Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Kontrola logu

#1 Příspěvek od PacandaMilan »

Zdravím mohl by mě někdo zkontrolovat?
Předem děkuji, vážím si toho.

Kód: Vybrat vše

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-08-10.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-14-2018
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1270 octets] - [06/05/2018 10:33:43]
AdwCleaner[C00].txt - [1375 octets] - [06/05/2018 10:34:07]
AdwCleaner[S01].txt - [1242 octets] - [06/05/2018 10:52:18]
AdwCleaner[S02].txt - [1932 octets] - [17/06/2018 01:32:52]
AdwCleaner[C02].txt - [2008 octets] - [17/06/2018 01:33:25]
AdwCleaner[S03].txt - [1547 octets] - [28/07/2018 20:39:29]
AdwCleaner[S04].txt - [1608 octets] - [28/07/2018 20:39:57]
AdwCleaner[S05].txt - [1669 octets] - [14/08/2018 12:53:47]
AdwCleaner[S06].txt - [1730 octets] - [14/08/2018 13:41:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C06].txt ##########
PERGL

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Kontrola logu

#2 Příspěvek od PacandaMilan »

Přikládám FRST log

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by micha (administrator) on LAPTOP-M9MKBN0R (14-08-2018 13:54:47)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: defaultuser0 & micha)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\HotkeyMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16779768 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [NerveCenterTray] => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [245088 2017-04-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-09] (Valve Corporation)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-12] (Disc Soft Ltd)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32973712 2018-07-26] (Epic Games, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{a28d02e1-768d-477c-839c-bac021f19737}: [DhcpNameServer] 10.13.0.1
Tcpip\..\Interfaces\{a7ace2ca-3864-4c0d-a97a-39de4aac515e}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{dfaf2556-5153-4b64-9de0-d7c15f29da3a}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> DefaultScope {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL = 
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-21] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> dasdasdasdas
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2018-08-14]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (ColorZilla) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-05-26]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-27]
CHR Extension: (AdBlock) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25]
CHR Extension: (Video Recorder) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\janpabomenbggihohponfklipffjhlfb [2017-05-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6893704 2018-06-23] ()
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-07] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-07-16] (EasyAntiCheat Ltd)
R2 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [392032 2017-04-28] (Lenovo(beijing) Limited)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-29] (Hi-Rez Studios) [File not signed]
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [174200 2016-10-15] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-14] (Intel(R) Corporation)
