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [{1681D742-6475-42F2-9B59-7FA6AA187357}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [TCP Query User{0387DB6E-3D0C-46A9-95E6-2053D4A0A666}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{56751935-238B-4CC3-BE8D-DBD541AFC556}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [{6E1B9833-1550-4262-88C3-C70D7CC4C1EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C094F1AE-73CE-486B-BA85-AB4F053CC843}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{0C0DFA74-EF21-48A7-B677-82B1961356A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A411D506-538C-474C-9FD8-FD7B4000ACA4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{7C3F3FC4-A1D0-45AC-B69D-15FB97216549}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B6AC2127-41D4-42A7-8D8E-340D380B6DCD}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{2A03EA01-BEB1-45DC-BA1F-5CEE27B55FE1}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{CCB3238C-2BBE-4AE0-91AE-DA7AC7782C5D}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [TCP Query User{D959DA79-473A-4FA7-BE15-BD90EA90D3CE}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [UDP Query User{6719C012-7C80-4356-9709-4F860E1DC191}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [TCP Query User{8CCCF233-D6E5-48AC-9310-3EA8CCDCBEE0}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{73309E6B-EE7D-4187-968A-309B0690F542}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [TCP Query User{3FD57E62-8ACB-405D-A788-8DA7A1BD64CF}D:\plocha\bulanci.exe] => (Allow) D:\plocha\bulanci.exe () [File not signed]
FirewallRules: [UDP Query User{ED70EF75-F22C-4731-8491-E7C2D11A1D4E}D:\plocha\bulanci.exe] => (Allow) D:\plocha\bulanci.exe () [File not signed]
FirewallRules: [{B1A34F38-E7E4-4904-8236-A3B1CD6BBB6F}] => (Allow) D:\Hry\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games) [File not signed]
FirewallRules: [{09302FCD-99AB-4C14-AF36-32B3693D8AE3}] => (Allow) D:\Hry\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games) [File not signed]
FirewallRules: [TCP Query User{52B67638-CDCF-4D9A-BA09-4DA49D8A2342}D:\hry\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hry\hearthstone\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{BC831689-C6DD-4E8B-B6B0-0EF824A44A21}D:\hry\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hry\hearthstone\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{D5F8AF51-9076-474C-9DCC-1D51BBA7F20F}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{34E6D837-5D8F-4CFA-90E2-6E2DC0EFF8F7}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{920615D8-0B85-471C-AE8D-9926EB64991A}] => (Allow) D:\Hry\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{29502BDC-3D41-4870-B710-0CA5FADC4156}] => (Allow) D:\Hry\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{75B0D7B5-F880-4FAF-A03F-12A8825B021F}] => (Allow) D:\Hry\Steam\steamapps\common\Limbo\limbo.exe (Playdead) [File not signed]
FirewallRules: [{17138187-44A4-4878-A6FE-9B12B05E9AC6}] => (Allow) D:\Hry\Steam\steamapps\common\Limbo\limbo.exe (Playdead) [File not signed]
FirewallRules: [TCP Query User{224DD891-9AD8-4AAF-B2AC-625D7CFEAD52}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{B433D18B-AA41-48A6-84D8-C44028D252D6}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{CDDE7470-C788-47C2-9295-AA204FDA792B}] => (Allow) D:\Hry\Steam\steamapps\common\CaptainSpirit\CaptainSpirit\Binaries\Win64\CaptainSpirit-Win64-Shipping.exe (Square Enix) [File not signed]
FirewallRules: [{2EC5726A-FE9E-4F91-82FF-032C50EC7C96}] => (Allow) D:\Hry\Steam\steamapps\common\CaptainSpirit\CaptainSpirit\Binaries\Win64\CaptainSpirit-Win64-Shipping.exe (Square Enix) [File not signed]
FirewallRules: [{877FBAEF-77ED-4D90-B980-D31667D9E470}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{00896ED6-6737-421D-A89F-D4A3E0B75F20}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ADC10144-E4D9-446D-AD73-995ED19DC0E2}] => (Allow) D:\Hry\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{C74F2163-546B-4DDF-874D-B7DAD9731F2F}] => (Allow) D:\Hry\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{FB7F0A2B-3F92-4C1D-A6D8-AFE431B14484}] => (Allow) D:\Hry\Steam\steamapps\common\Ori\ori.exe () [File not signed]
FirewallRules: [{453C56AC-ADCC-4272-8793-5B476492C657}] => (Allow) D:\Hry\Steam\steamapps\common\Ori\ori.exe () [File not signed]
FirewallRules: [{AD1A2463-D8B3-45B5-BF64-A6AD11C6D1B0}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{CA97A851-2E21-4829-AFCF-386891218B4E}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{367EB5BC-6B74-48FB-8099-9C8FE3317090}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{86080BBA-B98A-4947-9D69-48F8E42A0F4F}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{ACC29842-1088-485F-8CE0-0530839C0DA6}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{ACD1EA84-2B27-4037-A19F-D7AEB5D2A4AF}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{536A8B04-1D5C-4118-B9F5-29F751823357}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{E3514E0C-0677-4F02-8142-4F649D86A223}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [TCP Query User{04880BE5-44E0-4AB0-84E5-35101C302084}D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F017C83F-3734-4F07-A54E-0AB5C6E0E571}D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{0A1F3159-9D14-457E-ADB8-8B5E59D4C9C7}D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{DA1CF9BC-2413-418D-B4B9-A1BE4DACF8BD}D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{6104E39F-F94C-4BB3-91A0-28A779F43C0F}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{D8F3E812-1EBD-4320-A6E6-CB900CB8EEEE}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{E7DDF157-E893-4F83-93A4-23698923C24C}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0F691D78-9DC5-4D31-BE14-C514AC8A7257}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{883FCB1C-3596-499B-870B-1D0002354667}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{079D33D8-A13A-47EA-B2A7-C64155AAC487}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7717AAB4-F1BA-4426-8CCD-C043DB44FDEB}] => (Allow) D:\Hry\Steam\steamapps\common\AION\NCLauncher.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [{82DA82FD-FD05-4600-BA1E-C1280193BD40}] => (Allow) D:\Hry\Steam\steamapps\common\AION\NCLauncher.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [{9BB5A51A-93E8-4EE9-97B7-419340248482}] => (Allow) D:\Program Files (x86)\TuneBlade\Tuneblade.exe (Breakfree Audio -> TuneBlade)
FirewallRules: [{6A9CAE43-8DD3-4837-8D3F-5506459BC9B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FE1FFEA1-2D76-4CFC-A6A3-786BFB5FDBB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{118FB184-3046-4324-9884-5B33254C6404}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4EF4A8A1-0157-4CAD-9542-8F3A0F7AB500}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{E8F5A5A8-CBD6-49F4-AE38-47F86ED82D01}D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [UDP Query User{28E81B4D-6A97-4028-A4D4-DCE7E0629B76}D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{A944D78C-89C2-402D-9778-45F2474E782B}] => (Block) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{BB35B2C4-7B18-49D7-BC12-9161418AE1A5}] => (Block) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{4E2AAC03-6E6B-4EC3-95E9-47CEECA51744}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5365378-AC5E-4DEA-8162-AAF264DC7E28}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{3756D9C3-550E-441C-909A-34B4042DBE6A}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{5C804A77-2E0E-4F53-AAE7-45365595DFB6}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{9D9D26B4-5924-4B2E-89DE-0CB68E3D5898}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{45AF5749-161F-46D7-9402-328C92F7DA1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EC884E06-3350-4C71-84AE-E4F6770259FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7E4C34AA-F63B-4952-9E55-0C39A5E4EEFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{74C7CA42-A47C-4739-A924-4920255F778D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5168F6EF-784B-4548-AB3C-C14A678AC62D}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{87F33FD6-BAC9-418B-9AEC-13CEE55EC839}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{1E486AC9-1B94-4006-9468-A5D2C05FE3DD}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:60 GB) (Free:2.88 GB) (5%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (02/13/2021 06:50:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 06:50:25 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 02:42:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 02:42:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 02:42:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 02:42:27 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 02:42:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2021 12:07:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29737940
System errors:
=============
Error: (02/13/2021 04:47:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.
Error: (02/13/2021 04:47:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 04:47:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 04:04:26 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Službě Browser se při přenosu \Device\NetBT_Tcpip_{B65319CF-2650-44F3-A9F4-A45F7F284BAA} příliš často nezdařilo načíst záložní seznam.
Záložní prohledávač bude ukončen.
Error: (02/13/2021 02:47:06 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Službě Browser se při přenosu \Device\NetBT_Tcpip_{B65319CF-2650-44F3-A9F4-A45F7F284BAA} příliš často nezdařilo načíst záložní seznam.
Záložní prohledávač bude ukončen.
Error: (02/13/2021 02:43:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (02/13/2021 02:43:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Presentation Foundation Font Cache 3.0.0.0 bylo dosaženo časového limitu (30000 ms).
Error: (02/13/2021 02:42:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Windows Defender:
=================
CodeIntegrity:
==============
Date: 2021-02-13 18:08:42.808
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 18:08:42.789
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 16:08:51.762
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 16:08:51.737
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 14:09:26.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 14:09:26.282
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 12:09:07.055
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 12:09:07.041
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Insyde F.14 10/04/2013
Motherboard: Hewlett-Packard 1970
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 91%
Total physical RAM: 3994.36 MB
Available physical RAM: 327.41 MB
Total Virtual: 8088.54 MB
Available Virtual: 2785.16 MB
==================== Drives ================================
Drive c: (Sedm) (Fixed) (Total:60 GB) (Free:2.88 GB) NTFS
Drive d: (Data) (Fixed) (Total:638.54 GB) (Free:18.63 GB) NTFS
\\?\Volume{a9df2ec4-b51a-11e3-a061-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 710FD2B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=05)
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Děkuji za odpověď, přikládám log:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-06.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-07-2018
# Duration: 00:00:21
# OS: Windows 7 Professional
# Cleaned: 6
# Failed: 2
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\searchplugins\web-search.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Softonic
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\tvnserver
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted slunecnice.cz
Deleted Softonic BR
Deleted Softonic ES
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Not Deleted search.icq.com
Not Deleted slunecnice.cz
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1639 octets] - [07/06/2018 00:19:45]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-06.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-07-2018
# Duration: 00:00:21
# OS: Windows 7 Professional
# Cleaned: 6
# Failed: 2
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\searchplugins\web-search.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Softonic
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\tvnserver
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted slunecnice.cz
Deleted Softonic BR
Deleted Softonic ES
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Not Deleted search.icq.com
Not Deleted slunecnice.cz
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1639 octets] - [07/06/2018 00:19:45]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Omlouvám se, předchozí log z AdwCleaner byl staršího data. Vkládám ten správný dnešní a pod něj aktuální logy z FRST a Addition.
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-13-2021
# Duration: 00:00:40
# OS: Windows 7 Professional
# Scanned: 31956
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1639 octets] - [07/06/2018 00:19:45]
AdwCleaner[C00].txt - [1673 octets] - [07/06/2018 00:26:57]
AdwCleaner[S01].txt - [1535 octets] - [13/02/2021 20:03:13]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-02-2021
Ran by aja (administrator) on AJA-NTB (Hewlett-Packard HP Pavilion 15 Notebook PC) (13-02-2021 21:05:35)
Running from D:\Plocha
Loaded Profiles: aja
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\aja\AppData\Local\FluxSoftware\Flux\flux.exe
(GlavSoft LLC. -> GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hi-Rez Studios) [File not signed] D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Softland S.R.L. -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-17] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [f.lux] => C:\Users\aja\AppData\Local\FluxSoftware\Flux\flux.exe [1469968 2020-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [Spotify] => C:\Users\aja\AppData\Roaming\Spotify\Spotify.exe [23722056 2021-02-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [Discord] => C:\Users\aja\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: V - V:\setup.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {50822d89-a616-11e8-aa85-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7db-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7ec-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {7ee16692-b395-11e8-93a8-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {999871d2-6be8-11e9-a7b2-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {a8d56778-d315-11e5-908f-a0d3c152f807} - F:\autorun.exe
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw72: C:\Windows\System32\spool\prtprocs\x64\hpzppw72.dll [257024 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\doPDF 7 Monitor: C:\Windows\system32\dopdfmn7.dll [25888 2014-03-19] (Softland S.R.L. -> Softland)
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3lw72: C:\Windows\system32\hpz3lw72.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK [2016-04-28]
ShortcutTarget: Registration Assassin's Creed.LNK -> D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\replacefunckeys.ahk [2018-07-26] () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0AEDDC88-E915-4650-B2E3-4489DFF45B90} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {13C7EB83-2A1A-42D7-A360-69E282AF456C} - \{FDE55449-AF58-4C4F-B28C-94B8154AA81A} -> No File <==== ATTENTION
Task: {1D31571A-D93E-4D54-AD64-3E3EB556A959} - \{981B7714-33E0-432F-A022-0BDDC2ECEA19} -> No File <==== ATTENTION
Task: {1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD} - \{A845BF78-9E3E-4E5F-84B4-96B977815136} -> No File <==== ATTENTION
Task: {2A03F595-A8FA-48E4-AEA3-C3C284E565B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2B0721A9-F356-4D55-95EE-F0B1A5900E64} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [233176 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6} - \{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4} -> No File <==== ATTENTION
Task: {588572F1-85DE-4B98-A5A5-4F895D08ABF0} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {5FDC2A8C-88F6-4FA2-9654-60986524D9A6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {6FFEA7BB-303E-4378-80F4-795771F49269} - \StartDVR -> No File <==== ATTENTION
Task: {73DB9093-89F0-4F5A-9637-21AF08BAB9FC} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E} - \Avast Software\Overseer -> No File <==== ATTENTION
Task: {8E124E2B-E485-44EF-8E2C-CB97BD295EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {9B87201F-0FE4-45E4-887C-2F20D500F12F} - \AMDLinkUpdate -> No File <==== ATTENTION
Task: {B1A7C8FE-9B11-4F6A-87EB-6D88C1A6B3E9} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2649200 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B8CAE4CA-BFB5-482D-B174-A143FA8FD504} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {DF79AF6C-2BED-402E-A374-388A2143DCA2} - \ModifyLinkUpdate -> No File <==== ATTENTION
Task: {F3328174-6D70-43E8-9FBF-8A41CFBDC2AC} - \StartCN -> No File <==== ATTENTION
Task: {F80EB2B8-5E55-44AB-BDB1-30DD05EF0298} - \Defraggler Volume C Task -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{9B50915E-1AA6-4AD9-AD34-A0C9339CDD45}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{B65319CF-2650-44F3-A9F4-A45F7F284BAA}: [DhcpNameServer] 192.168.120.250
FireFox:
========
FF ProfilePath: C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default [2020-11-01]
FF user.js: detected! => C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\user.js [2018-06-07]
FF DownloadDir: C:\Users\Aja\Downloads
FF Homepage: Mozilla\Firefox\Profiles\0yy4fbsg.default -> hxxp://www.google.cz/
FF Session Restore: Mozilla\Firefox\Profiles\0yy4fbsg.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\Extensions\abs@avira.com.xpi [2016-02-28] [Legacy]
FF Extension: (ChatZilla) - C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-01-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default [2021-02-13]
CHR HomePage: Default -> hxxp://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-11]
CHR Extension: (Dokumenty) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-11]
CHR Extension: (Disk Google) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (MEGA) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2021-02-11]
CHR Extension: (YouTube) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-11]
CHR Extension: (uBlock Origin) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-02-08]
CHR Extension: (Screen Recorder for Google Chrome™) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclbecdgdoahkliaijlpkigldlkojjdn [2020-10-14]
CHR Extension: (Adobe Acrobat) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-17]
CHR Extension: (Tabulky) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-02-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]
CHR Profile: C:\Users\aja\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\aja\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-10-05]
CHR HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1205960 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573960 2021-01-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384360 2020-12-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [246168 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1579880 2013-12-27] (IVT CORPORATION -> IVT Corporation)
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-12-16] (IVT CORPORATION -> IVT Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2019-06-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 hpqwmiex; C:\Users\aja\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe [794112 2014-03-26] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-11-18] (Softland S.R.L. -> Microsoft)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-12-28] (Even Balance, Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC. -> GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-15] (Microsoft Windows -> Microsoft Corporation)
S3 Intel(R) SUR QC SAM; "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [222200 2020-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [178720 2020-05-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (Ralink Technology Corporation -> IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (Ralink Technology Corporation -> IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Mediatek Inc. -> Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (IVT CORPORATION -> Ralink Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-23] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-23] (Disc Soft Ltd -> Disc Soft Ltd)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [787576 2015-06-09] (Kasherlab Technology Inc. -> www.ext2fsd.com)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204936 2014-02-12] (Mediatek Inc. -> Ralink Technology, Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-05-29] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-15] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-15] (Microsoft Corporation) [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (Ralink Technology Corporation -> IVT Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-13 19:49 - 2021-02-13 19:49 - 596047514 _____ C:\Windows\MEMORY.DMP
2021-02-13 19:49 - 2021-02-13 19:49 - 000284864 _____ C:\Windows\Minidump\021321-20701-01.dmp
2021-02-13 18:40 - 2021-02-13 21:06 - 000000000 ____D C:\FRST
2021-02-12 21:34 - 2021-02-12 21:34 - 000000017 _____ C:\Users\aja\AppData\Local\resmon.resmoncfg
2021-02-12 21:21 - 2021-02-12 21:22 - 000000000 ____D C:\Users\aja\AppData\Local\TeamViewer
2021-02-12 21:21 - 2021-02-12 21:21 - 000000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-07 21:57 - 2021-02-07 21:58 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\aja\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_mCEbU7h-SZDwgbcuVAmr8ktGXDuJkFQMeqeU@JTrx2WoAS8F3AWlm_k0be628b127e0600e_.exe
2021-01-27 00:24 - 2021-01-27 00:25 - 000000000 ____D C:\Users\aja\AppData\Local\Discord
2021-01-19 13:58 - 2021-01-19 13:58 - 000253992 _____ (Cisco Webex LLC) C:\Users\aja\Downloads\webex.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-13 21:05 - 2017-08-27 19:38 - 000000000 ____D C:\Users\aja\AppData\Roaming\discord
2021-02-13 21:04 - 2019-06-30 18:33 - 000000000 ____D C:\Users\aja\AppData\Local\Spotify
2021-02-13 20:18 - 2009-07-14 05:45 - 000032448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-13 20:18 - 2009-07-14 05:45 - 000032448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-13 20:11 - 2019-06-30 18:32 - 000000000 ____D C:\Users\aja\AppData\Roaming\Spotify
2021-02-13 20:10 - 2016-01-07 22:20 - 000000000 __SHD C:\Users\aja\IntelGraphicsProfiles
2021-02-13 20:09 - 2015-12-14 18:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-13 20:07 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-13 19:49 - 2014-04-25 18:28 - 000000000 ____D C:\Windows\Minidump
2021-02-13 14:40 - 2009-07-14 05:45 - 000441064 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-12 21:23 - 2014-03-26 21:12 - 000116656 _____ C:\Users\aja\AppData\Local\GDIPFONTCACHEV1.DAT
2021-02-12 20:50 - 2011-04-12 09:34 - 000669830 _____ C:\Windows\system32\perfh005.dat
2021-02-12 20:50 - 2011-04-12 09:34 - 000141956 _____ C:\Windows\system32\perfc005.dat
2021-02-12 20:50 - 2009-07-14 06:13 - 001586648 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-12 20:50 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-02-12 20:25 - 2016-01-07 21:23 - 000000000 ____D C:\Users\aja\AppData\Roaming\vlc
2021-02-12 18:53 - 2015-12-14 19:08 - 000000000 ____D C:\Users\aja\AppData\Roaming\TeamViewer
2021-02-12 18:53 - 2014-03-26 20:53 - 000000000 ___HD C:\AMD
2021-02-12 18:04 - 2014-03-26 22:19 - 000000000 ____D C:\Users\aja\AppData\Roaming\uTorrent
2021-02-10 01:03 - 2020-09-30 19:36 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-02-10 01:02 - 2018-09-21 23:34 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-08 22:25 - 2015-04-23 11:56 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-05 16:47 - 2020-10-29 16:27 - 000003596 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2021-02-05 13:16 - 2016-02-01 22:49 - 000003386 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 13:16 - 2016-02-01 22:49 - 000003258 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-03 21:07 - 2020-10-29 16:28 - 000003668 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate
2021-02-03 12:12 - 2017-09-20 04:57 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2021-01-27 11:59 - 2017-10-05 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-01-27 00:25 - 2017-08-27 19:38 - 000000000 ____D C:\Users\aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-01-27 00:25 - 2017-08-27 19:37 - 000000000 ____D C:\Users\aja\AppData\Local\SquirrelTemp
2021-01-21 21:28 - 2020-12-28 21:14 - 000000000 ____D C:\Users\aja\Documents\The Witcher 3
2021-01-18 09:08 - 2020-08-24 21:03 - 000032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories ========
2017-04-15 10:26 - 2017-07-04 13:07 - 007137216 _____ (Geek Unіnstaller) C:\Program Files\geek.exe
2014-06-15 23:52 - 2021-01-01 17:37 - 000011776 _____ () C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-07-01 19:50 - 2020-07-01 19:50 - 000001456 _____ () C:\Users\aja\AppData\Local\psppirerc
2014-08-30 20:25 - 2014-09-02 20:53 - 000000600 _____ () C:\Users\aja\AppData\Local\PUTTY.RND
2020-07-01 19:50 - 2020-07-01 19:50 - 000000722 _____ () C:\Users\aja\AppData\Local\recently-used.xbel
2021-02-12 21:34 - 2021-02-12 21:34 - 000000017 _____ () C:\Users\aja\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-02-11 12:17
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2021
Ran by aja (13-02-2021 21:08:10)
Running from D:\Plocha
Windows 7 Professional Service Pack 1 (X64) (2014-03-26 19:21:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3285070336-867792745-467015435-500 - Administrator - Disabled)
aja (S-1-5-21-3285070336-867792745-467015435-1000 - Administrator - Enabled) => C:\Users\aja
Guest (S-1-5-21-3285070336-867792745-467015435-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . (HKLM\...\{EAA6C597-BD0D-454D-AEB7-FF0A57905C1C}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{8CBC102C-34F4-4EB9-9529-3B222367621F}) (Version: 3.7.0.6 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20135 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