U3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-02] (Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-02] (Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-15] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-18] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-18] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-11-09] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7987104 2017-04-10] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2158912 2018-03-28] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-28] (Electronic Arts)
R2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [966496 2017-04-28] (Lenovo(beijing) Limited)
S3 SmrtService; C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\faa6191f657c21be819151efc04b94e8e2f3a6f3\smrtsvc64.exe [6403424 2018-07-26] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [290904 2017-10-23] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [173432 2016-08-11] (BayHubTech/O2Micro )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-27] (Disc Soft Ltd)
S3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [46576 2017-04-28] (Lenovo(beijing) Limited)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [733448 2016-10-06] (Intel Corporation)
S3 mtkmbim; C:\WINDOWS\System32\drivers\mtkmbim7_x64.sys [282448 2017-01-03] (MBB)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-14] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_ed3ba3fb30d4dd86\nvlddmkm.sys [15607408 2017-10-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3238368 2017-10-23] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-10-23] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [82944 2017-01-03] (MBB) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [38368 2017-08-17] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 13:54 - 2018-08-14 13:55 - 000021938 _____ C:\Users\micha\Desktop\FRST.txt
2018-08-14 13:54 - 2018-08-14 13:54 - 000000000 ____D C:\FRST
2018-08-14 13:53 - 2018-08-14 13:53 - 002412544 _____ (Farbar) C:\Users\micha\Downloads\FRST64.exe
2018-08-14 13:53 - 2018-08-14 13:53 - 002412544 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2018-08-14 13:53 - 2018-08-14 13:53 - 001773056 _____ (Farbar) C:\Users\micha\Downloads\FRST.exe
2018-08-14 13:52 - 2018-08-14 13:52 - 000015327 _____ C:\Users\micha\Desktop\LM.bat
2018-08-14 13:51 - 2018-08-14 13:52 - 000029696 _____ C:\Users\micha\AppData\Local\MSGBOX.EXE
2018-08-14 13:51 - 2018-08-14 13:51 - 000112640 _____ (forum.viry.cz) C:\Users\micha\Desktop\FRSTLauncher.exe
2018-08-14 12:51 - 2018-08-14 12:52 - 007417040 _____ (Malwarebytes) C:\Users\micha\Downloads\adwcleaner_7.2.2 (1).exe
2018-08-11 23:58 - 2018-08-11 23:58 - 024062288 _____ C:\Users\micha\Downloads\dro_setup.a05a206ed1cb62abf210dcbfd991f720.exe
2018-08-11 23:58 - 2018-08-11 23:58 - 000002044 _____ C:\Users\micha\Desktop\Drakensang Online.lnk
2018-08-11 23:58 - 2018-08-11 23:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2018-08-11 23:58 - 2018-08-11 23:58 - 000000000 ____D C:\Program Files (x86)\Drakensang Online
2018-08-11 22:05 - 2018-08-11 22:05 - 007553647 _____ C:\Users\micha\Downloads\Praeterita-World_Launcher.rar
2018-08-11 21:42 - 2018-08-11 21:43 - 2167714848 _____ C:\Users\micha\Downloads\WoD_2.0_Klient.zip
2018-08-11 17:00 - 2018-08-11 17:01 - 041203627 _____ C:\Users\micha\Downloads\pathCZ (2).rar
2018-08-11 15:09 - 2018-08-11 16:25 - 000000000 ____D C:\Users\micha\AppData\Roaming\Awesomium
2018-08-11 14:02 - 2018-08-11 14:03 - 000759582 _____ C:\Users\micha\Desktop\sadsad.bmp
2018-08-11 13:59 - 2018-08-14 13:55 - 000001927 _____ C:\Users\micha\Desktop\password l2.txt
2018-08-11 13:53 - 2018-08-11 13:53 - 000002324 _____ C:\Users\Public\Desktop\Lineage II.lnk