AutoHotkey 1.1.29.01 (HKLM\...\AutoHotkey) (Version: 1.1.29.01 - Lexikos)
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2101.2070 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.1.24458 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.44.15540 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{00BA5D43-DC76-4DF2-A38C-5D3B8FABF5E4}) (Version: 3.54.3529.0458 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4500 (HKLM-x32\...\{9DC11D9A-6DCD-4064-8363-63914A0122AB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cute Screen Recorder Free Version 1.6.0.8 (HKLM-x32\...\Cute Screen Recorder Free Version_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{19BC09B5-F319-4A61-A878-475E7F7054EA}) (Version: 1.1.195.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Flux) (Version: - f.lux Software LLC)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{AA6F009F-0CCD-4DD6-A462-28419C101D54}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\IMVU Avatar chat client software BETA) (Version: - )
Intel(R) Computing Improvement Program (HKLM\...\{93FE134F-7678-4D90-A849-6FF6EB28CCDF}) (Version: 2.4.04289 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{f0bbb6e9-80c3-4fe8-8691-b51d1281d69e}) (Version: 3.7.0.6 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 3.2.1.2664 - Kakao Corp.)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
novaPDF 8 (HKLM\...\{8608C4B2-639F-4F52-9EC5-27E1D8798F6E}) (Version: 8.5.938 - Softland) Hidden
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{A53F3DB0-ECBA-4CA0-A4AC-518FA7347A02}) (Version: 8.6.942 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{80DBAF1D-E308-43B6-8AA7-8F963391885D}) (Version: 8.6.942 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{BB360DC6-5476-44A0-9867-345A993587AB}) (Version: 8.6.942 - Softland)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
osu! (HKLM-x32\...\{2718f898-9bfa-4cb3-800a-fa7564e2d9ba}) (Version: latest - ppy Pty Ltd)
osu! (HKLM-x32\...\{4d51be9e-36ca-4ea4-99cd-31ce8c801648}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PS_AIO_04_C4500_Software_Min (HKLM-x32\...\{CF408B76-8698-4298-B549-5E6A94931B64}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Ralink Bluetooth Stack (HKLM\...\{B346BD6C-AE56-7DD3-175C-2374C7113BCB}) (Version: 11.0.752.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype verze 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Spotify) (Version: 1.1.52.687.gf5565fe5 - Spotify AB)
SRWare Iron verze 55.0.2900.1 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: 55.0.2900.1 - SRWare)
Starshine 1.díl (HKLM-x32\...\{73B3C57B-3ED7-40DB-A554-32EB5D35F84E}) (Version: 1.00.000 - )
Starshine 2.díl (HKLM-x32\...\{2FA1102F-DE05-4E79-8CED-E5BAABFC2FEF}) (Version: 1.00.000 - )
Starshine 3.díl (HKLM-x32\...\{A7123032-A8DA-48AC-9F5D-0A3B14698375}) (Version: 1.00.000 - )
Starshine 4.díl (HKLM-x32\...\{C4ECF493-29C4-4CB7-903E-90C28F3D0C00}) (Version: 1.00.000 - )
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19.4 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneBlade (HKLM-x32\...\{55CB4047-9486-4D47-86B8-D8007F0D8540}) (Version: 1.8.0 - TuneBlade)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VideoCam Suite (HKLM-x32\...\{8113EBFB-1524-4202-AECF-5F2C037FEF8C}) (Version: 1.00.821 - Panasonic) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3285070336-867792745-467015435-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2013-12-16] (IVT CORPORATION -> TODO: <公司名>)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-01-20] (Google LLC -> Google)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-01-20] (Google LLC -> Google)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\aja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\aja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3373c9ebc3a5e445\Chromium.lnk -> C:\Program Files (x86)\SRWare Iron\chrome.exe () -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2018-12-06 19:54 - 2018-12-06 19:54 - 000173432 _____ (AMD PMP-PE CB Code Signer v20180327 -> Advanced Micro Devices, Inc.) [File not signed] C:\Windows\system32\amdihk64.dll
2009-05-21 19:05 - 2009-05-21 19:05 - 000097280 _____ (Hewlett Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 001171456 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000538112 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000307712 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000205824 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000629248 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000032256 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-09-20 10:56 - 2009-09-20 10:56 - 000274432 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000293376 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000049664 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-05-21 19:05 - 2009-05-21 19:05 - 000326144 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000931328 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2009-09-20 11:07 - 2009-09-20 11:07 - 000057856 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000203776 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000285184 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2009-09-20 11:36 - 2009-09-20 11:36 - 000150528 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-09-20 11:07 - 2009-09-20 11:07 - 000485888 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
2010-10-22 12:08 - 2010-10-22 12:08 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2009-05-21 17:57 - 2009-05-21 17:57 - 000040960 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
2009-05-21 17:57 - 2009-05-21 17:57 - 000038912 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\hpzipr12.dll
2016-01-07 20:53 - 2015-12-31 15:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-08-22 11:08 - 2013-08-22 11:08 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-22 11:08 - 2013-08-22 11:08 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-03-26 22:55 - 2014-03-26 22:55 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\msvcm90.dll
2014-03-26 22:54 - 2014-03-26 22:54 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
2014-03-26 22:53 - 2014-03-26 22:53 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2015-09-25 22:34 - 2015-09-28 19:08 - 000255488 _____ (Sysprogs OU) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 8) (Whitelisted) ==========
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3285070336-867792745-467015435-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-10-14 09:52 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2020-04-09 23:53 - 2020-04-10 00:04 - 000000501 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Livestreamer
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\aja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.120.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5F6B1FA5-0498-44EC-8ECB-325AFF201392}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{58E238F7-1057-46D3-840D-2BE44FA98C24}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{E555E798-E081-4D0A-86A7-E786E3512A7B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{07B1DD74-38BD-41D8-BC13-D8481FFB96D3}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{0F92C657-7EFA-447F-97B8-2B5517934CB1}] => (Allow) C:\Users\aja\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{04A6ADA3-D4F7-4915-A80B-2F3931821DAB}] => (Allow) C:\Users\aja\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{877A562D-1622-40FD-9493-F8BBD8E51D08}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC. -> GlavSoft LLC.)
FirewallRules: [TCP Query User{05FB8F5B-ABBE-44B8-A873-3F1CCB41C680}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{D6399B91-D2EB-41C0-93BD-3AEDEFDC3567}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A352CD74-F3C4-489C-8EAE-BC250F37B02C}D:\hry\cs16\hl.exe] => (Allow) D:\hry\cs16\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{BC1BCED3-E083-4F64-9A0B-CE8BB42C36B4}D:\hry\cs16\hl.exe] => (Allow) D:\hry\cs16\hl.exe (Valve) [File not signed]
FirewallRules: [{17090002-63C5-4B64-A364-C88676642C04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{6BD8BE7C-ED84-4030-80A4-D2ECB59F5B51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{079E7FB4-21B6-4CB7-8E00-7814C3CCDB23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{68426033-68E1-4FCB-A983-2A6862E97582}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{61C80B22-33D2-49BC-A43C-DB44B86B5A15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{AD6653D7-4530-44A3-866F-B745556DF24E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{E843EB28-4214-4DA3-A432-AC86B8C10392}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D05BE9D7-0D7C-46D4-84BB-1774B03D89CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{E9013AAC-0D67-400D-B978-DA54ACDED9FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{43BB1492-E98A-4873-A050-01DCF942F61B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{31BB9555-6B1D-4ACB-BB5B-008F0C353288}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{CB122C81-4005-4F91-9EC9-C170F0366EAF}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{BF950AD4-3AD9-4523-8B7A-2F478E220BA7}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{12C13813-7CF6-488D-AEF9-4A47C5E29AFC}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{63250475-385C-4A8D-9187-B009CFE9B0D0}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{CAFED2BD-013D-40AF-9749-FA888B989680}] => (Allow) D:\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3898DF7B-0BE2-4C84-A021-B8BF95DFE6E9}] => (Allow) D:\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7228E6DA-77BC-4654-9F6B-7DF119ACAC80}] => (Allow) D:\Hry\Hearthstone\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{9AEC69BF-70BC-451E-A0BB-D25E992964FC}] => (Allow) D:\Hry\Hearthstone\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{0789CD24-D8E7-4C50-93F7-A7DF953A9C32}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{C20335D3-0CB0-41DD-8B8E-29165FB21D37}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4D8BB909-C5D4-43B8-8945-DDD64D07A614}D:\hry\warcraft iii platinovka\war3.exe] => (Allow) D:\hry\warcraft iii platinovka\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{2238B2BE-EC9D-4C6A-8257-8208F418DF56}D:\hry\warcraft iii platinovka\war3.exe] => (Allow) D:\hry\warcraft iii platinovka\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{BA41ED42-7482-4527-80D6-C2FADECCEACA}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{4BD2F1A8-FF3D-4771-85F4-045DAEF0FE37}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{9F0803E8-E2CF-49CC-9F19-6867410A3165}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{972D6CA6-5E2F-4B6D-84D8-52DA713449C9}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [TCP Query User{4895B475-AA0C-4911-83ED-FDB8467A27D5}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [UDP Query User{B4B3B143-827F-423E-886F-74E45C95DB9C}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [{AFBBFDC0-B84A-491A-91E4-37427E15F274}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8FC25935-9C9E-4576-8D67-B9CB19750375}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{60AC36D8-D012-49AE-9122-51CDCAF24B97}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{45F4D565-D423-423A-A7DD-F7CEAE35326B}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{A5CDBC47-BB2E-4249-8143-D88A4171AD26}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{1AB90708-4CFD-484E-A5A0-7E53679B918F}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [{1681D742-6475-42F2-9B59-7FA6AA187357}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [TCP Query User{0387DB6E-3D0C-46A9-95E6-2053D4A0A666}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{56751935-238B-4CC3-BE8D-DBD541AFC556}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [{6E1B9833-1550-4262-88C3-C70D7CC4C1EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C094F1AE-73CE-486B-BA85-AB4F053CC843}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{0C0DFA74-EF21-48A7-B677-82B1961356A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A411D506-538C-474C-9FD8-FD7B4000ACA4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{7C3F3FC4-A1D0-45AC-B69D-15FB97216549}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B6AC2127-41D4-42A7-8D8E-340D380B6DCD}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{2A03EA01-BEB1-45DC-BA1F-5CEE27B55FE1}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{CCB3238C-2BBE-4AE0-91AE-DA7AC7782C5D}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [TCP Query User{D959DA79-473A-4FA7-BE15-BD90EA90D3CE}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [UDP Query User{6719C012-7C80-4356-9709-4F860E1DC191}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [TCP Query User{8CCCF233-D6E5-48AC-9310-3EA8CCDCBEE0}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{73309E6B-EE7D-4187-968A-309B0690F542}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [TCP Query User{3FD57E62-8ACB-405D-A788-8DA7A1BD64CF}D:\plocha\bulanci.exe] => (Allow) D:\plocha\bulanci.exe () [File not signed]
FirewallRules: [UDP Query User{ED70EF75-F22C-4731-8491-E7C2D11A1D4E}D:\plocha\bulanci.exe] => (Allow) D:\plocha\bulanci.exe () [File not signed]
FirewallRules: [{B1A34F38-E7E4-4904-8236-A3B1CD6BBB6F}] => (Allow) D:\Hry\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games) [File not signed]
FirewallRules: [{09302FCD-99AB-4C14-AF36-32B3693D8AE3}] => (Allow) D:\Hry\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games) [File not signed]
FirewallRules: [TCP Query User{52B67638-CDCF-4D9A-BA09-4DA49D8A2342}D:\hry\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hry\hearthstone\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{BC831689-C6DD-4E8B-B6B0-0EF824A44A21}D:\hry\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hry\hearthstone\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{D5F8AF51-9076-474C-9DCC-1D51BBA7F20F}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{34E6D837-5D8F-4CFA-90E2-6E2DC0EFF8F7}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{920615D8-0B85-471C-AE8D-9926EB64991A}] => (Allow) D:\Hry\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{29502BDC-3D41-4870-B710-0CA5FADC4156}] => (Allow) D:\Hry\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{75B0D7B5-F880-4FAF-A03F-12A8825B021F}] => (Allow) D:\Hry\Steam\steamapps\common\Limbo\limbo.exe (Playdead) [File not signed]
FirewallRules: [{17138187-44A4-4878-A6FE-9B12B05E9AC6}] => (Allow) D:\Hry\Steam\steamapps\common\Limbo\limbo.exe (Playdead) [File not signed]
FirewallRules: [TCP Query User{224DD891-9AD8-4AAF-B2AC-625D7CFEAD52}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{B433D18B-AA41-48A6-84D8-C44028D252D6}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{CDDE7470-C788-47C2-9295-AA204FDA792B}] => (Allow) D:\Hry\Steam\steamapps\common\CaptainSpirit\CaptainSpirit\Binaries\Win64\CaptainSpirit-Win64-Shipping.exe (Square Enix) [File not signed]
FirewallRules: [{2EC5726A-FE9E-4F91-82FF-032C50EC7C96}] => (Allow) D:\Hry\Steam\steamapps\common\CaptainSpirit\CaptainSpirit\Binaries\Win64\CaptainSpirit-Win64-Shipping.exe (Square Enix) [File not signed]
FirewallRules: [{877FBAEF-77ED-4D90-B980-D31667D9E470}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{00896ED6-6737-421D-A89F-D4A3E0B75F20}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ADC10144-E4D9-446D-AD73-995ED19DC0E2}] => (Allow) D:\Hry\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{C74F2163-546B-4DDF-874D-B7DAD9731F2F}] => (Allow) D:\Hry\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{FB7F0A2B-3F92-4C1D-A6D8-AFE431B14484}] => (Allow) D:\Hry\Steam\steamapps\common\Ori\ori.exe () [File not signed]
FirewallRules: [{453C56AC-ADCC-4272-8793-5B476492C657}] => (Allow) D:\Hry\Steam\steamapps\common\Ori\ori.exe () [File not signed]
FirewallRules: [{AD1A2463-D8B3-45B5-BF64-A6AD11C6D1B0}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{CA97A851-2E21-4829-AFCF-386891218B4E}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{367EB5BC-6B74-48FB-8099-9C8FE3317090}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{86080BBA-B98A-4947-9D69-48F8E42A0F4F}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{ACC29842-1088-485F-8CE0-0530839C0DA6}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{ACD1EA84-2B27-4037-A19F-D7AEB5D2A4AF}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{536A8B04-1D5C-4118-B9F5-29F751823357}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{E3514E0C-0677-4F02-8142-4F649D86A223}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [TCP Query User{04880BE5-44E0-4AB0-84E5-35101C302084}D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F017C83F-3734-4F07-A54E-0AB5C6E0E571}D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{0A1F3159-9D14-457E-ADB8-8B5E59D4C9C7}D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{DA1CF9BC-2413-418D-B4B9-A1BE4DACF8BD}D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{6104E39F-F94C-4BB3-91A0-28A779F43C0F}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{D8F3E812-1EBD-4320-A6E6-CB900CB8EEEE}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{E7DDF157-E893-4F83-93A4-23698923C24C}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0F691D78-9DC5-4D31-BE14-C514AC8A7257}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{883FCB1C-3596-499B-870B-1D0002354667}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{079D33D8-A13A-47EA-B2A7-C64155AAC487}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7717AAB4-F1BA-4426-8CCD-C043DB44FDEB}] => (Allow) D:\Hry\Steam\steamapps\common\AION\NCLauncher.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [{82DA82FD-FD05-4600-BA1E-C1280193BD40}] => (Allow) D:\Hry\Steam\steamapps\common\AION\NCLauncher.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [{9BB5A51A-93E8-4EE9-97B7-419340248482}] => (Allow) D:\Program Files (x86)\TuneBlade\Tuneblade.exe (Breakfree Audio -> TuneBlade)
FirewallRules: [{6A9CAE43-8DD3-4837-8D3F-5506459BC9B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FE1FFEA1-2D76-4CFC-A6A3-786BFB5FDBB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{118FB184-3046-4324-9884-5B33254C6404}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4EF4A8A1-0157-4CAD-9542-8F3A0F7AB500}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{E8F5A5A8-CBD6-49F4-AE38-47F86ED82D01}D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [UDP Query User{28E81B4D-6A97-4028-A4D4-DCE7E0629B76}D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{A944D78C-89C2-402D-9778-45F2474E782B}] => (Block) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{BB35B2C4-7B18-49D7-BC12-9161418AE1A5}] => (Block) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{4E2AAC03-6E6B-4EC3-95E9-47CEECA51744}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5365378-AC5E-4DEA-8162-AAF264DC7E28}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{3756D9C3-550E-441C-909A-34B4042DBE6A}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{5C804A77-2E0E-4F53-AAE7-45365595DFB6}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{9D9D26B4-5924-4B2E-89DE-0CB68E3D5898}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{45AF5749-161F-46D7-9402-328C92F7DA1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EC884E06-3350-4C71-84AE-E4F6770259FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7E4C34AA-F63B-4952-9E55-0C39A5E4EEFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{74C7CA42-A47C-4739-A924-4920255F778D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7EAAF6C4-79BF-40D3-ADF8-90A7ED94A42A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{8CA6BC3F-2054-4421-AB8C-869BC419BD51}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{F9E964C7-3962-4015-AA17-29D3D1D45CEA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:60 GB) (Free:2.55 GB) (4%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (02/13/2021 09:10:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 09:10:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 08:39:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.1.7601.22416, časové razítko: 0x5202f49c
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.22436, časové razítko: 0x521eb03f
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000187dd
ID chybujícího procesu: 0x6a0
Čas spuštění chybující aplikace: 0x01d7023b7393d26d
Cesta k chybující aplikaci: C:\Windows\Explorer.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 2244482e-6e33-11eb-b9cf-a0d3c152f807
Error: (02/13/2021 08:09:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2021 07:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2021 06:58:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2021 06:50:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 06:50:25 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]
Operace:
Vytvoření instance serveru VSS
System errors:
=============
Error: (02/13/2021 08:12:37 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Službě Browser se při přenosu \Device\NetBT_Tcpip_{B65319CF-2650-44F3-A9F4-A45F7F284BAA} příliš často nezdařilo načíst záložní seznam.
Záložní prohledávač bude ukončen.
Error: (02/13/2021 08:09:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 08:08:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby BlueSoleilCS bylo dosaženo časového limitu (30000 ms).
Error: (02/13/2021 07:51:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 07:51:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 07:50:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby BlueSoleilCS bylo dosaženo časového limitu (30000 ms).
Error: (02/13/2021 07:49:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x00000050 (0xfffffa800ba07000, 0x0000000000000001, 0xfffff880098d2bd5, 0x0000000000000000). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 021321-20701-01
Error: (02/13/2021 07:49:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (19:47:50, 13.2.2021) bylo neočekávané.
Windows Defender:
=================
CodeIntegrity:
==============
Date: 2021-02-13 20:18:45.800
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 20:18:45.777
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 18:08:42.808
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 18:08:42.789
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 16:08:51.762
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 16:08:51.737
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 14:09:26.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 14:09:26.282
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Insyde F.14 10/04/2013
Motherboard: Hewlett-Packard 1970
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 3994.36 MB
Available physical RAM: 1465.39 MB
Total Virtual: 8088.54 MB
Available Virtual: 5199.43 MB
==================== Drives ================================
Drive c: (Sedm) (Fixed) (Total:60 GB) (Free:2.55 GB) NTFS
Drive d: (Data) (Fixed) (Total:638.54 GB) (Free:18.62 GB) NTFS
\\?\Volume{a9df2ec4-b51a-11e3-a061-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 710FD2B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=05)
==================== End of Addition.txt =======================
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-13-2021
# Duration: 00:00:40
# OS: Windows 7 Professional
# Scanned: 31956
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1639 octets] - [07/06/2018 00:19:45]
AdwCleaner[C00].txt - [1673 octets] - [07/06/2018 00:26:57]
AdwCleaner[S01].txt - [1535 octets] - [13/02/2021 20:03:13]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-02-2021
Ran by aja (administrator) on AJA-NTB (Hewlett-Packard HP Pavilion 15 Notebook PC) (13-02-2021 21:05:35)
Running from D:\Plocha
Loaded Profiles: aja
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\aja\AppData\Local\FluxSoftware\Flux\flux.exe
(GlavSoft LLC. -> GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hi-Rez Studios) [File not signed] D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Softland S.R.L. -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2013-10-17] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126200 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [f.lux] => C:\Users\aja\AppData\Local\FluxSoftware\Flux\flux.exe [1469968 2020-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [Spotify] => C:\Users\aja\AppData\Roaming\Spotify\Spotify.exe [23722056 2021-02-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [Discord] => C:\Users\aja\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: V - V:\setup.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {50822d89-a616-11e8-aa85-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7db-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7ec-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {7ee16692-b395-11e8-93a8-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {999871d2-6be8-11e9-a7b2-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {a8d56778-d315-11e5-908f-a0d3c152f807} - F:\autorun.exe
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw72: C:\Windows\System32\spool\prtprocs\x64\hpzppw72.dll [257024 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\doPDF 7 Monitor: C:\Windows\system32\dopdfmn7.dll [25888 2014-03-19] (Softland S.R.L. -> Softland)
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\Windows\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3lw72: C:\Windows\system32\hpz3lw72.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK [2016-04-28]
ShortcutTarget: Registration Assassin's Creed.LNK -> D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\replacefunckeys.ahk [2018-07-26] () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0AEDDC88-E915-4650-B2E3-4489DFF45B90} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {13C7EB83-2A1A-42D7-A360-69E282AF456C} - \{FDE55449-AF58-4C4F-B28C-94B8154AA81A} -> No File <==== ATTENTION
Task: {1D31571A-D93E-4D54-AD64-3E3EB556A959} - \{981B7714-33E0-432F-A022-0BDDC2ECEA19} -> No File <==== ATTENTION
Task: {1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD} - \{A845BF78-9E3E-4E5F-84B4-96B977815136} -> No File <==== ATTENTION
Task: {2A03F595-A8FA-48E4-AEA3-C3C284E565B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2B0721A9-F356-4D55-95EE-F0B1A5900E64} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [233176 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6} - \{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4} -> No File <==== ATTENTION
Task: {588572F1-85DE-4B98-A5A5-4F895D08ABF0} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {5FDC2A8C-88F6-4FA2-9654-60986524D9A6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {6FFEA7BB-303E-4378-80F4-795771F49269} - \StartDVR -> No File <==== ATTENTION