2018-08-11 13:53 - 2018-08-11 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2018-08-11 13:51 - 2018-08-11 13:51 - 004984744 _____ (NC Interactive, LLC) C:\Users\micha\Downloads\Lineage2Installer.exe
2018-08-11 13:51 - 2018-08-11 13:51 - 004984744 _____ (NC Interactive, LLC) C:\Users\micha\Desktop\Lineage2Installer.exe
2018-08-08 18:13 - 2018-08-08 18:26 - 000187992 _____ C:\Users\micha\Desktop\FileUploader.nast
2018-08-08 18:13 - 2018-08-08 18:13 - 000000031 _____ C:\Users\micha\Desktop\FileUploader.err
2018-08-08 18:08 - 2018-08-08 18:08 - 116922017 _____ C:\Users\micha\Downloads\13_mp3_files (online-audio-converter.com).zip
2018-08-08 17:10 - 2018-08-08 17:10 - 084525502 _____ C:\Users\micha\Downloads\[2018] Supa & Engerer - Biele Noci.zip
2018-08-04 16:26 - 2018-08-04 16:35 - 160957505 _____ C:\Users\micha\Downloads\Kali - Na oko 2018.rar
2018-08-04 14:14 - 2018-08-04 14:14 - 000309708 _____ C:\Users\micha\Downloads\dhc-continus-pil (1).pdf
2018-08-04 13:26 - 2018-08-04 13:26 - 000419328 _____ C:\Users\micha\Desktop\adenky0v1 (1).exe
2018-08-04 09:25 - 2018-08-04 09:25 - 000309708 _____ C:\Users\micha\Downloads\dhc-continus-pil.pdf
2018-08-03 13:02 - 2018-08-03 13:02 - 041203627 _____ C:\Users\micha\Downloads\pathCZ (1).rar
2018-08-01 14:48 - 2018-08-01 14:48 - 000419328 _____ C:\Users\micha\Downloads\adenky0v1.exe
2018-08-01 14:47 - 2018-08-01 14:47 - 000173421 _____ C:\Users\micha\Downloads\Adenky.rar
2018-08-01 03:57 - 2018-08-01 03:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-07-31 13:53 - 2018-07-31 13:54 - 036166301 _____ C:\Users\micha\Downloads\Soulja Boy - No Sleep (2018).zip
2018-07-31 01:11 - 2018-07-31 01:13 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-30 13:16 - 2018-07-30 13:17 - 011743103 _____ C:\Users\micha\Downloads\100KaAmbrosiaSystem.rar
2018-07-30 13:15 - 2018-07-30 13:16 - 041203627 _____ C:\Users\micha\Downloads\pathCZ.rar
2018-07-28 20:33 - 2018-07-28 20:38 - 007417040 _____ (Malwarebytes) C:\Users\micha\Downloads\adwcleaner_7.2.2.exe
2018-07-28 19:09 - 2018-07-28 19:09 - 000001181 _____ C:\Users\micha\Desktop\100ka.lnk
2018-07-28 16:28 - 2011-02-17 17:28 - 000001174 _____ C:\fear2.bmp
2018-07-28 16:28 - 2011-02-17 17:27 - 000001270 _____ C:\fear1.bmp
2018-07-28 16:28 - 2011-02-14 17:46 - 000001270 _____ C:\epic1.bmp
2018-07-28 16:28 - 2011-02-14 17:46 - 000001174 _____ C:\epic2.bmp
2018-07-28 16:26 - 2018-07-28 16:26 - 000018602 _____ C:\Users\micha\Downloads\Cresty-pro-Zabu.rar
2018-07-28 15:02 - 2018-07-28 15:03 - 042913111 _____ C:\Users\micha\Downloads\path.rar
2018-07-27 16:21 - 2018-07-27 16:26 - 094222915 _____ C:\Users\micha\Downloads\Sheen & Jickson - Grál (2018).rar
2018-07-27 11:36 - 2018-07-27 11:36 - 000120108 _____ C:\Users\micha\Downloads\funcaptcha_audio_2135b5ae7afd17af2.7173914805-8118.wav
2018-07-26 14:29 - 2018-07-26 14:34 - 546716797 _____ C:\Users\micha\Downloads\warland.zip
2018-07-26 14:16 - 2018-07-26 14:16 - 026849287 _____ C:\Users\micha\Downloads\systeml2elixirLIVE.rar
2018-07-25 17:51 - 2018-07-25 17:57 - 266606766 _____ C:\Users\micha\Downloads\L2_RELOAD_V1.4.rar
2018-07-25 16:23 - 2018-08-12 21:24 - 000000000 ____D C:\Users\micha\Desktop\Multi Function - SOUND 2017
2018-07-25 16:22 - 2018-07-25 16:23 - 034314491 _____ C:\Users\micha\Downloads\Multi Function - SOUND 2017.rar
2018-07-25 15:31 - 2018-07-25 15:31 - 033144770 _____ C:\Users\micha\Downloads\Denzel Curry - TA13OO Act 1 (2018).zip
2018-07-24 21:20 - 2018-07-24 21:20 - 000015747 _____ C:\Users\micha\Downloads\[CzT]Ztracen_v_dzungli_Jungle_2017_CZ_.torrent
2018-07-24 19:20 - 2018-07-24 19:23 - 000000000 ____D C:\Users\micha\Desktop\Zlá krev
2018-07-24 19:18 - 2018-07-24 19:18 - 000159409 _____ C:\Users\micha\Downloads\[CzT]Zla_krev_1986_CZ_.torrent
2018-07-18 18:25 - 2018-07-18 18:25 - 000015876 _____ C:\Users\micha\Downloads\[CzT]Tomb_Raider_2018_CZ_.torrent
2018-07-17 13:54 - 2018-07-17 13:54 - 000001030 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2018-07-17 13:54 - 2018-07-17 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2018-07-17 13:51 - 2018-07-26 19:39 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-07-17 13:51 - 2018-07-17 13:51 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2018-07-17 13:49 - 2018-07-31 14:43 - 000000000 ____D C:\Users\micha\AppData\Local\Battle.net
2018-07-17 13:49 - 2018-07-17 13:51 - 000000000 ____D C:\Users\micha\AppData\Roaming\Battle.net
2018-07-17 13:49 - 2018-07-17 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-07-17 13:48 - 2018-07-31 14:42 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-07-17 13:47 - 2018-07-17 13:47 - 000000000 ____D C:\Users\micha\AppData\Local\Blizzard
2018-07-17 13:46 - 2018-07-17 13:47 - 004702704 _____ (Blizzard Entertainment) C:\Users\micha\Downloads\World-of-Warcraft-Setup.exe
2018-07-17 13:14 - 2018-07-17 13:14 - 000000222 _____ C:\Users\micha\Desktop\Black Desert Online.url
2018-07-17 12:30 - 2018-07-17 12:32 - 214833697 _____ C:\Users\micha\Downloads\Wiz Khalifa - Rolling Papers 2 (2018) (1).zip
2018-07-17 09:28 - 2018-07-17 09:28 - 000022753 _____ C:\Users\micha\Downloads\[CzT]Thor_Ragnarok_2017_CZ_EN_1080pHD_.torrent
2018-07-16 22:14 - 2018-07-16 22:14 - 000072056 _____ C:\Users\micha\Downloads\[CzT]Tomb_Raider_2018_CZ_EN_1080pHD_ (1).torrent
2018-07-16 18:33 - 2018-07-16 18:33 - 000000000 ___HD C:\Users\Public\Shared Files
2018-07-16 18:27 - 2018-07-16 18:27 - 000000000 ____D C:\Users\micha\AppData\Local\FortniteGame
2018-07-16 17:54 - 2018-07-16 17:54 - 000010236 _____ C:\Users\micha\Downloads\[CzT]Jumanji_Vitejte_v_dzungli_Jumanji_Welcome_to_the_Jungle_2017_CZ_.torrent
2018-07-16 17:38 - 2018-07-16 17:38 - 000072056 _____ C:\Users\micha\Downloads\[CzT]Tomb_Raider_2018_CZ_EN_1080pHD_.torrent
2018-07-16 17:20 - 2018-07-16 17:20 - 000000000 ____D C:\Program Files\Epic Games
2018-07-16 17:12 - 2018-07-16 17:12 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngineLauncher
2018-07-16 17:12 - 2018-07-16 17:12 - 000000000 ____D C:\Users\micha\AppData\Local\EpicGamesLauncher
2018-07-16 17:10 - 2018-07-16 17:15 - 000000000 ____D C:\ProgramData\Epic
2018-07-16 17:10 - 2018-07-16 17:10 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-07-16 17:10 - 2018-07-16 17:10 - 000001258 _____ C:\Users\Public\Desktop\FORTNITE.lnk
2018-07-16 17:09 - 2018-07-16 17:09 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-07-16 17:07 - 2018-07-16 17:08 - 032362496 _____ C:\Users\micha\Downloads\EpicInstaller-7.9.2-fortnite-dcbc36143fca4e51b51272f933f76445.msi
2018-07-16 10:44 - 2018-07-16 10:44 - 053868664 _____ C:\Users\micha\Downloads\torbrowser-install-7.5.6_en-US.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 13:54 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-14 13:51 - 2017-05-26 17:07 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-14 13:44 - 2017-05-26 15:55 - 000000000 __SHD C:\Users\micha\IntelGraphicsProfiles