Task: {73DB9093-89F0-4F5A-9637-21AF08BAB9FC} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E} - \Avast Software\Overseer -> No File <==== ATTENTION
Task: {8E124E2B-E485-44EF-8E2C-CB97BD295EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {9B87201F-0FE4-45E4-887C-2F20D500F12F} - \AMDLinkUpdate -> No File <==== ATTENTION
Task: {B1A7C8FE-9B11-4F6A-87EB-6D88C1A6B3E9} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2649200 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B8CAE4CA-BFB5-482D-B174-A143FA8FD504} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {DF79AF6C-2BED-402E-A374-388A2143DCA2} - \ModifyLinkUpdate -> No File <==== ATTENTION
Task: {F3328174-6D70-43E8-9FBF-8A41CFBDC2AC} - \StartCN -> No File <==== ATTENTION
Task: {F80EB2B8-5E55-44AB-BDB1-30DD05EF0298} - \Defraggler Volume C Task -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.120.250
Tcpip\..\Interfaces\{9B50915E-1AA6-4AD9-AD34-A0C9339CDD45}: [DhcpNameServer] 192.168.137.1
Tcpip\..\Interfaces\{B65319CF-2650-44F3-A9F4-A45F7F284BAA}: [DhcpNameServer] 192.168.120.250
FireFox:
========
FF ProfilePath: C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default [2020-11-01]
FF user.js: detected! => C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\user.js [2018-06-07]
FF DownloadDir: C:\Users\Aja\Downloads
FF Homepage: Mozilla\Firefox\Profiles\0yy4fbsg.default -> hxxp://www.google.cz/
FF Session Restore: Mozilla\Firefox\Profiles\0yy4fbsg.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\Extensions\abs@avira.com.xpi [2016-02-28] [Legacy]
FF Extension: (ChatZilla) - C:\Users\aja\AppData\Roaming\Mozilla\Firefox\Profiles\0yy4fbsg.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-01-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default [2021-02-13]
CHR HomePage: Default -> hxxp://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-11]
CHR Extension: (Dokumenty) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-11]
CHR Extension: (Disk Google) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (MEGA) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2021-02-11]
CHR Extension: (YouTube) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-11]
CHR Extension: (uBlock Origin) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-02-08]
CHR Extension: (Screen Recorder for Google Chrome™) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclbecdgdoahkliaijlpkigldlkojjdn [2020-10-14]
CHR Extension: (Adobe Acrobat) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-17]
CHR Extension: (Tabulky) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-02-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\aja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]
CHR Profile: C:\Users\aja\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\aja\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-10-05]
CHR HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1205960 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573960 2021-01-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384360 2020-12-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [246168 2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1579880 2013-12-27] (IVT CORPORATION -> IVT Corporation)
S3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-12-16] (IVT CORPORATION -> IVT Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-12-12] (Intel(R) Driver & Support Assistant -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2019-06-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 hpqwmiex; C:\Users\aja\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe [794112 2014-03-26] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-11-18] (Softland S.R.L. -> Microsoft)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-12-28] (Even Balance, Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC. -> GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-15] (Microsoft Windows -> Microsoft Corporation)
S3 Intel(R) SUR QC SAM; "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [222200 2020-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [178720 2020-05-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (Ralink Technology Corporation -> IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (Ralink Technology Corporation -> IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Mediatek Inc. -> Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (IVT CORPORATION -> Ralink Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-23] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-23] (Disc Soft Ltd -> Disc Soft Ltd)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [787576 2015-06-09] (Kasherlab Technology Inc. -> www.ext2fsd.com)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1204936 2014-02-12] (Mediatek Inc. -> Ralink Technology, Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-05-29] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-15] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-15] (Microsoft Corporation) [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (Ralink Technology Corporation -> IVT Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-13 19:49 - 2021-02-13 19:49 - 596047514 _____ C:\Windows\MEMORY.DMP
2021-02-13 19:49 - 2021-02-13 19:49 - 000284864 _____ C:\Windows\Minidump\021321-20701-01.dmp
2021-02-13 18:40 - 2021-02-13 21:06 - 000000000 ____D C:\FRST
2021-02-12 21:34 - 2021-02-12 21:34 - 000000017 _____ C:\Users\aja\AppData\Local\resmon.resmoncfg
2021-02-12 21:21 - 2021-02-12 21:22 - 000000000 ____D C:\Users\aja\AppData\Local\TeamViewer
2021-02-12 21:21 - 2021-02-12 21:21 - 000000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-07 21:57 - 2021-02-07 21:58 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\aja\Downloads\Zoom_cm_fik4fkwZ9vvrZo4_mCEbU7h-SZDwgbcuVAmr8ktGXDuJkFQMeqeU@JTrx2WoAS8F3AWlm_k0be628b127e0600e_.exe
2021-01-27 00:24 - 2021-01-27 00:25 - 000000000 ____D C:\Users\aja\AppData\Local\Discord
2021-01-19 13:58 - 2021-01-19 13:58 - 000253992 _____ (Cisco Webex LLC) C:\Users\aja\Downloads\webex.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-13 21:05 - 2017-08-27 19:38 - 000000000 ____D C:\Users\aja\AppData\Roaming\discord
2021-02-13 21:04 - 2019-06-30 18:33 - 000000000 ____D C:\Users\aja\AppData\Local\Spotify
2021-02-13 20:18 - 2009-07-14 05:45 - 000032448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-13 20:18 - 2009-07-14 05:45 - 000032448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-13 20:11 - 2019-06-30 18:32 - 000000000 ____D C:\Users\aja\AppData\Roaming\Spotify
2021-02-13 20:10 - 2016-01-07 22:20 - 000000000 __SHD C:\Users\aja\IntelGraphicsProfiles
2021-02-13 20:09 - 2015-12-14 18:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-13 20:07 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-13 19:49 - 2014-04-25 18:28 - 000000000 ____D C:\Windows\Minidump
2021-02-13 14:40 - 2009-07-14 05:45 - 000441064 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-12 21:23 - 2014-03-26 21:12 - 000116656 _____ C:\Users\aja\AppData\Local\GDIPFONTCACHEV1.DAT
2021-02-12 20:50 - 2011-04-12 09:34 - 000669830 _____ C:\Windows\system32\perfh005.dat
2021-02-12 20:50 - 2011-04-12 09:34 - 000141956 _____ C:\Windows\system32\perfc005.dat
2021-02-12 20:50 - 2009-07-14 06:13 - 001586648 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-12 20:50 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-02-12 20:25 - 2016-01-07 21:23 - 000000000 ____D C:\Users\aja\AppData\Roaming\vlc
2021-02-12 18:53 - 2015-12-14 19:08 - 000000000 ____D C:\Users\aja\AppData\Roaming\TeamViewer
2021-02-12 18:53 - 2014-03-26 20:53 - 000000000 ___HD C:\AMD
2021-02-12 18:04 - 2014-03-26 22:19 - 000000000 ____D C:\Users\aja\AppData\Roaming\uTorrent
2021-02-10 01:03 - 2020-09-30 19:36 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-02-10 01:02 - 2018-09-21 23:34 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-08 22:25 - 2015-04-23 11:56 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-05 16:47 - 2020-10-29 16:27 - 000003596 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2021-02-05 13:16 - 2016-02-01 22:49 - 000003386 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 13:16 - 2016-02-01 22:49 - 000003258 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-03 21:07 - 2020-10-29 16:28 - 000003668 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate
2021-02-03 12:12 - 2017-09-20 04:57 - 000003292 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2021-01-27 11:59 - 2017-10-05 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-01-27 00:25 - 2017-08-27 19:38 - 000000000 ____D C:\Users\aja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-01-27 00:25 - 2017-08-27 19:37 - 000000000 ____D C:\Users\aja\AppData\Local\SquirrelTemp
2021-01-21 21:28 - 2020-12-28 21:14 - 000000000 ____D C:\Users\aja\Documents\The Witcher 3
2021-01-18 09:08 - 2020-08-24 21:03 - 000032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories ========
2017-04-15 10:26 - 2017-07-04 13:07 - 007137216 _____ (Geek Unіnstaller) C:\Program Files\geek.exe
2014-06-15 23:52 - 2021-01-01 17:37 - 000011776 _____ () C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-07-01 19:50 - 2020-07-01 19:50 - 000001456 _____ () C:\Users\aja\AppData\Local\psppirerc
2014-08-30 20:25 - 2014-09-02 20:53 - 000000600 _____ () C:\Users\aja\AppData\Local\PUTTY.RND
2020-07-01 19:50 - 2020-07-01 19:50 - 000000722 _____ () C:\Users\aja\AppData\Local\recently-used.xbel
2021-02-12 21:34 - 2021-02-12 21:34 - 000000017 _____ () C:\Users\aja\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-02-11 12:17
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2021
Ran by aja (13-02-2021 21:08:10)
Running from D:\Plocha
Windows 7 Professional Service Pack 1 (X64) (2014-03-26 19:21:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3285070336-867792745-467015435-500 - Administrator - Disabled)
aja (S-1-5-21-3285070336-867792745-467015435-1000 - Administrator - Enabled) => C:\Users\aja
Guest (S-1-5-21-3285070336-867792745-467015435-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . (HKLM\...\{EAA6C597-BD0D-454D-AEB7-FF0A57905C1C}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{8CBC102C-34F4-4EB9-9529-3B222367621F}) (Version: 3.7.0.6 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20135 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.414 - Adobe)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
AutoHotkey 1.1.29.01 (HKLM\...\AutoHotkey) (Version: 1.1.29.01 - Lexikos)
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2101.2070 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.1.24458 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.44.15540 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{00BA5D43-DC76-4DF2-A38C-5D3B8FABF5E4}) (Version: 3.54.3529.0458 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4500 (HKLM-x32\...\{9DC11D9A-6DCD-4064-8363-63914A0122AB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cute Screen Recorder Free Version 1.6.0.8 (HKLM-x32\...\Cute Screen Recorder Free Version_is1) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{19BC09B5-F319-4A61-A878-475E7F7054EA}) (Version: 1.1.195.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Flux) (Version: - f.lux Software LLC)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.76.5239 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.7.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{AA6F009F-0CCD-4DD6-A462-28419C101D54}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\IMVU Avatar chat client software BETA) (Version: - )
Intel(R) Computing Improvement Program (HKLM\...\{93FE134F-7678-4D90-A849-6FF6EB28CCDF}) (Version: 2.4.04289 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{f0bbb6e9-80c3-4fe8-8691-b51d1281d69e}) (Version: 3.7.0.6 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 3.2.1.2664 - Kakao Corp.)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 cs)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
novaPDF 8 (HKLM\...\{8608C4B2-639F-4F52-9EC5-27E1D8798F6E}) (Version: 8.5.938 - Softland) Hidden
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{A53F3DB0-ECBA-4CA0-A4AC-518FA7347A02}) (Version: 8.6.942 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{80DBAF1D-E308-43B6-8AA7-8F963391885D}) (Version: 8.6.942 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{BB360DC6-5476-44A0-9867-345A993587AB}) (Version: 8.6.942 - Softland)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
osu! (HKLM-x32\...\{2718f898-9bfa-4cb3-800a-fa7564e2d9ba}) (Version: latest - ppy Pty Ltd)
osu! (HKLM-x32\...\{4d51be9e-36ca-4ea4-99cd-31ce8c801648}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PS_AIO_04_C4500_Software_Min (HKLM-x32\...\{CF408B76-8698-4298-B549-5E6A94931B64}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Ralink Bluetooth Stack (HKLM\...\{B346BD6C-AE56-7DD3-175C-2374C7113BCB}) (Version: 11.0.752.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype verze 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Spotify) (Version: 1.1.52.687.gf5565fe5 - Spotify AB)
SRWare Iron verze 55.0.2900.1 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: 55.0.2900.1 - SRWare)
Starshine 1.díl (HKLM-x32\...\{73B3C57B-3ED7-40DB-A554-32EB5D35F84E}) (Version: 1.00.000 - )
Starshine 2.díl (HKLM-x32\...\{2FA1102F-DE05-4E79-8CED-E5BAABFC2FEF}) (Version: 1.00.000 - )
Starshine 3.díl (HKLM-x32\...\{A7123032-A8DA-48AC-9F5D-0A3B14698375}) (Version: 1.00.000 - )
Starshine 4.díl (HKLM-x32\...\{C4ECF493-29C4-4CB7-903E-90C28F3D0C00}) (Version: 1.00.000 - )
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19.4 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version: - GOG.com)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneBlade (HKLM-x32\...\{55CB4047-9486-4D47-86B8-D8007F0D8540}) (Version: 1.8.0 - TuneBlade)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VideoCam Suite (HKLM-x32\...\{8113EBFB-1524-4202-AECF-5F2C037FEF8C}) (Version: 1.00.821 - Panasonic) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3285070336-867792745-467015435-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-01-20] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2013-12-16] (IVT CORPORATION -> TODO: <公司名>)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-01-20] (Google LLC -> Google)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-01-20] (Google LLC -> Google)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-12-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [442368 2004-08-18] (On2.com) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\aja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\aja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3373c9ebc3a5e445\Chromium.lnk -> C:\Program Files (x86)\SRWare Iron\chrome.exe () -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2018-12-06 19:54 - 2018-12-06 19:54 - 000173432 _____ (AMD PMP-PE CB Code Signer v20180327 -> Advanced Micro Devices, Inc.) [File not signed] C:\Windows\system32\amdihk64.dll
2009-05-21 19:05 - 2009-05-21 19:05 - 000097280 _____ (Hewlett Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 001171456 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000538112 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000307712 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000205824 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000629248 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000032256 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-09-20 10:56 - 2009-09-20 10:56 - 000274432 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2009-09-20 10:56 - 2009-09-20 10:56 - 000293376 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000049664 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-05-21 19:05 - 2009-05-21 19:05 - 000326144 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000931328 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2009-09-20 11:07 - 2009-09-20 11:07 - 000057856 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000203776 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000285184 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
2009-09-20 11:07 - 2009-09-20 11:07 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2009-09-20 11:36 - 2009-09-20 11:36 - 000150528 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-09-20 11:07 - 2009-09-20 11:07 - 000485888 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
2010-10-22 12:08 - 2010-10-22 12:08 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2009-05-21 17:57 - 2009-05-21 17:57 - 000040960 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
2009-05-21 17:57 - 2009-05-21 17:57 - 000038912 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\hpzipr12.dll
2016-01-07 20:53 - 2015-12-31 15:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-08-22 11:08 - 2013-08-22 11:08 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-08-22 11:08 - 2013-08-22 11:08 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-03-26 22:55 - 2014-03-26 22:55 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\msvcm90.dll
2014-03-26 22:54 - 2014-03-26 22:54 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
2014-03-26 22:53 - 2014-03-26 22:53 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2015-09-25 22:34 - 2015-09-28 19:08 - 000255488 _____ (Sysprogs OU) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 8) (Whitelisted) ==========
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3285070336-867792745-467015435-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle America, Inc. -> Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-02-24] (Microsoft Windows -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-10-14 09:52 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2020-04-09 23:53 - 2020-04-10 00:04 - 000000501 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Livestreamer
HKU\S-1-5-21-3285070336-867792745-467015435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\aja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.120.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5F6B1FA5-0498-44EC-8ECB-325AFF201392}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{58E238F7-1057-46D3-840D-2BE44FA98C24}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{E555E798-E081-4D0A-86A7-E786E3512A7B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{07B1DD74-38BD-41D8-BC13-D8481FFB96D3}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT CORPORATION -> IVT Corporation)
FirewallRules: [{0F92C657-7EFA-447F-97B8-2B5517934CB1}] => (Allow) C:\Users\aja\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{04A6ADA3-D4F7-4915-A80B-2F3931821DAB}] => (Allow) C:\Users\aja\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{877A562D-1622-40FD-9493-F8BBD8E51D08}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC. -> GlavSoft LLC.)
FirewallRules: [TCP Query User{05FB8F5B-ABBE-44B8-A873-3F1CCB41C680}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{D6399B91-D2EB-41C0-93BD-3AEDEFDC3567}D:\hry\warcraft iii\war3.exe] => (Allow) D:\hry\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A352CD74-F3C4-489C-8EAE-BC250F37B02C}D:\hry\cs16\hl.exe] => (Allow) D:\hry\cs16\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{BC1BCED3-E083-4F64-9A0B-CE8BB42C36B4}D:\hry\cs16\hl.exe] => (Allow) D:\hry\cs16\hl.exe (Valve) [File not signed]
FirewallRules: [{17090002-63C5-4B64-A364-C88676642C04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{6BD8BE7C-ED84-4030-80A4-D2ECB59F5B51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{079E7FB4-21B6-4CB7-8E00-7814C3CCDB23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{68426033-68E1-4FCB-A983-2A6862E97582}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{61C80B22-33D2-49BC-A43C-DB44B86B5A15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{AD6653D7-4530-44A3-866F-B745556DF24E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{E843EB28-4214-4DA3-A432-AC86B8C10392}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D05BE9D7-0D7C-46D4-84BB-1774B03D89CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{E9013AAC-0D67-400D-B978-DA54ACDED9FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{43BB1492-E98A-4873-A050-01DCF942F61B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{31BB9555-6B1D-4ACB-BB5B-008F0C353288}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{CB122C81-4005-4F91-9EC9-C170F0366EAF}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{BF950AD4-3AD9-4523-8B7A-2F478E220BA7}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{12C13813-7CF6-488D-AEF9-4A47C5E29AFC}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{63250475-385C-4A8D-9187-B009CFE9B0D0}] => (Allow) D:\Hry\League of Legends\lol.launcher.exe (Riot Games, Inc. -> )
FirewallRules: [{CAFED2BD-013D-40AF-9749-FA888B989680}] => (Allow) D:\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3898DF7B-0BE2-4C84-A021-B8BF95DFE6E9}] => (Allow) D:\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7228E6DA-77BC-4654-9F6B-7DF119ACAC80}] => (Allow) D:\Hry\Hearthstone\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{9AEC69BF-70BC-451E-A0BB-D25E992964FC}] => (Allow) D:\Hry\Hearthstone\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{0789CD24-D8E7-4C50-93F7-A7DF953A9C32}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{C20335D3-0CB0-41DD-8B8E-29165FB21D37}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4D8BB909-C5D4-43B8-8945-DDD64D07A614}D:\hry\warcraft iii platinovka\war3.exe] => (Allow) D:\hry\warcraft iii platinovka\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{2238B2BE-EC9D-4C6A-8257-8208F418DF56}D:\hry\warcraft iii platinovka\war3.exe] => (Allow) D:\hry\warcraft iii platinovka\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{BA41ED42-7482-4527-80D6-C2FADECCEACA}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{4BD2F1A8-FF3D-4771-85F4-045DAEF0FE37}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{9F0803E8-E2CF-49CC-9F19-6867410A3165}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{972D6CA6-5E2F-4B6D-84D8-52DA713449C9}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [TCP Query User{4895B475-AA0C-4911-83ED-FDB8467A27D5}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [UDP Query User{B4B3B143-827F-423E-886F-74E45C95DB9C}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [{AFBBFDC0-B84A-491A-91E4-37427E15F274}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8FC25935-9C9E-4576-8D67-B9CB19750375}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{60AC36D8-D012-49AE-9122-51CDCAF24B97}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{45F4D565-D423-423A-A7DD-F7CEAE35326B}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{A5CDBC47-BB2E-4249-8143-D88A4171AD26}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{1AB90708-4CFD-484E-A5A0-7E53679B918F}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [{1681D742-6475-42F2-9B59-7FA6AA187357}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [TCP Query User{0387DB6E-3D0C-46A9-95E6-2053D4A0A666}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{56751935-238B-4CC3-BE8D-DBD541AFC556}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [{6E1B9833-1550-4262-88C3-C70D7CC4C1EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C094F1AE-73CE-486B-BA85-AB4F053CC843}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{0C0DFA74-EF21-48A7-B677-82B1961356A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{A411D506-538C-474C-9FD8-FD7B4000ACA4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{7C3F3FC4-A1D0-45AC-B69D-15FB97216549}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B6AC2127-41D4-42A7-8D8E-340D380B6DCD}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{2A03EA01-BEB1-45DC-BA1F-5CEE27B55FE1}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{CCB3238C-2BBE-4AE0-91AE-DA7AC7782C5D}D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\hry\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [TCP Query User{D959DA79-473A-4FA7-BE15-BD90EA90D3CE}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [UDP Query User{6719C012-7C80-4356-9709-4F860E1DC191}D:\hry\flatout 2\flatout2.exe] => (Allow) D:\hry\flatout 2\flatout2.exe () [File not signed]
FirewallRules: [TCP Query User{8CCCF233-D6E5-48AC-9310-3EA8CCDCBEE0}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{73309E6B-EE7D-4187-968A-309B0690F542}D:\hry\call of duty 2\cod2mp_s.exe] => (Allow) D:\hry\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [TCP Query User{3FD57E62-8ACB-405D-A788-8DA7A1BD64CF}D:\plocha\bulanci.exe] => (Allow) D:\plocha\bulanci.exe () [File not signed]
FirewallRules: [UDP Query User{ED70EF75-F22C-4731-8491-E7C2D11A1D4E}D:\plocha\bulanci.exe] => (Allow) D:\plocha\bulanci.exe () [File not signed]
FirewallRules: [{B1A34F38-E7E4-4904-8236-A3B1CD6BBB6F}] => (Allow) D:\Hry\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games) [File not signed]
FirewallRules: [{09302FCD-99AB-4C14-AF36-32B3693D8AE3}] => (Allow) D:\Hry\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe (Telltale Games) [File not signed]
FirewallRules: [TCP Query User{52B67638-CDCF-4D9A-BA09-4DA49D8A2342}D:\hry\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hry\hearthstone\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{BC831689-C6DD-4E8B-B6B0-0EF824A44A21}D:\hry\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\hry\hearthstone\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{D5F8AF51-9076-474C-9DCC-1D51BBA7F20F}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{34E6D837-5D8F-4CFA-90E2-6E2DC0EFF8F7}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{920615D8-0B85-471C-AE8D-9926EB64991A}] => (Allow) D:\Hry\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{29502BDC-3D41-4870-B710-0CA5FADC4156}] => (Allow) D:\Hry\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{75B0D7B5-F880-4FAF-A03F-12A8825B021F}] => (Allow) D:\Hry\Steam\steamapps\common\Limbo\limbo.exe (Playdead) [File not signed]
FirewallRules: [{17138187-44A4-4878-A6FE-9B12B05E9AC6}] => (Allow) D:\Hry\Steam\steamapps\common\Limbo\limbo.exe (Playdead) [File not signed]
FirewallRules: [TCP Query User{224DD891-9AD8-4AAF-B2AC-625D7CFEAD52}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{B433D18B-AA41-48A6-84D8-C44028D252D6}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{CDDE7470-C788-47C2-9295-AA204FDA792B}] => (Allow) D:\Hry\Steam\steamapps\common\CaptainSpirit\CaptainSpirit\Binaries\Win64\CaptainSpirit-Win64-Shipping.exe (Square Enix) [File not signed]
FirewallRules: [{2EC5726A-FE9E-4F91-82FF-032C50EC7C96}] => (Allow) D:\Hry\Steam\steamapps\common\CaptainSpirit\CaptainSpirit\Binaries\Win64\CaptainSpirit-Win64-Shipping.exe (Square Enix) [File not signed]
FirewallRules: [{877FBAEF-77ED-4D90-B980-D31667D9E470}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{00896ED6-6737-421D-A89F-D4A3E0B75F20}] => (Allow) D:\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{ADC10144-E4D9-446D-AD73-995ED19DC0E2}] => (Allow) D:\Hry\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{C74F2163-546B-4DDF-874D-B7DAD9731F2F}] => (Allow) D:\Hry\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{FB7F0A2B-3F92-4C1D-A6D8-AFE431B14484}] => (Allow) D:\Hry\Steam\steamapps\common\Ori\ori.exe () [File not signed]
FirewallRules: [{453C56AC-ADCC-4272-8793-5B476492C657}] => (Allow) D:\Hry\Steam\steamapps\common\Ori\ori.exe () [File not signed]
FirewallRules: [{AD1A2463-D8B3-45B5-BF64-A6AD11C6D1B0}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{CA97A851-2E21-4829-AFCF-386891218B4E}] => (Allow) D:\Hry\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{367EB5BC-6B74-48FB-8099-9C8FE3317090}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{86080BBA-B98A-4947-9D69-48F8E42A0F4F}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{ACC29842-1088-485F-8CE0-0530839C0DA6}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{ACD1EA84-2B27-4037-A19F-D7AEB5D2A4AF}D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\hry\world of warcraft ofic + battle.net\world of warcraft\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{536A8B04-1D5C-4118-B9F5-29F751823357}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{E3514E0C-0677-4F02-8142-4F649D86A223}] => (Allow) D:\Hry\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [TCP Query User{04880BE5-44E0-4AB0-84E5-35101C302084}D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F017C83F-3734-4F07-A54E-0AB5C6E0E571}D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{0A1F3159-9D14-457E-ADB8-8B5E59D4C9C7}D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{DA1CF9BC-2413-418D-B4B9-A1BE4DACF8BD}D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\hry\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{6104E39F-F94C-4BB3-91A0-28A779F43C0F}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{D8F3E812-1EBD-4320-A6E6-CB900CB8EEEE}C:\program files\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{E7DDF157-E893-4F83-93A4-23698923C24C}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0F691D78-9DC5-4D31-BE14-C514AC8A7257}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{883FCB1C-3596-499B-870B-1D0002354667}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{079D33D8-A13A-47EA-B2A7-C64155AAC487}C:\users\aja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aja\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7717AAB4-F1BA-4426-8CCD-C043DB44FDEB}] => (Allow) D:\Hry\Steam\steamapps\common\AION\NCLauncher.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [{82DA82FD-FD05-4600-BA1E-C1280193BD40}] => (Allow) D:\Hry\Steam\steamapps\common\AION\NCLauncher.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [{9BB5A51A-93E8-4EE9-97B7-419340248482}] => (Allow) D:\Program Files (x86)\TuneBlade\Tuneblade.exe (Breakfree Audio -> TuneBlade)
FirewallRules: [{6A9CAE43-8DD3-4837-8D3F-5506459BC9B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FE1FFEA1-2D76-4CFC-A6A3-786BFB5FDBB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{118FB184-3046-4324-9884-5B33254C6404}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4EF4A8A1-0157-4CAD-9542-8F3A0F7AB500}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{E8F5A5A8-CBD6-49F4-AE38-47F86ED82D01}D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [UDP Query User{28E81B4D-6A97-4028-A4D4-DCE7E0629B76}D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{A944D78C-89C2-402D-9778-45F2474E782B}] => (Block) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{BB35B2C4-7B18-49D7-BC12-9161418AE1A5}] => (Block) D:\hry\the.witcher.2.assassins.of.kings.enhanced.edition-skidrow\the witcher 2 enhanced edition\bin\witcher2.exe () [File not signed]
FirewallRules: [{4E2AAC03-6E6B-4EC3-95E9-47CEECA51744}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5365378-AC5E-4DEA-8162-AAF264DC7E28}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{3756D9C3-550E-441C-909A-34B4042DBE6A}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{5C804A77-2E0E-4F53-AAE7-45365595DFB6}D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Block) D:\hry\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{9D9D26B4-5924-4B2E-89DE-0CB68E3D5898}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{45AF5749-161F-46D7-9402-328C92F7DA1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EC884E06-3350-4C71-84AE-E4F6770259FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7E4C34AA-F63B-4952-9E55-0C39A5E4EEFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{74C7CA42-A47C-4739-A924-4920255F778D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7EAAF6C4-79BF-40D3-ADF8-90A7ED94A42A}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{8CA6BC3F-2054-4421-AB8C-869BC419BD51}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{F9E964C7-3962-4015-AA17-29D3D1D45CEA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:60 GB) (Free:2.55 GB) (4%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (02/13/2021 09:10:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 09:10:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 08:39:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.1.7601.22416, časové razítko: 0x5202f49c
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.22436, časové razítko: 0x521eb03f
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000187dd
ID chybujícího procesu: 0x6a0
Čas spuštění chybující aplikace: 0x01d7023b7393d26d
Cesta k chybující aplikaci: C:\Windows\Explorer.EXE
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 2244482e-6e33-11eb-b9cf-a0d3c152f807
Error: (02/13/2021 08:09:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2021 07:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2021 06:58:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/13/2021 06:50:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
.
Operace:
Vytvoření instance serveru VSS
Error: (02/13/2021 06:50:25 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit. [0x80070422, Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.
]
Operace:
Vytvoření instance serveru VSS
System errors:
=============
Error: (02/13/2021 08:12:37 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Službě Browser se při přenosu \Device\NetBT_Tcpip_{B65319CF-2650-44F3-A9F4-A45F7F284BAA} příliš často nezdařilo načíst záložní seznam.
Záložní prohledávač bude ukončen.
Error: (02/13/2021 08:09:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 08:08:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby BlueSoleilCS bylo dosaženo časového limitu (30000 ms).
Error: (02/13/2021 07:51:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 07:51:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.
Error: (02/13/2021 07:50:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby BlueSoleilCS bylo dosaženo časového limitu (30000 ms).
Error: (02/13/2021 07:49:31 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x00000050 (0xfffffa800ba07000, 0x0000000000000001, 0xfffff880098d2bd5, 0x0000000000000000). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 021321-20701-01
Error: (02/13/2021 07:49:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (19:47:50, 13.2.2021) bylo neočekávané.
Windows Defender:
=================
CodeIntegrity:
==============
Date: 2021-02-13 20:18:45.800
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 20:18:45.777
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 18:08:42.808
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 18:08:42.789
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 16:08:51.762
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 16:08:51.737
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 14:09:26.297
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
Date: 2021-02-13 14:09:26.282
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Insyde F.14 10/04/2013
Motherboard: Hewlett-Packard 1970
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 3994.36 MB
Available physical RAM: 1465.39 MB
Total Virtual: 8088.54 MB
Available Virtual: 5199.43 MB
==================== Drives ================================
Drive c: (Sedm) (Fixed) (Total:60 GB) (Free:2.55 GB) NTFS
Drive d: (Data) (Fixed) (Total:638.54 GB) (Free:18.62 GB) NTFS
\\?\Volume{a9df2ec4-b51a-11e3-a061-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 710FD2B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=05)
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: V - V:\setup.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {50822d89-a616-11e8-aa85-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7db-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7ec-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {7ee16692-b395-11e8-93a8-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {999871d2-6be8-11e9-a7b2-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {a8d56778-d315-11e5-908f-a0d3c152f807} - F:\autorun.exe
ShortcutTarget: Registration Assassin's Creed.LNK -> D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe (No File)
Task: {0AEDDC88-E915-4650-B2E3-4489DFF45B90} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {13C7EB83-2A1A-42D7-A360-69E282AF456C} - \{FDE55449-AF58-4C4F-B28C-94B8154AA81A} -> No File <==== ATTENTION
Task: {1D31571A-D93E-4D54-AD64-3E3EB556A959} - \{981B7714-33E0-432F-A022-0BDDC2ECEA19} -> No File <==== ATTENTION
Task: {1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD} - \{A845BF78-9E3E-4E5F-84B4-96B977815136} -> No File <==== ATTENTION
Task: {2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6} - \{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4} -> No File <==== ATTENTION
Task: {588572F1-85DE-4B98-A5A5-4F895D08ABF0} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {5FDC2A8C-88F6-4FA2-9654-60986524D9A6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {6FFEA7BB-303E-4378-80F4-795771F49269} - \StartDVR -> No File <==== ATTENTION
Task: {8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E} - \Avast Software\Overseer -> No File <==== ATTENTION
Task: {9B87201F-0FE4-45E4-887C-2F20D500F12F} - \AMDLinkUpdate -> No File <==== ATTENTION
Task: {B8CAE4CA-BFB5-482D-B174-A143FA8FD504} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {DF79AF6C-2BED-402E-A374-388A2143DCA2} - \ModifyLinkUpdate -> No File <==== ATTENTION
Task: {F3328174-6D70-43E8-9FBF-8A41CFBDC2AC} - \StartCN -> No File <==== ATTENTION
Task: {F80EB2B8-5E55-44AB-BDB1-30DD05EF0298} - \Defraggler Volume C Task -> No File <==== ATTENTION
Task: {8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {8E124E2B-E485-44EF-8E2C-CB97BD295EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3285070336-867792745-467015435-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FirewallRules: [{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{60AC36D8-D012-49AE-9122-51CDCAF24B97}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{45F4D565-D423-423A-A7DD-F7CEAE35326B}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{A5CDBC47-BB2E-4249-8143-D88A4171AD26}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-02-2021
Ran by aja (13-02-2021 22:27:30) Run:1
Running from D:\Plocha
Loaded Profiles: aja
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: V - V:\setup.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {50822d89-a616-11e8-aa85-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7db-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7ec-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {7ee16692-b395-11e8-93a8-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {999871d2-6be8-11e9-a7b2-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {a8d56778-d315-11e5-908f-a0d3c152f807} - F:\autorun.exe
ShortcutTarget: Registration Assassin's Creed.LNK -> D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe (No File)
Task: {0AEDDC88-E915-4650-B2E3-4489DFF45B90} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {13C7EB83-2A1A-42D7-A360-69E282AF456C} - \{FDE55449-AF58-4C4F-B28C-94B8154AA81A} -> No File <==== ATTENTION
Task: {1D31571A-D93E-4D54-AD64-3E3EB556A959} - \{981B7714-33E0-432F-A022-0BDDC2ECEA19} -> No File <==== ATTENTION
Task: {1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD} - \{A845BF78-9E3E-4E5F-84B4-96B977815136} -> No File <==== ATTENTION
Task: {2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6} - \{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4} -> No File <==== ATTENTION
Task: {588572F1-85DE-4B98-A5A5-4F895D08ABF0} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {5FDC2A8C-88F6-4FA2-9654-60986524D9A6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {6FFEA7BB-303E-4378-80F4-795771F49269} - \StartDVR -> No File <==== ATTENTION
Task: {8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E} - \Avast Software\Overseer -> No File <==== ATTENTION
Task: {9B87201F-0FE4-45E4-887C-2F20D500F12F} - \AMDLinkUpdate -> No File <==== ATTENTION
Task: {B8CAE4CA-BFB5-482D-B174-A143FA8FD504} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {DF79AF6C-2BED-402E-A374-388A2143DCA2} - \ModifyLinkUpdate -> No File <==== ATTENTION
Task: {F3328174-6D70-43E8-9FBF-8A41CFBDC2AC} - \StartCN -> No File <==== ATTENTION
Task: {F80EB2B8-5E55-44AB-BDB1-30DD05EF0298} - \Defraggler Volume C Task -> No File <==== ATTENTION
Task: {8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {8E124E2B-E485-44EF-8E2C-CB97BD295EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3285070336-867792745-467015435-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FirewallRules: [{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{60AC36D8-D012-49AE-9122-51CDCAF24B97}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{45F4D565-D423-423A-A7DD-F7CEAE35326B}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{A5CDBC47-BB2E-4249-8143-D88A4171AD26}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\V => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50822d89-a616-11e8-aa85-a0d3c152f807} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4fa7db-615c-11e9-873e-8056f275a1a2} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4fa7ec-615c-11e9-873e-8056f275a1a2} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ee16692-b395-11e8-93a8-a0d3c152f807} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{999871d2-6be8-11e9-a7b2-8056f275a1a2} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8d56778-d315-11e5-908f-a0d3c152f807} => removed successfully
"D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AEDDC88-E915-4650-B2E3-4489DFF45B90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEDDC88-E915-4650-B2E3-4489DFF45B90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C7EB83-2A1A-42D7-A360-69E282AF456C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C7EB83-2A1A-42D7-A360-69E282AF456C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDE55449-AF58-4C4F-B28C-94B8154AA81A}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D31571A-D93E-4D54-AD64-3E3EB556A959}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D31571A-D93E-4D54-AD64-3E3EB556A959}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{981B7714-33E0-432F-A022-0BDDC2ECEA19}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A845BF78-9E3E-4E5F-84B4-96B977815136}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{588572F1-85DE-4B98-A5A5-4F895D08ABF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{588572F1-85DE-4B98-A5A5-4F895D08ABF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FDC2A8C-88F6-4FA2-9654-60986524D9A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FDC2A8C-88F6-4FA2-9654-60986524D9A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6FFEA7BB-303E-4378-80F4-795771F49269}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FFEA7BB-303E-4378-80F4-795771F49269}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartDVR" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B87201F-0FE4-45E4-887C-2F20D500F12F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B87201F-0FE4-45E4-887C-2F20D500F12F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMDLinkUpdate" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8CAE4CA-BFB5-482D-B174-A143FA8FD504}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8CAE4CA-BFB5-482D-B174-A143FA8FD504}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF79AF6C-2BED-402E-A374-388A2143DCA2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF79AF6C-2BED-402E-A374-388A2143DCA2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ModifyLinkUpdate" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3328174-6D70-43E8-9FBF-8A41CFBDC2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3328174-6D70-43E8-9FBF-8A41CFBDC2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartCN" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F80EB2B8-5E55-44AB-BDB1-30DD05EF0298}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F80EB2B8-5E55-44AB-BDB1-30DD05EF0298}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Defraggler Volume C Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E124E2B-E485-44EF-8E2C-CB97BD295EAD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E124E2B-E485-44EF-8E2C-CB97BD295EAD}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60AC36D8-D012-49AE-9122-51CDCAF24B97}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45F4D565-D423-423A-A7DD-F7CEAE35326B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5CDBC47-BB2E-4249-8143-D88A4171AD26}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4321375 B
Java, Flash, Steam htmlcache => 310449650 B
Windows/system/drivers => 64961 B
Edge => 0 B
Chrome => 1141467853 B
Firefox => 26553054 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 101856 B
systemprofile32 => 217850 B
LocalService => 284078 B
NetworkService => 350306 B
aja => 16971013 B
RecycleBin => 4819968 B
EmptyTemp: => 1.4 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:29:15 ====
Ran by aja (13-02-2021 22:27:30) Run:1
Running from D:\Plocha
Loaded Profiles: aja
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\Run: [] => [X]
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: V - V:\setup.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {50822d89-a616-11e8-aa85-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7db-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {5f4fa7ec-615c-11e9-873e-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {7ee16692-b395-11e8-93a8-a0d3c152f807} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {999871d2-6be8-11e9-a7b2-8056f275a1a2} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3285070336-867792745-467015435-1000\...\MountPoints2: {a8d56778-d315-11e5-908f-a0d3c152f807} - F:\autorun.exe
ShortcutTarget: Registration Assassin's Creed.LNK -> D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe (No File)
Task: {0AEDDC88-E915-4650-B2E3-4489DFF45B90} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {13C7EB83-2A1A-42D7-A360-69E282AF456C} - \{FDE55449-AF58-4C4F-B28C-94B8154AA81A} -> No File <==== ATTENTION
Task: {1D31571A-D93E-4D54-AD64-3E3EB556A959} - \{981B7714-33E0-432F-A022-0BDDC2ECEA19} -> No File <==== ATTENTION
Task: {1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 -> No File <==== ATTENTION
Task: {29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD} - \{A845BF78-9E3E-4E5F-84B4-96B977815136} -> No File <==== ATTENTION
Task: {2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6} - \{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4} -> No File <==== ATTENTION
Task: {588572F1-85DE-4B98-A5A5-4F895D08ABF0} - \IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon -> No File <==== ATTENTION
Task: {5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {5FDC2A8C-88F6-4FA2-9654-60986524D9A6} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {6FFEA7BB-303E-4378-80F4-795771F49269} - \StartDVR -> No File <==== ATTENTION
Task: {8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E} - \Avast Software\Overseer -> No File <==== ATTENTION
Task: {9B87201F-0FE4-45E4-887C-2F20D500F12F} - \AMDLinkUpdate -> No File <==== ATTENTION
Task: {B8CAE4CA-BFB5-482D-B174-A143FA8FD504} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {DF79AF6C-2BED-402E-A374-388A2143DCA2} - \ModifyLinkUpdate -> No File <==== ATTENTION
Task: {F3328174-6D70-43E8-9FBF-8A41CFBDC2AC} - \StartCN -> No File <==== ATTENTION
Task: {F80EB2B8-5E55-44AB-BDB1-30DD05EF0298} - \Defraggler Volume C Task -> No File <==== ATTENTION
Task: {8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
Task: {8E124E2B-E485-44EF-8E2C-CB97BD295EAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-23] (Google Inc -> Google Inc.)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\aja\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3285070336-867792745-467015435-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FirewallRules: [{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe => No File
FirewallRules: [{60AC36D8-D012-49AE-9122-51CDCAF24B97}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{45F4D565-D423-423A-A7DD-F7CEAE35326B}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe => No File
FirewallRules: [{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
FirewallRules: [{A5CDBC47-BB2E-4249-8143-D88A4171AD26}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3285070336-867792745-467015435-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\V => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50822d89-a616-11e8-aa85-a0d3c152f807} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4fa7db-615c-11e9-873e-8056f275a1a2} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f4fa7ec-615c-11e9-873e-8056f275a1a2} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ee16692-b395-11e8-93a8-a0d3c152f807} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{999871d2-6be8-11e9-a7b2-8056f275a1a2} => removed successfully
HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8d56778-d315-11e5-908f-a0d3c152f807} => removed successfully
"D:\Hry\Assassin's Creed\Register\RegistrationReminder.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AEDDC88-E915-4650-B2E3-4489DFF45B90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEDDC88-E915-4650-B2E3-4489DFF45B90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C7EB83-2A1A-42D7-A360-69E282AF456C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C7EB83-2A1A-42D7-A360-69E282AF456C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDE55449-AF58-4C4F-B28C-94B8154AA81A}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D31571A-D93E-4D54-AD64-3E3EB556A959}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D31571A-D93E-4D54-AD64-3E3EB556A959}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{981B7714-33E0-432F-A022-0BDDC2ECEA19}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F3500AC-E1DF-48DC-A5C0-FB0BB088F7F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D02E91-67F0-4D37-8AE5-ED3BA2C2B4BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A845BF78-9E3E-4E5F-84B4-96B977815136}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFE7C26-7DB0-45B2-BC69-B6BD6A3F82F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{816C3A3F-3DFC-4881-99CB-DEB6DE0B48D4}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{588572F1-85DE-4B98-A5A5-4F895D08ABF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{588572F1-85DE-4B98-A5A5-4F895D08ABF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EF5FB2A-9E74-40E7-AB4C-F8F7806F044B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FDC2A8C-88F6-4FA2-9654-60986524D9A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FDC2A8C-88F6-4FA2-9654-60986524D9A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6FFEA7BB-303E-4378-80F4-795771F49269}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FFEA7BB-303E-4378-80F4-795771F49269}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartDVR" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BC4DCC1-B9E1-4C4B-A538-8C08B0B3C60E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B87201F-0FE4-45E4-887C-2F20D500F12F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B87201F-0FE4-45E4-887C-2F20D500F12F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMDLinkUpdate" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8CAE4CA-BFB5-482D-B174-A143FA8FD504}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8CAE4CA-BFB5-482D-B174-A143FA8FD504}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF79AF6C-2BED-402E-A374-388A2143DCA2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF79AF6C-2BED-402E-A374-388A2143DCA2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ModifyLinkUpdate" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3328174-6D70-43E8-9FBF-8A41CFBDC2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3328174-6D70-43E8-9FBF-8A41CFBDC2AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartCN" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F80EB2B8-5E55-44AB-BDB1-30DD05EF0298}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F80EB2B8-5E55-44AB-BDB1-30DD05EF0298}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Defraggler Volume C Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E3F7C1B-F50A-4E86-83C9-1453B9B6A8A3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E124E2B-E485-44EF-8E2C-CB97BD295EAD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E124E2B-E485-44EF-8E2C-CB97BD295EAD}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\aja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\CLSID\{DB85C504-C730-49DD-BEC1-7B39C6103B7A} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-3285070336-867792745-467015435-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D354FBDE-AC24-460D-86F2-0CDB98A87B1C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4AF84AA-591B-4FEB-8ED0-F2343230AF4A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60AC36D8-D012-49AE-9122-51CDCAF24B97}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45F4D565-D423-423A-A7DD-F7CEAE35326B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCE6A8C1-6B1A-4148-88E6-EE60D7F8F652}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5CDBC47-BB2E-4249-8143-D88A4171AD26}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4321375 B
Java, Flash, Steam htmlcache => 310449650 B
Windows/system/drivers => 64961 B
Edge => 0 B
Chrome => 1141467853 B
Firefox => 26553054 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 101856 B
systemprofile32 => 217850 B
LocalService => 284078 B
NetworkService => 350306 B
aja => 16971013 B
RecycleBin => 4819968 B
EmptyTemp: => 1.4 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:29:15 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Zatím to vypadá dobře, systém nepadá a Avira taky nic nehlásí. Snad to vydrží. Mockrát děkuji za pomoc!
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?