2018-08-14 13:43 - 2018-05-17 01:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-14 13:43 - 2018-01-15 19:04 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-08-14 13:43 - 2017-08-17 03:36 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-14 13:42 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-14 13:34 - 2018-05-17 00:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-12 23:44 - 2018-05-17 01:01 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2098420633-2728263080-367330404-1001
2018-08-12 23:44 - 2018-05-17 00:34 - 000002394 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-12 23:44 - 2017-05-26 15:59 - 000000000 ___RD C:\Users\micha\OneDrive
2018-08-12 01:00 - 2018-05-17 00:49 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-12 01:00 - 2018-04-12 17:50 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2018-08-12 01:00 - 2018-04-12 17:50 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2018-08-12 01:00 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-12 00:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-12 00:52 - 2018-05-17 00:34 - 000000000 ____D C:\Users\micha
2018-08-11 16:23 - 2018-05-30 00:27 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2018-08-11 13:53 - 2017-05-29 13:09 - 000000000 ____D C:\Program Files (x86)\NCSOFT
2018-08-11 13:53 - 2017-03-01 14:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-11 13:52 - 2017-05-29 14:49 - 000000000 ____D C:\Program Files (x86)\NCWest
2018-08-11 13:52 - 2017-05-29 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2018-08-10 22:13 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-08 18:14 - 2017-05-27 11:54 - 000000000 ____D C:\Users\micha\AppData\Roaming\AIMP
2018-08-02 17:12 - 2018-07-11 15:02 - 000000000 ____D C:\ProgramData\Packages
2018-08-01 03:57 - 2017-03-01 13:56 - 000002566 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-01 03:57 - 2017-03-01 13:56 - 000002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-01 03:57 - 2017-03-01 13:56 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-01 03:57 - 2017-03-01 13:56 - 000002532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-01 03:57 - 2017-03-01 13:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-31 18:11 - 2018-07-03 20:31 - 000000000 ____D C:\Users\micha\AppData\Roaming\Mp3tag
2018-07-31 01:26 - 2017-05-27 10:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\DAEMON Tools Lite
2018-07-31 01:25 - 2018-05-14 17:46 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-31 01:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-31 01:25 - 2017-05-27 13:03 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2018-07-26 14:17 - 2018-05-23 15:52 - 000571824 ____N C:\WINDOWS\system32\Drivers\smrtkrnl.sys
2018-07-24 21:30 - 2017-05-27 00:53 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2018-07-19 09:59 - 2018-06-17 01:06 - 000000000 ____D C:\Program Files\CCleaner
2018-07-18 22:38 - 2017-06-02 00:47 - 000000000 ____D C:\Users\micha\AppData\Roaming\vlc
2018-07-18 00:21 - 2017-05-30 16:41 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2018-07-16 18:33 - 2018-04-12 01:38 - 000000000 __SHD C:\Users\Public\Libraries
2018-07-16 18:33 - 2017-03-01 14:52 - 000000000 ___HD C:\Intel
2018-07-16 18:27 - 2018-03-02 15:57 - 000000000 ____D C:\Users\micha\AppData\Roaming\EasyAntiCheat
2018-07-16 18:27 - 2018-01-22 00:34 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngine
2018-07-16 17:13 - 2017-03-01 14:46 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-16 11:38 - 2018-03-05 09:25 - 000000000 ____D C:\Users\micha\AppData\LocalLow\Mozilla
2018-07-16 10:53 - 2018-05-25 13:55 - 000000917 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk

==================== Files in the root of some directories =======

2017-09-17 12:05 - 2017-09-17 12:05 - 000000073 _____ () C:\Users\micha\dlnk.bat
2018-08-14 13:51 - 2018-08-14 13:52 - 000029696 _____ () C:\Users\micha\AppData\Local\MSGBOX.EXE
2017-10-27 10:56 - 2017-10-27 10:56 - 000014288 _____ () C:\Users\micha\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-17 00:23

==================== End of FRST.txt ============================
PERGL

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Kontrola logu

#3 Příspěvek od PacandaMilan »

Addition.txt

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by micha (14-08-2018 13:56:40)
Running from C:\Users\micha\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-16 23:03:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2098420633-2728263080-367330404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2098420633-2728263080-367330404-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2098420633-2728263080-367330404-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2098420633-2728263080-367330404-501 - Limited - Disabled)
micha (S-1-5-21-2098420633-2728263080-367330404-1001 - Administrator - Enabled) => C:\Users\micha
WDAGUtilityAccount (S-1-5-21-2098420633-2728263080-367330404-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1895, 07.05.2017 - AIMP DevTeam)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.54 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703900}) (Version: 3.9.0.0 - Betternet Technologies Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.0.0337 - Disc Soft Ltd)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
iTunes (HKLM\...\{30771861-1BBF-4BE2-8CD2-FB282C58C3ED}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{6FEDADF5-40EC-4E18-A376-0FDBACE65338}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mp3tag v2.88a (HKLM-x32\...\Mp3tag) (Version: 2.88a - Florian Heidenreich)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA Ovladač 3D Vision 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.54 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
OpenVPN 2.3.12-I602  (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.16.49299 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.54 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - Intel Corporation Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-05-27] (AIMP DevTeam)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-05-31] (Florian Heidenreich)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-01-12] (Disc Soft Ltd)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-05-31] (Florian Heidenreich)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-01-12] (Disc Soft Ltd)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-05-27] (AIMP DevTeam)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-05-31] (Florian Heidenreich)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxDTCM.dll [2017-11-21] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-02] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021459C8-F5C1-47FD-8FAC-9EE50273BED2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {060E840E-652E-406A-9F0E-63A4D58343E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {096C44B3-7F97-4D4C-8F9C-EC7BC948B59D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-14] (Intel(R) Corporation)
Task: {0A38F2AF-53B4-440F-95F1-0871D6B14DD2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {17B606C4-C16B-49EA-BD4B-4D0B1B4F444B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {222AA0C0-EEC8-406C-B45A-2A5E0B1E5139} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {33C15DBA-7D4E-4F4B-ACE9-345F602C9195} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {34AAA9DC-306D-475B-8BED-403B2AD25A0C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {3F895732-BFA7-46FE-B2D3-9E9B59702462} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {52C9A097-442C-4F20-BA67-A7ED814F9DEE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {68351260-DE73-40E1-9801-DD873AAA23A5} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {697243EB-DC7F-4E2F-9024-0E26F3BB17C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {8570AA56-975A-445F-AF9D-9F5DDD834EF2} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {903DF1BB-1889-4CD9-8B85-DE0C547A6C25} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {91887464-37FA-4AF4-83B0-999DD6DDB00B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {A6D29657-41A7-408B-A0FA-86F72FE3378C} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {AC4597FA-D141-4008-AA47-3D29826A286A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {B3BB94D7-9D74-48D6-BC02-FD080487606B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {B5179B98-8D80-403D-818B-875DA519764F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {BF79C079-D05C-4EEF-9164-26371CF74F59} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {D0330CDC-DAB8-418B-A6B0-93C5D8783924} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {DA159048-4467-43C1-A3DE-81821F46E062} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f3d8dacd-0887-45b2-885c-f8d1a0ff584c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {EE6D67E7-6DE1-4BDD-99F0-C9A06C8ABEF8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\17778c4e-d050-488c-9612-7e719defb026 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F479144A-7A0C-4513-B8EF-61FCC6ED2C43} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\119ed1cc-70be-4252-ad72-302191db502e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F551C8D3-0C44-4AF8-9ABC-1438D61642E6} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-31] (Microsoft Corporation)
Task: {F7779867-8658-4D7F-8D31-E364287BBC9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {F920C529-A92F-40FB-BA61-0C579E735345} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [2017-04-28] (Lenovo(beijing) Limited)
Task: {FA032EC7-D116-4169-8D8B-241BDA0185D3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7117b6ed-31b7-4c2a-b92d-5920fe7c1288 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-18 06:00 - 2016-10-18 06:00 - 000107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll
2016-10-18 06:00 - 2016-10-18 06:00 - 000412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-11-02 03:18 - 2016-11-02 03:18 - 000253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll
2018-07-11 15:01 - 2018-07-11 15:01 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-08-10 22:12 - 2018-08-10 22:13 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-10 22:12 - 2018-08-10 22:13 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-10 22:12 - 2018-08-10 22:13 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-10 22:12 - 2018-08-10 22:13 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-05-29 17:07 - 2017-04-28 19:08 - 000755040 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x64\resPic.dll
2016-06-24 02:33 - 2016-06-24 02:33 - 000829632 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2018-07-16 17:12 - 2018-07-16 17:12 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-07-16 17:12 - 2018-07-16 17:12 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-07-16 17:12 - 2018-07-16 17:12 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 14:31 - 2018-07-06 08:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-19 05:02 - 2016-09-19 05:02 - 000163336 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2017-11-16 03:13 - 2017-11-10 11:57 - 002871640 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libglesv2.dll
2017-11-16 03:13 - 2017-11-10 11:57 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libegl.dll
2017-05-29 17:07 - 2017-04-28 19:08 - 001896800 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderApi.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-11-09 05:40 - 2016-11-09 05:40 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\jwHbJZA.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "Bloody2"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E704FD14-8CC6-43D6-8FB6-E8C8425244E3}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [TCP Query User{74746FA3-7E11-4FC3-941E-596C1EA710AE}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [UDP Query User{D14E7823-04B9-4475-B92A-363C04C63EF8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [TCP Query User{16A64D5D-AF31-45F9-87BB-79673A1EEF29}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [{C96EB0A3-118C-439E-908D-5E6883322610}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C27942F9-F531-40D9-AD2D-1C0FAAB204B2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [{243F4518-E32E-430A-A478-2F6F645E507B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99DB115B-5396-4008-839A-F9D505D668D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12270E1D-4E4F-4790-AA02-A2F01B84D47A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F89D550-1153-4BF9-8CA0-A1A039DF5795}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A13776D-31DC-4ACC-9BEC-8F1EC76E01BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F04142BA-BC5E-4434-B2A2-99170F963E61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CB3D77A9-39CF-49A8-9A14-611FED22B7A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FFD657E6-070E-42B9-AB43-C28DB913DD02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{B062530A-373D-4B00-9769-CE668D092732}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{ACB4B6A3-56B4-4C5A-A5E0-D84C2133443B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2017\PES2017.exe
FirewallRules: [{BC2910FA-F43B-442D-80A2-9B48D7370F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2017\PES2017.exe
FirewallRules: [UDP Query User{12E584B6-E057-4E2C-A598-BD58955FF476}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C99FAA42-8E2E-4526-9971-0DEF72040A17}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4186074D-33F3-4562-9AB6-CC0C7A71F381}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B10CB0A-FF55-44DB-A0F7-1C5A8DC6042C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9C208666-E0DE-470F-86FA-00BE90A3A55A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D67DC3D3-96BA-48B9-B214-0C7E31837161}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC426318-EB86-45C3-883D-ADF3269505DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C9F9E622-038F-4025-9E6A-22C4BD69DC2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{B2D82A4F-D4F7-424F-B219-77C6351FF57D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{33F1DC30-D16E-4858-87E0-A05A96411EAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{EE1D13F5-B4A2-410F-94B7-63E64C29C7D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{7B30B731-EB71-4911-9194-7A2AAD3FBB32}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{92FE1030-B834-44D9-B620-95531EC9B2A9}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{0513D0EB-9189-49AE-B57B-00478EE24FED}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{988969C4-BED2-48E2-8C1F-74B9620B9887}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1E2B78C3-846D-4066-ADE2-22A42F89BD9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MorphVOX Pro\MorphVOXPro.exe
FirewallRules: [{E8FB5825-8D80-4C5A-82F9-3D70E5698F32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MorphVOX Pro\MorphVOXPro.exe
FirewallRules: [TCP Query User{E6DE67ED-A4B6-492F-8663-ED6451CA7FFC}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{85270FF2-181F-4970-8123-2AF8DBD47728}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{139ED651-3109-4031-856C-BEC4438ED90E}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B9DC369C-E660-4180-958F-B964525846C7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{83515C7E-A950-41C6-9063-D49DAEF2DDC5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{28C882D3-9345-41A9-83D3-10B8DF4548EB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{A91DAC19-DFA8-4FEC-9E01-8BF0E92031AB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C2397AFC-647F-47FF-88BC-043D69B4A960}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [{B11FF173-124C-4AE2-B934-D8BD75A3987A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\steam_launcher.exe
FirewallRules: [{56BC3E54-FB78-4E53-B7AE-E34DEF67EB99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\steam_launcher.exe
FirewallRules: [{12EAA0D0-85C5-4F1A-8742-F3FBD5FB57F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\config.exe
FirewallRules: [{37231DC6-3C4F-413E-BF89-585E9CCAF78C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\config.exe
FirewallRules: [TCP Query User{C56EBC5B-BE08-4B8B-B82F-7F3D7E696CC8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{32F88B5A-E11F-42CD-ACE7-B4D9AA36927F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [TCP Query User{68F072B9-718B-41A2-A3F8-3BFDC90F7922}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [UDP Query User{0D3BA90D-5080-4CEA-AEA1-E39A1BE04823}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2CD5601E-443D-4FE8-B974-8CF7AC7F3F56}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{173A1D9B-2AE3-41A2-B71D-EF6B9963E455}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe

==================== Restore Points =========================

31-07-2018 09:54:36 Naplánovaný kontrolní bod
09-08-2018 21:12:00 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-M9MKBN0R.local already in use; will try LAPTOP-M9MKBN0R-2.local instead

Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 LAPTOP-M9MKBN0R.local. Addr 10.0.0.1

Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353   16 LAPTOP-M9MKBN0R.local. AAAA 2A00:1028:83A0:439E:4D11:5E12:DEDF:0911

Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 LAPTOP-M9MKBN0R.local. AAAA FE80:0000:0000:0000:4D11:5E12:DEDF:0911

Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353   16 LAPTOP-M9MKBN0R.local. AAAA 2A00:1028:83A0:439E:4D11:5E12:DEDF:0911

Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 LAPTOP-M9MKBN0R.local. Addr 10.0.0.1

Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353   16 LAPTOP-M9MKBN0R.local. AAAA 2A00:1028:83A0:439E:4D11:5E12:DEDF:0911

Error: (08/12/2018 08:16:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program l2.bin verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 316c

Čas spuštění: 01d43231cdedaea4

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Hry\Lineage II C6\system\l2.bin

ID hlášení: 18341cd4-bf8e-42cb-b962-c2036232f26c

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:


System errors:
=============
Error: (08/14/2018 01:53:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/14/2018 01:51:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/14/2018 01:49:34 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-M9MKBN0R)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli LAPTOP-M9MKBN0R\micha (SID: S-1-5-21-2098420633-2728263080-367330404-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/14/2018 01:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscBrokerManager
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/14/2018 01:47:20 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-M9MKBN0R)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli LAPTOP-M9MKBN0R\micha (SID: S-1-5-21-2098420633-2728263080-367330404-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/14/2018 01:44:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby: 
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (08/14/2018 01:44:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby FontCache3.0.0.0 bylo dosaženo časového limitu (30000 ms).

Error: (08/14/2018 01:42:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba GameRecorderSVC byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================

Date: 2018-08-07 10:48:40.179
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-02 01:29:11.298
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 08:00:12.317
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-16 17:17:24.895
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-06 12:15:39.622
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-05 12:13:53.337
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-01 19:45:17.649
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-17 00:53:10.297
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 8067.16 MB
Available physical RAM: 4896.19 MB
Total Virtual: 11139.16 MB
Available Virtual: 7046.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:199.47 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS

\\?\Volume{cd5721fe-09d1-484a-ad12-acaa4840104b}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.55 GB) NTFS
\\?\Volume{811d9115-b361-4b5d-b80f-1cae0ecf1d1b}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E9306BA6)

Partition: GPT.

==================== End of Addition.txt ============================
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu

#4 Příspěvek od Rudy »

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0A38F2AF-53B4-440F-95F1-0871D6B14DD2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {697243EB-DC7F-4E2F-9024-0E26F3BB17C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {F7779867-8658-4D7F-8D31-E364287BBC9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> DefaultScope {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Kontrola logu

#5 Příspěvek od PacandaMilan »

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by micha (14-08-2018 16:20:08) Run:2
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: defaultuser0 & micha)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0A38F2AF-53B4-440F-95F1-0871D6B14DD2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {697243EB-DC7F-4E2F-9024-0E26F3BB17C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {F7779867-8658-4D7F-8D31-E364287BBC9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> DefaultScope {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A38F2AF-53B4-440F-95F1-0871D6B14DD2} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{697243EB-DC7F-4E2F-9024-0E26F3BB17C5} => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7779867-8658-4D7F-8D31-E364287BBC9F} => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-2098420633-2728263080-367330404-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} => not found
HKLM\Software\Classes\CLSID\{B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8441974 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -1272 B
Edge => 3584 B
Chrome => 8475998 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
micha => 54622 B

RecycleBin => 0 B
EmptyTemp: => 25.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:20:19 ====
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu

#6 Příspěvek od Rudy »

Smazáno. Log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
PacandaMilan
Návštěvník
Návštěvník
Příspěvky: 171
Registrován: 04 úno 2011 19:55
Bydliště: Znojmo

Re: Kontrola logu

#7 Příspěvek od PacandaMilan »

Děkuji ! :closed:
PERGL

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu

#8 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět