Uniklé osobní údaje

[Joe]

Dobrý den,

mohl bych poprosit o kontrolu logu? V nedávné době se mi dostali na veřejnost bankovní údaje karty a chtěl bych jen ověřit, jestli se tak nestalo vlivem nějakého zavlečeného malwaru.

Děkuji moc za pomoc,

Joe

Soubory dávám v příloze

[Conder]

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[Joe]

Hotovo, tady je log. Tak to nevypadá, že bych měl nějaký trojan na pozadí.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.0.0
# -------------------------------
# Build: 11-21-2019
# Database: 2019-11-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-08-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1433 octets] - [08/12/2019 18:22:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Conder]

Pardon za zdrzanie. Poprosim o obidva nove logy z FRST.

[Joe]

Nic se neděje. Zas vyloženě to nespěchá.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2019
Ran by Jan (administrator) on MSI (Micro-Star International Co., Ltd. GS73VR 7RF) (10-12-2019 17:52:44)
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available Profiles: Jan)
Platform: Windows 10 Home Version 1809 17763.864 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
(A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(A-Volute -> Nahimic) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(MAGIX AG) [File not signed] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(MDL Forum, mod by Ratiborus) [File not signed] C:\ProgramData\KMSAuto\bin\KMSSS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\65.0.3467.62\opera_crashreporter.exe
(PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3366624 2017-05-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [734392 2017-08-18] (A-Volute -> Nahimic)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230312 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [229080 2019-11-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\...\MountPoints2: {5c1f6c18-a13e-11e8-b47e-9cb6d01b2f58} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2019-10-05]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2018-10-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0539458F-208F-4B40-B273-3B6F22513AB3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-19] (Adobe Inc. -> Adobe)
Task: {1A1F8863-8860-4210-8547-52C3511D6F39} - System32\Tasks\Nahimic2svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe [4412088 2017-08-18] (A-Volute -> )
Task: {1B66DA3A-6140-4F0B-875D-73E708841B4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-09] (Google Inc -> Google Inc.)
Task: {1BFDC1FA-BD12-455A-90D9-C86657593C19} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [5046784 2019-12-04] () [File not signed]
Task: {1DE7E2EF-38B1-41F4-B495-38AFBCE2320D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {20B51936-569B-4CD5-A82D-39482B4C4BE3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2175FC13-8C03-4E93-A4BE-79024CD8106A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-09] (Google Inc -> Google Inc.)
Task: {28AFA186-32AF-4FCC-AF98-8330AA917837} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2AB56F3C-E5E8-4109-A7F5-94C30B66F8F3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {32DA5EE1-9EAB-47E0-AD82-CD3DB6C01730} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2015968 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {37979FCA-4AF9-4FB0-89CB-D003A91DEC2A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {37DE3B55-2F3B-418E-95F4-D117C51BE7B3} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [431384 2017-07-25] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
Task: {3B48EE20-E80F-4879-B094-C234D35496AB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3EA36976-C0E1-4756-8EED-C728A35CEE53} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
Task: {4F9AAF31-C6FF-496B-9F4A-2777EDDFD5B9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5A462DAF-7613-4A14-B2BB-C8F7C5293906} - System32\Tasks\Opera scheduled Autoupdate 1502455025 => C:\Program Files\Opera\launcher.exe [1528344 2019-12-04] (Opera Software AS -> Opera Software)
Task: {5DBB978F-A1DD-4E67-93D6-0F1046000406} - System32\Tasks\Nahimic2svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe [520376 2017-08-18] (A-Volute -> )
Task: {6CE420CB-AED2-422E-AC96-38ACDA78AF85} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {720F5910-1EBA-4631-B2E1-33CD0BB9D9A9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-19] (Adobe Inc. -> Adobe)
Task: {9B4AE754-75A5-4EF6-84A8-C2D67D0A0DE5} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {9E786E16-EDD7-4ECF-A0ED-9D6B6492AA8F} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [734392 2017-08-18] (A-Volute -> Nahimic)
Task: {A089BB1A-8CE6-4736-B8FB-8BD5BA52C230} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A244E7FC-92A5-4441-86B2-AED18A7AFA49} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A35B4EC8-DC61-484F-957F-A3570EA0379D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {B18C7A2C-9C95-4968-80ED-6AF002105EB8} - System32\Tasks\AdobeAAMUpdater-1.0-MSI-Jan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B37856D4-503E-4023-BFD7-3D1CA77AD0D3} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6455064 2017-11-21] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
Task: {BCA77883-578F-4D22-A842-678E616CE3EE} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2757672 2019-11-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {C4CD8D02-BC89-490A-9A02-E37FB9C1AA02} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2431304 2019-11-19] (Overwolf Ltd -> Overwolf LTD)
Task: {C56AEA7A-E260-4AC4-A813-CA766FC71701} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [222944 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {D3457876-7B6C-4F0C-AB82-51C259EDC6C9} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe [148248 2018-01-18] (Johannes Schindelin -> The Git Development Community)
Task: {D8112C22-32C3-48B8-8431-656FD3856343} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [222944 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {DB8A013F-31D3-4C75-95D2-6C8FA30C27B6} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {DE309B9E-6D1E-4673-A410-A26F7FCDE6B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-12] (Piriform Ltd -> Piriform Ltd)
Task: {EC7F075D-B03C-48BD-9FF4-CDE167386F18} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECBCD7A0-BDE0-4669-854F-8034E9865ECF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F4B071D0-F7FB-4636-87D8-F36B27CA3C30} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [275256 2016-06-22] (Micro-Star International CO., LTD. -> Application) [File not signed]
Task: {F931DE80-359E-4F0E-B1D3-A151BC8C1524} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.11
Tcpip\..\Interfaces\{1a0ea6b4-dc39-4b57-af6c-ad9675103c47}: [DhcpNameServer] 192.168.1.11
Tcpip\..\Interfaces\{ebdf0324-493f-4853-9740-1e1b1c3464b1}: [DhcpNameServer] 89.239.24.34 89.239.24.2

Internet Explorer:
==================
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-981506708-2838147557-1008053113-1001 -> DefaultScope {00CA61B6-0A1B-4919-B9BD-2F673E81B415} URL =
SearchScopes: HKU\S-1-5-21-981506708-2838147557-1008053113-1001 -> {00CA61B6-0A1B-4919-B9BD-2F673E81B415} URL =
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-11-01] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: xu2fpcj6.default
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xu2fpcj6.default [2019-12-10]
FF Extension: (Telemetry coverage) - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xu2fpcj6.default\features\{2f63b28c-7193-4518-a6ab-ad89ff9d1e14}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-12-16] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default [2019-12-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-02]
CHR Extension: (Chrome Media Router) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR DownloadDir: D:\Staženo
OPR Notifications: hxxps://220.lv
OPR Extension: (Speed Translate) - C:\Users\Jan\AppData\Roaming\Opera Software\Opera Stable\Extensions\jggobmlojchhlngdhmmdghgganciigof [2019-12-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1210168 2019-12-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [535352 2019-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484768 2019-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484768 2019-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [567872 2019-11-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [591264 2019-11-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-07-03] (Disc Soft Ltd -> Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144096 2017-05-04] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-06] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2483376 2018-06-15] (Rivet Networks LLC -> Rivet Networks)
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
R2 Micro Star SCM; C:\Windows\SysWoW64\MSIService.exe [160768 2009-07-10] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [61880 2017-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2431304 2019-11-19] (Overwolf Ltd -> Overwolf LTD)
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
R2 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99560 2019-10-21] (ProtonVPN AG -> )
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [694016 2019-09-03] (Oracle Corporation -> Oracle Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72880 2018-06-15] (Rivet Networks LLC -> CloudBees, Inc.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72888 2018-06-15] (Rivet Networks LLC -> CloudBees, Inc.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [207784 2019-12-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [197176 2019-09-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-08-11] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-08-11] (Disc Soft Ltd -> Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31824 2017-05-04] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [150184 2018-06-15] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_46205307ba527f6f\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-06-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPNSplitTunnelCalloutDriver; C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\win10\ProtonVPNSplitTunnelCalloutDriver.Sys [48664 2019-09-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-11-22] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46776 2019-05-24] (SteelSeries ApS -> )
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [47824 2019-05-24] (SteelSeries ApS -> SteelSeries ApS)
R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [41104 2019-08-29] (SteelSeries ApS -> )
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [44976 2019-09-13] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237376 2019-09-03] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [248464 2019-09-03] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [175248 2019-09-03] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] (Micro-Star Int'l Co. Ltd. -> )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-09 20:53 - 2019-12-09 20:53 - 000011122 _____ C:\Users\Jan\Desktop\Data.xlsx
2019-12-09 18:45 - 2018-03-20 18:57 - 000001642 _____ C:\Users\Jan\Desktop\Git CMD.lnk
2019-12-09 18:38 - 2019-12-09 20:51 - 000000402 _____ C:\Users\Jan\Desktop\replacer.py
2019-12-09 18:37 - 2019-12-09 20:50 - 000002075 _____ C:\Users\Jan\Desktop\original.txt
2019-12-08 18:19 - 2019-12-08 18:23 - 000000000 ____D C:\AdwCleaner
2019-12-08 18:19 - 2019-12-08 18:19 - 008218800 _____ (Malwarebytes) C:\Users\Jan\Desktop\adwcleaner_8.0.0.exe
2019-12-08 14:25 - 2019-12-08 14:25 - 000028552 _____ C:\Users\Jan\Desktop\Logy-Joe.rar
2019-12-08 14:03 - 2019-12-10 17:53 - 000037932 _____ C:\Users\Jan\Desktop\FRST.txt
2019-12-08 14:03 - 2019-12-10 17:53 - 000000000 ____D C:\FRST
2019-12-08 14:02 - 2019-12-08 14:02 - 002263552 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2019-12-05 00:44 - 2019-12-05 00:44 - 000000000 ____D C:\ProgramData\KMSAuto
2019-12-05 00:39 - 2019-12-05 00:46 - 000000000 ____D C:\Users\Jan\AppData\Local\MSfree Inc
2019-12-04 17:34 - 2019-12-10 17:50 - 000003808 _____ C:\WINDOWS\system32\Tasks\AutoKMS
2019-12-04 17:34 - 2019-12-04 20:29 - 000000000 ____D C:\WINDOWS\AutoKMS
2019-12-04 17:32 - 2019-12-04 17:32 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2019-12-04 16:14 - 2019-12-04 16:48 - 000000000 ____D C:\Users\Jan\AppData\Local\ProtonVPN
2019-12-04 16:14 - 2019-12-04 16:14 - 000000000 ____D C:\ProgramData\ProtonVPN
2019-12-04 16:13 - 2019-12-04 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2019-12-04 16:13 - 2019-12-04 16:13 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2019-12-04 00:24 - 2019-12-04 00:24 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign12b36f12deded2f8
2019-12-04 00:23 - 2019-12-04 00:23 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsigneb4f33bf78b76da7
2019-12-03 23:56 - 2019-12-03 23:56 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignc7879d5303654c7a
2019-12-03 23:55 - 2019-12-03 23:55 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign7fc209986b10967a
2019-12-01 17:29 - 2019-12-01 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-12-01 17:29 - 2019-12-01 17:29 - 000000000 ____D C:\Program Files\qBittorrent
2019-11-23 21:35 - 2019-11-23 21:35 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignf6efff9bfe30e4d1
2019-11-23 21:35 - 2019-11-23 21:35 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign773389efaf87e5b2
2019-11-23 18:15 - 2019-11-23 18:15 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign23b822e9b7607e9c
2019-11-23 18:13 - 2019-11-23 18:13 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign72d0563109854502
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign15023cb991346b9e
2019-11-23 18:10 - 2019-11-23 18:10 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignfc86bb03bc72a446
2019-11-23 18:10 - 2019-11-23 18:10 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsigndc73eb148add0dca
2019-11-19 00:30 - 2019-11-19 00:30 - 023455232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 022137120 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 012960256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 012258816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 011724288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 009941504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 009667896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 007700696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 007656072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 006934016 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 006547896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 006318328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 005770240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 005608336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 005575168 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 005573232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 004873216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 004413936 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 004049920 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003872336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003656792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 003576832 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003496448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 003333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 003082752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002918200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 002871824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 002848768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 002699976 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002698752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002628112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002348544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002109960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001966096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 001933408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001702600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-11-19 00:30 - 2019-11-19 00:30 - 001677808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001668784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001666440 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001538560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 001486472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001473296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 001465472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001346216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-11-19 00:30 - 2019-11-19 00:30 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001294792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001267240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-11-19 00:30 - 2019-11-19 00:30 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001183504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 001180248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 001054224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 001050112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 001049608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 001022464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000888560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000862008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000856424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000811536 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000808272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000782968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000775768 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000773208 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000747536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000667664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000661264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000642560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000591160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000588816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000542320 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000536320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000520208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000514600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000509968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000505640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-11-19 00:30 - 2019-11-19 00:30 - 000473832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000465416 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000462352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000450632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000445752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000435512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000427832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000389408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000385848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000262152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-11-19 00:30 - 2019-11-19 00:30 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000198968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-11-19 00:30 - 2019-11-19 00:30 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000160272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000141736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000118480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000112168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000090632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000087080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000086840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000086744 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-11-19 00:30 - 2019-11-19 00:30 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000061480 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-11-19 00:30 - 2019-11-19 00:30 - 000023768 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000020144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-11-19 00:30 - 2019-11-19 00:30 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-10 17:51 - 2017-08-11 12:47 - 000000000 ____D C:\ProgramData\NVIDIA
2019-12-10 17:50 - 2019-09-11 14:45 - 000003206 _____ C:\WINDOWS\system32\Tasks\Nahimic2UILauncherRun
2019-12-10 17:50 - 2019-09-11 14:45 - 000003194 _____ C:\WINDOWS\system32\Tasks\Nahimic2svc64Run
2019-12-10 17:50 - 2019-09-11 14:45 - 000003186 _____ C:\WINDOWS\system32\Tasks\Nahimic2svc32Run
2019-12-10 17:49 - 2019-09-11 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-10 17:49 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-10 17:49 - 2017-08-11 10:56 - 000000000 __SHD C:\Users\Jan\IntelGraphicsProfiles
2019-12-10 16:06 - 2018-09-15 07:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-10 15:29 - 2019-09-11 14:44 - 001566398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-10 15:29 - 2018-09-15 18:32 - 000662218 _____ C:\WINDOWS\system32\perfh005.dat
2019-12-10 15:29 - 2018-09-15 18:32 - 000136852 _____ C:\WINDOWS\system32\perfc005.dat
2019-12-10 15:29 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2019-12-10 14:36 - 2017-08-11 13:36 - 000000000 ____D C:\Program Files\Opera
2019-12-10 13:58 - 2019-09-11 14:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-10 12:45 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-12-10 12:19 - 2019-09-11 14:45 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-10 02:00 - 2017-09-06 20:48 - 000000000 ____D C:\Users\Jan\AppData\Local\Adobe
2019-12-10 01:21 - 2018-01-22 21:40 - 000000000 ____D C:\Users\Jan\.atom
2019-12-09 23:53 - 2016-11-24 17:23 - 001591088 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2019-12-09 18:01 - 2017-08-11 13:30 - 000000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2019-12-08 16:32 - 2017-12-02 00:06 - 000000034 _____ C:\Users\Jan\AppData\Roaming\AdobeWLCMCache.dat
2019-12-06 22:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-06 22:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-06 22:41 - 2018-01-13 23:16 - 000207784 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2019-12-06 19:12 - 2019-09-11 14:45 - 000003934 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1502455025
2019-12-06 19:12 - 2017-08-11 13:37 - 000001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2019-12-06 04:03 - 2019-08-01 13:14 - 000000000 ____D C:\Users\Jan\AppData\Roaming\qBittorrent
2019-12-06 00:23 - 2017-10-20 16:23 - 000000000 ____D C:\Program Files (x86)\Overwolf
2019-12-05 01:49 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-12-04 18:20 - 2017-08-11 14:20 - 000000000 ____D C:\Users\Jan\AppData\Local\Microsoft Help
2019-12-03 17:55 - 2019-09-11 14:40 - 000000000 ____D C:\Users\Jan
2019-12-02 18:38 - 2017-11-24 20:37 - 000000000 ____D C:\Users\Jan\AppData\Local\Packages
2019-11-27 22:12 - 2017-08-11 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-11-27 22:12 - 2016-11-24 17:21 - 000000000 ____D C:\ProgramData\Package Cache
2019-11-25 00:50 - 2019-09-11 14:45 - 000003350 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-981506708-2838147557-1008053113-1001
2019-11-25 00:50 - 2019-09-11 14:40 - 000002362 _____ C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-25 00:50 - 2017-08-11 10:58 - 000000000 ___RD C:\Users\Jan\OneDrive
2019-11-22 01:27 - 2017-12-04 19:46 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-20 04:07 - 2017-11-24 20:57 - 000000000 ___RD C:\Users\Jan\3D Objects
2019-11-20 04:07 - 2016-07-30 18:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-11-20 04:06 - 2019-09-11 14:39 - 005402520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-11-20 04:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-11-20 04:05 - 2018-09-15 07:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-11-19 00:34 - 2017-08-11 16:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-11-19 00:31 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-19 00:31 - 2017-08-11 16:09 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-11-19 00:23 - 2018-04-12 13:28 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-11-19 00:22 - 2019-09-11 14:45 - 000004638 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-11-19 00:22 - 2019-09-11 14:45 - 000004506 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2019-11-19 00:22 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-11-19 00:22 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories ========

2017-11-28 16:35 - 2017-11-28 16:37 - 000000132 _____ () C:\Users\Jan\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2017-11-28 16:37 - 2017-11-28 16:41 - 000000132 _____ () C:\Users\Jan\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2017-12-02 00:06 - 2019-12-08 16:32 - 000000034 _____ () C:\Users\Jan\AppData\Roaming\AdobeWLCMCache.dat
2018-10-05 20:36 - 2019-11-07 00:34 - 000001456 _____ () C:\Users\Jan\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-06-06 17:32 - 2019-10-24 19:44 - 000055254 _____ () C:\Users\Jan\AppData\Local\krita.log
2019-10-24 19:44 - 2019-10-24 19:44 - 000000039 _____ () C:\Users\Jan\AppData\Local\kritadisplayrc
2019-06-06 17:32 - 2019-10-24 19:44 - 000019367 _____ () C:\Users\Jan\AppData\Local\kritarc

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by Jan (10-12-2019 17:53:57)
Running from C:\Users\Jan\Desktop
Windows 10 Home Version 1809 17763.864 (X64) (2019-09-11 13:45:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-981506708-2838147557-1008053113-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-981506708-2838147557-1008053113-503 - Limited - Disabled)
Guest (S-1-5-21-981506708-2838147557-1008053113-501 - Limited - Disabled)
Jan (S-1-5-21-981506708-2838147557-1008053113-1001 - Administrator - Enabled) => C:\Users\Jan
WDAGUtilityAccount (S-1-5-21-981506708-2838147557-1008053113-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Master Collection CC 2017 (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C4}) (Version: 10.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 37.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 37.0.0.0 - NVIDIA Corporation) Hidden
Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.3.7.1000 - Amazon Corporate LLC)
ApoDispatch Install Configurator (HKLM\...\{6866EB00-0284-4E22-A922-FDB8CF1417A8}) (Version: 2.5.1901 - Nahimic) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Atom (HKU\S-1-5-21-981506708-2838147557-1008053113-1001\...\atom) (Version: 1.41.0 - GitHub Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AudioLaunchpad Install Configurator (HKLM\...\{BE1F1025-9A77-4177-A73E-B5985159BA2D}) (Version: 2.5.1901 - Nahimic) Hidden
Avira (HKLM-x32\...\{2F177249-7B33-4501-BBC8-3091F6079B35}) (Version: 1.2.139.5840 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{8489ad9e-2c28-4aaf-97f7-d97424e9e4dc}) (Version: 1.2.139.5840 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.1912.1683 - Avira Operations GmbH & Co. KG)
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application) Hidden
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CINEMA 4D 18.057 (HKLM\...\MAXON6CD73CFE) (Version: 18.057 - MAXON Computer GmbH)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.)
ELAN Touchpad 15.13.8.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.8.2 - ELAN Microelectronic Corp.)
Evernote v. 6.16.4 (HKLM-x32\...\{69BDFB62-DE11-11E8-B2A0-005056951CAD}) (Version: 6.16.4.8094 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
GIMP 2.10.10 (HKLM\...\GIMP-2_is1) (Version: 2.10.10 - The GIMP Team)
Git version 2.16.0.2 (HKLM\...\Git_is1) (Version: 2.16.0.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.3 - Google Inc.) Hidden
HearthArena Companion (HKU\S-1-5-21-981506708-2838147557-1008053113-1001\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.1 - Overwolf app)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
CheckDevices Install Configurator (HKLM\...\{3BC29525-43CC-4801-AFC0-BDD7F821DEEF}) (Version: 2.5.1901 - Nahimic) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Krita (x64) 4.2.1 (HKLM\...\Krita_x64) (Version: 4.2.1.0 - Krita Foundation)
LauncherSetup Install (HKLM\...\{BA552061-52E9-4E9B-9CA0-069BB9FEB077}) (Version: 2.5.1901 - Nahimic) Hidden
License Support (HKLM\...\{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM\...\{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver Soundpools (HKLM\...\{CC8B6E22-F579-46A1-A9F3-985F114590F0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM\...\{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM-x32\...\MX.{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{2D98CD18-5754-4D94-B7E8-E6E11DAA56B1}) (Version: 13.0.811.168 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-981506708-2838147557-1008053113-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 67.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 67.0.1 (x64 cs)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSI Remind Manager (HKLM-x32\...\{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) Hidden
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.3.005 - Portrait Displays, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2+ Audio Driver (HKLM\...\{CDDB48F7-F54D-46A1-AD65-288F1A549319}) (Version: 2.5.1901 - Nahimic) Hidden
Nahimic 2+ Audio Driver (HKLM-x32\...\{fee1c388-06fa-497a-8692-7cd6b593aeaf}) (Version: 2.5.19 - Nahimic)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.2.189 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.1.854 - Native Instruments)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Obliteracers (HKLM-x32\...\Obliteracers_is1) (Version: - )
OpenTTD 1.8.0 (HKLM-x32\...\OpenTTD) (Version: 1.8.0 - OpenTTD)
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Opera Stable 65.0.3467.62 (HKLM-x32\...\Opera 65.0.3467.62) (Version: 65.0.3467.62 - Opera Software)
Oracle VM VirtualBox 6.0.12 (HKLM\...\{E572CA5C-A60B-4C3B-9E9E-1302BBE4DBEE}) (Version: 6.0.12 - Oracle Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.138.0.17 - Overwolf Ltd.)
Ovládací panel NVIDIA 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 418.81 - NVIDIA Corporation) Hidden
PDF Password Remover (HKLM-x32\...\{DB150C19-4A8F-4EF7-AC75-96098EACE179}) (Version: 1.0.6 - PDF Technologies)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
ProductDaemonSetup Install (HKLM\...\{32564C65-4B66-4A6C-B199-029F97C2211F}) (Version: 2.5.1901 - Nahimic) Hidden
ProductNS Install Configurator (HKLM\...\{AC4476AF-1FC0-46D9-A969-097BB5EB3AB4}) (Version: 2.5.1901 - Nahimic) Hidden
ProtonVPN (HKLM-x32\...\{7852C4CB-2E2C-43A6-A134-733A611B1951}) (Version: 1.11.0 - ProtonVPN AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.11.0) (Version: 1.11.0 - ProtonVPN AG)
ProtonVPNTap (HKLM-x32\...\{C23BCE3A-FD25-48BA-948E-2CE94576F983}) (Version: 1.0.1 - ProtonVPN AG)
psqlODBC_x64 (HKLM\...\{3D4F4C5A-28C7-441D-81DC-2AA2C1A61B6A}) (Version: 09.06.0201 - PostgreSQL Global Development Group)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-981506708-2838147557-1008053113-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Add to Path (32-bit) (HKLM-x32\...\{B7F6071F-CC88-469C-9AC6-BEBA83594819}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
qBittorrent 4.1.9.1 (HKLM-x32\...\qBittorrent) (Version: 4.1.9.1 - The qBittorrent project)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8199 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{F6E94387-38E9-4D98-9FE1-038F575768BA}) (Version: 13.017.06089 - Application)
Sizing Options (HKLM-x32\...\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
SonicMapper Install Configurator (HKLM\...\{9D996E17-C982-4FD1-8E1A-24772B621776}) (Version: 2.5.1901 - Nahimic) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.16.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.16.1 - SteelSeries ApS)
Tableau 2018.1 (20181.18.0706.1237) (HKLM\...\{EB424716-0256-4CCA-9318-A4F50DE00E6F}) (Version: 18.1.1421 - Tableau Software) Hidden
Tableau 2018.1 (20181.18.0706.1237) (HKLM-x32\...\{64fb3215-1922-48e0-a6b5-43fd59070897}) (Version: 18.1.1421 - Tableau Software)
Team Render Client 18.011 (HKLM\...\MAXON141E542C) (Version: 18.011 - MAXON Computer GmbH)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 1.3.5.3 - GOG.com)
The Witness (HKLM-x32\...\1461060839_is1) (Version: 2.0.0.3 - GOG.com)
Thunderbolt(TM) Software (HKLM-x32\...\{F55C97BF-D9B2-4BB6-B16A-25A621BC50E9}) (Version: 16.2.52.250 - Intel Corporation)
UIInstallUpgrade (HKLM\...\{49F1A4D5-8742-4DB8-8C4D-4799F6FBE5A9}) (Version: 2.5.1901 - Nahimic) Hidden
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-23] (Canon Inc.)
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_1.6.2131.0_x64__rh07ty8m5nkag [2018-10-29] (Rivet Networks LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-19] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw [2019-07-26] (MAGIX)
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe [2019-11-27] (Microsoft Corporation) [MS Ad]
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0 [2019-12-05] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxDTCM.dll [2018-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-11-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-09-13 09:17 - 2019-09-13 09:17 - 000152064 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\SplitTunnel.dll
2019-10-21 08:37 - 2019-10-21 08:37 - 000484352 _____ () [File not signed] C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\IPFilter.dll
2019-03-06 19:18 - 2019-03-06 19:18 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\HIDDLL.dll
2019-03-06 19:18 - 2019-03-06 19:18 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\SteelSeries Engine 3\ISPDLL.dll
2015-06-11 18:35 - 2015-06-11 18:35 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\WinIo64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-12-01 18:22 - 000001064 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Git\cmd;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\QuickTime\QTSystem\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-981506708-2838147557-1008053113-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5EB8FFAE-7108-4AC0-A4EC-5053F36BAF03}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4E20533E-A77F-44A6-9493-44901F29609F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{9C3CB35D-8E7A-401E-BDD7-2A0A43C486E1}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe No File
FirewallRules: [TCP Query User{DA08185C-EC62-4C7A-AEB2-382BAFB34343}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe No File
FirewallRules: [UDP Query User{9B484294-93E9-456F-A22A-1FCA2B09CB05}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe No File
FirewallRules: [TCP Query User{80D83BFB-50F3-4F1F-8C70-8E89649B629D}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe No File
FirewallRules: [UDP Query User{F87BA4EE-90C9-4540-96FE-B6C11D7CC599}D:\vyvoj\godot_v3.1.1-stable_win64.exe] => (Allow) D:\vyvoj\godot_v3.1.1-stable_win64.exe (Prehensile Tales B.V. -> Godot Engine)
FirewallRules: [TCP Query User{E0F8BFB5-B445-492D-9944-07D6E98CBF81}D:\vyvoj\godot_v3.1.1-stable_win64.exe] => (Allow) D:\vyvoj\godot_v3.1.1-stable_win64.exe (Prehensile Tales B.V. -> Godot Engine)
FirewallRules: [{3B734679-458E-45F1-A343-72EBCD5F916C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F7A1146A-144C-44E2-83C7-BF7E5FEC9B68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B03D5065-EF91-42A4-B7DC-06AE14DF8684}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0F8EAFE5-C0E9-4763-AB0B-6EAC2EEB1DB7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{18A298C1-14BF-444C-B20C-8D00D66FB9B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [{A3AF4C7B-8EAC-40B4-9DC3-89FB6221E8FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> )
FirewallRules: [UDP Query User{E36B4FAF-3253-4CD0-83D3-31EB3FE3E67A}D:\vyvoj\godot_v3.1-stable_win64.exe] => (Allow) D:\vyvoj\godot_v3.1-stable_win64.exe (Prehensile Tales B.V. -> Godot Engine)
FirewallRules: [TCP Query User{95345349-EE54-44D5-A1F8-C3F458D092D6}D:\vyvoj\godot_v3.1-stable_win64.exe] => (Allow) D:\vyvoj\godot_v3.1-stable_win64.exe (Prehensile Tales B.V. -> Godot Engine)
FirewallRules: [UDP Query User{27BB7822-E7CD-49A9-AE9A-BB74B44BCDB8}D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe] => (Allow) D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe No File
FirewallRules: [TCP Query User{020018A1-7D15-4701-90E4-5F4270C6551E}D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe] => (Allow) D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe No File
FirewallRules: [{6A36AC5D-2F7C-43E4-AE86-D81A1817B385}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{367FF8AA-3EEE-4DE0-989C-366F7D9DF268}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{48AAA8B5-6EEB-46B8-BA6E-C3204FFCFD2C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{6390ABC8-5E78-4ADE-B0A3-09A6B9B62690}D:\vyvoj\godot_v3.0.6-stable_win64.exe] => (Allow) D:\vyvoj\godot_v3.0.6-stable_win64.exe (Godot Engine) [File not signed]
FirewallRules: [TCP Query User{F005D858-0BC7-4FA3-9926-DA21FC6CC5BB}D:\vyvoj\godot_v3.0.6-stable_win64.exe] => (Allow) D:\vyvoj\godot_v3.0.6-stable_win64.exe (Godot Engine) [File not signed]
FirewallRules: [{CCAEF88A-0CEC-4AFA-A598-5A50F1503BC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E566CB8D-4640-4824-BCAA-896CB102287E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{18AF76A4-D16C-4E10-81F4-A3E2E77009F7}C:\users\jan\appdata\local\programs\python\python36-32\python.exe] => (Allow) C:\users\jan\appdata\local\programs\python\python36-32\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{38745495-539B-40E7-BAE8-D2B02CE65A14}C:\users\jan\appdata\local\programs\python\python36-32\python.exe] => (Allow) C:\users\jan\appdata\local\programs\python\python36-32\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [UDP Query User{689BA7FE-3E7F-4EDE-A8CA-C3F68D86B712}D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe] => (Allow) D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe No File
FirewallRules: [TCP Query User{F36C41DB-911C-4DF0-A28E-0618F6DFAD22}D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe] => (Allow) D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe No File
FirewallRules: [{DA47D08E-D9A5-4E96-91F6-EF2205B1C894}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{36C0C68B-5EBD-4F16-A6D0-F4EFCDDD0B87}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{5C163555-CB4C-4200-B0DD-61E1DA13DD3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6B627820-9C8C-4B03-8CEA-F363E06CBCDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{516F4A47-43A9-4EF6-BB92-FD9DA049CE8C}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{18317A90-4B40-421D-9986-8765979340E6}C:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{DFE594D9-ED00-4507-8999-EA90752D389A}C:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{8DB65365-06C1-4D7D-92B5-D2B6DCCAC394}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{E3330C52-F0BC-4315-A918-B9C8017C30F5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{1F43F6E8-5DF0-4DB4-B0F8-5AA9A24201D8}] => (Allow) C:\Users\Jan\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{AB7FE29A-2189-4E1D-B7F4-947AADC0F175}] => (Allow) C:\Users\Jan\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{92F86E7D-5261-4920-B169-F98E00263966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{25DF8996-D97C-4B40-98BF-E8797834879A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{9864FB67-2537-485B-ADC9-AC95C714B9DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{E946C1AC-A6F8-4710-8A3C-D39A06644449}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{6E31FF9C-D31A-408B-A9FA-DEAF625365F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E6782994-9DC6-41D3-9A2C-FB1653C4E26C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FB8F86F7-6EB3-4272-BF48-AB90D2DD9775}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3E07EB08-73AC-49AA-9447-B9923FB45763}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6BA79C82-3436-4F4A-9311-49BBE74B06FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{3B550FF9-C216-4980-9BF4-631C1D76E5C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{76691D51-C025-4862-85F8-31F2056888E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{3EE6DCA4-1B35-4D17-B46D-2D5213582854}D:\games\obliteracers\obliteracers\binaries\win64\obliteracers-win64-shipping.exe] => (Allow) D:\games\obliteracers\obliteracers\binaries\win64\obliteracers-win64-shipping.exe No File
FirewallRules: [UDP Query User{64411210-A8EC-4632-B2C2-C902861B0BA5}D:\games\obliteracers\obliteracers\binaries\win64\obliteracers-win64-shipping.exe] => (Allow) D:\games\obliteracers\obliteracers\binaries\win64\obliteracers-win64-shipping.exe No File
FirewallRules: [TCP Query User{06EBF8F4-4CF6-443F-AF86-3677D95AD30E}C:\program files (x86)\msi\dragon center\dragon center.exe] => (Allow) C:\program files (x86)\msi\dragon center\dragon center.exe (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
FirewallRules: [UDP Query User{0753C943-25C4-435A-97CD-D075BFA5D27C}C:\program files (x86)\msi\dragon center\dragon center.exe] => (Allow) C:\program files (x86)\msi\dragon center\dragon center.exe (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{0DE58A95-2CA4-4F29-83D7-574A64D59D8F}C:\program files\maxon\team render client r18\cinema 4d teamrender client.exe] => (Block) C:\program files\maxon\team render client r18\cinema 4d teamrender client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{20305E3A-B0F7-4B93-82DC-54C3F4C60884}C:\program files\maxon\team render client r18\cinema 4d teamrender client.exe] => (Block) C:\program files\maxon\team render client r18\cinema 4d teamrender client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{6B152D16-1F2E-41DE-A0C6-142FF6828D63}D:\staženo\into.the.breach.v1.0.10\into.the.breach.v1.0.10\breach.exe] => (Block) D:\staženo\into.the.breach.v1.0.10\into.the.breach.v1.0.10\breach.exe No File
FirewallRules: [UDP Query User{1B3C3097-4E8D-4515-B375-105AA266DC46}D:\staženo\into.the.breach.v1.0.10\into.the.breach.v1.0.10\breach.exe] => (Block) D:\staženo\into.the.breach.v1.0.10\into.the.breach.v1.0.10\breach.exe No File
FirewallRules: [{DCC2E56E-9A70-4EAB-9275-96EF206F5814}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FFC05E7C-91C4-43D7-AAEA-4EFC2D6F2AF9}] => (Allow) C:\Program Files\Opera\65.0.3467.48\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1ED68E3B-C42D-4548-9A60-0DE07DF463F4}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{608FC2ED-68A4-42F5-9DA3-73B60FA20691}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4970EF89-946A-4F54-98C1-68298978BF73}] => (Allow) LPort=1688
FirewallRules: [{684EA8AA-2060-4142-8292-8CD8CE2B9CD5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{794D705B-A5B1-43B8-893D-F1C276EF56E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D93D10C-AF2C-4F96-8CCE-3F70B5C77095}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A492E88-277F-4130-B34C-B020758BD12D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FB548317-EDA8-45B5-9927-CEF6A7C48F56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3B0ABBF3-A890-4F3A-BA70-3DE113FF99A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{55692C54-B41A-4BE8-AC10-A2F4D7079C26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B1665DB-D0D5-4486-BFAC-18C2E91C9702}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{04ACE25D-8FAF-4018-AD77-C9594D62A030}] => (Allow) C:\Program Files\Opera\65.0.3467.62\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

19-11-2019 00:24:52 Windows Update
29-11-2019 00:44:49 Naplánovaný kontrolní bod
04-12-2019 16:13:47 Installed ProtonVPN

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/09/2019 11:53:55 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (12/09/2019 08:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AUDIODG.EXE, verze: 10.0.17763.831, časové razítko: 0x274e21ab
Název chybujícího modulu: NAHIMICV3apo.dll, verze: 6.3.9600.17336, časové razítko: 0x5914cc69
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000337647
ID chybujícího procesu: 0x355c
Čas spuštění chybující aplikace: 0x01d5aec9b14ee9fc
Cesta k chybující aplikaci: C:\WINDOWS\system32\AUDIODG.EXE
Cesta k chybujícímu modulu: C:\WINDOWS\system32\NAHIMICV3apo.dll
ID zprávy: d512ec1b-b2d4-4375-b626-16f1fec31931
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/09/2019 06:01:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: MSI)
Description: Installing the performance counter strings for service Intel Storage Counters () failed. The first DWORD in the Data section contains the error code.

Error: (12/08/2019 10:58:08 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (12/08/2019 10:56:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: MSI)
Description: Installing the performance counter strings for service Intel Storage Counters () failed. The first DWORD in the Data section contains the error code.

Error: (12/05/2019 04:53:10 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (12/05/2019 02:45:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: MSI)
Description: Installing the performance counter strings for service Intel Storage Counters () failed. The first DWORD in the Data section contains the error code.

Error: (12/05/2019 12:45:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program KMSAuto Net.exe verze 1.3.8.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 36a8

Čas spuštění: 01d5aafc1df46601

Čas ukončení: 0

Cesta k aplikaci: D:\Tituly\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe

ID hlášení: 0e661adc-0342-4500-bcba-4a84d0f5e1fa

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown


System errors:
=============
Error: (12/10/2019 05:51:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/10/2019 05:51:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.SecurityAppBroker
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/10/2019 05:50:20 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli MSI\Jan (SID: S-1-5-21-981506708-2838147557-1008053113-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/10/2019 05:50:17 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli MSI\Jan (SID: S-1-5-21-981506708-2838147557-1008053113-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/10/2019 05:49:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/10/2019 05:49:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/10/2019 05:49:11 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Ovladač zjistil interní chybu ovladače na \Device\VBoxNetLwf.

Error: (12/10/2019 03:25:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================

Date: 2019-12-10 17:50:10.074
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-12-10 17:50:09.889
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

Date: 2019-12-10 15:08:52.855
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-12-10 15:08:52.826
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

Date: 2019-12-09 18:57:02.582
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-12-09 18:57:02.578
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

Date: 2019-12-09 18:16:16.958
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-12-09 18:16:16.940
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe) attempted to load \Device\HarddiskVolume5\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. E17B1IMS.31D 09/05/2018
Motherboard: Micro-Star International Co., Ltd. MS-17B1
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 16271.88 MB
Available physical RAM: 9401.89 MB
Total Virtual: 18703.88 MB
Available Virtual: 9709.17 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.09 GB) (Free:81.23 GB) NTFS
Drive d: (Data) (Fixed) (Total:1846.33 GB) (Free:1432.16 GB) NTFS

\\?\Volume{f56f0d7e-f616-423c-9c5d-19f2f69344fc}\ () (Fixed) (Total:0.96 GB) (Free:0.38 GB) NTFS
\\?\Volume{16899bdb-5f20-497e-9401-f0191646124d}\ (BIOS_RVY) (Fixed) (Total:16.68 GB) (Free:0.69 GB) NTFS
\\?\Volume{de9f8a1b-ffe7-49c1-b513-3e53c95be3c6}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 86751F59)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 86751F3B)

Partition: GPT.

==================== End of Addition.txt =======================

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  File: C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
  GroupPolicy: Restriction ? <==== ATTENTION
  Task: {1BFDC1FA-BD12-455A-90D9-C86657593C19} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [5046784 2019-12-04] () [File not signed]
  C:\WINDOWS\AutoKMS
  HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
  HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
  SearchScopes: HKU\S-1-5-21-981506708-2838147557-1008053113-1001 -> DefaultScope {00CA61B6-0A1B-4919-B9BD-2F673E81B415} URL = 
  SearchScopes: HKU\S-1-5-21-981506708-2838147557-1008053113-1001 -> {00CA61B6-0A1B-4919-B9BD-2F673E81B415} URL = 
  R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
  2019-12-05 00:44 - 2019-12-05 00:44 - 000000000 ____D C:\ProgramData\KMSAuto
  2019-12-05 00:39 - 2019-12-05 00:46 - 000000000 ____D C:\Users\Jan\AppData\Local\MSfree Inc
  2019-12-04 17:34 - 2019-12-10 17:50 - 000003808 _____ C:\WINDOWS\system32\Tasks\AutoKMS
  2019-12-04 17:34 - 2019-12-04 20:29 - 000000000 ____D C:\WINDOWS\AutoKMS
  2019-12-04 17:32 - 2019-12-04 17:32 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
  2019-12-04 00:24 - 2019-12-04 00:24 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign12b36f12deded2f8
  2019-12-04 00:23 - 2019-12-04 00:23 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsigneb4f33bf78b76da7
  2019-12-03 23:56 - 2019-12-03 23:56 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignc7879d5303654c7a
  2019-12-03 23:55 - 2019-12-03 23:55 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign7fc209986b10967a
  2019-11-23 21:35 - 2019-11-23 21:35 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignf6efff9bfe30e4d1
  2019-11-23 21:35 - 2019-11-23 21:35 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign773389efaf87e5b2
  2019-11-23 18:15 - 2019-11-23 18:15 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign23b822e9b7607e9c
  2019-11-23 18:13 - 2019-11-23 18:13 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign72d0563109854502
  2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign15023cb991346b9e
  2019-11-23 18:10 - 2019-11-23 18:10 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignfc86bb03bc72a446
  2019-11-23 18:10 - 2019-11-23 18:10 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsigndc73eb148add0dca
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  FirewallRules: [UDP Query User{9C3CB35D-8E7A-401E-BDD7-2A0A43C486E1}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe No File
  FirewallRules: [TCP Query User{DA08185C-EC62-4C7A-AEB2-382BAFB34343}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe No File
  FirewallRules: [UDP Query User{9B484294-93E9-456F-A22A-1FCA2B09CB05}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe No File
  FirewallRules: [TCP Query User{80D83BFB-50F3-4F1F-8C70-8E89649B629D}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe No File
  FirewallRules: [UDP Query User{27BB7822-E7CD-49A9-AE9A-BB74B44BCDB8}D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe] => (Allow) D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe No File
  FirewallRules: [TCP Query User{020018A1-7D15-4701-90E4-5F4270C6551E}D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe] => (Allow) D:\staženo\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe No File
  FirewallRules: [UDP Query User{689BA7FE-3E7F-4EDE-A8CA-C3F68D86B712}D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe] => (Allow) D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe No File
  FirewallRules: [TCP Query User{F36C41DB-911C-4DF0-A28E-0618F6DFAD22}D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe] => (Allow) D:\staženo\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe No File
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[Joe]

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by Jan (12-12-2019 00:40:12) Run:1
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available Profiles: Jan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
GroupPolicy: Restriction ? <==== ATTENTION
Task: {1BFDC1FA-BD12-455A-90D9-C86657593C19} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [5046784 2019-12-04] () [File not signed]
C:\WINDOWS\AutoKMS
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-981506708-2838147557-1008053113-1001 -> DefaultScope {00CA61B6-0A1B-4919-B9BD-2F673E81B415} URL =
SearchScopes: HKU\S-1-5-21-981506708-2838147557-1008053113-1001 -> {00CA61B6-0A1B-4919-B9BD-2F673E81B415} URL =
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [File not signed]
2019-12-05 00:44 - 2019-12-05 00:44 - 000000000 ____D C:\ProgramData\KMSAuto
2019-12-05 00:39 - 2019-12-05 00:46 - 000000000 ____D C:\Users\Jan\AppData\Local\MSfree Inc
2019-12-04 17:34 - 2019-12-10 17:50 - 000003808 _____ C:\WINDOWS\system32\Tasks\AutoKMS
2019-12-04 17:34 - 2019-12-04 20:29 - 000000000 ____D C:\WINDOWS\AutoKMS
2019-12-04 17:32 - 2019-12-04 17:32 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2019-12-04 00:24 - 2019-12-04 00:24 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign12b36f12deded2f8
2019-12-04 00:23 - 2019-12-04 00:23 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsigneb4f33bf78b76da7
2019-12-03 23:56 - 2019-12-03 23:56 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignc7879d5303654c7a
2019-12-03 23:55 - 2019-12-03 23:55 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign7fc209986b10967a
2019-11-23 21:35 - 2019-11-23 21:35 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignf6efff9bfe30e4d1
2019-11-23 21:35 - 2019-11-23 21:35 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign773389efaf87e5b2
2019-11-23 18:15 - 2019-11-23 18:15 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign23b822e9b7607e9c
2019-11-23 18:13 - 2019-11-23 18:13 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign72d0563109854502
2019-11-23 18:11 - 2019-11-23 18:11 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsign15023cb991346b9e
2019-11-23 18:10 - 2019-11-23 18:10 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsignfc86bb03bc72a446
2019-11-23 18:10 - 2019-11-23 18:10 - 000000000 ____D C:\Users\Jan\AppData\Local\Tempzxpsigndc73eb148add0dca
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [UDP Query User{9C3CB35D-8E7A-401E-BDD7-2A0A43C486E1}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe No File
FirewallRules: [TCP Query User{DA08185C-EC62-4C7A-AEB2-382BAFB34343}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe No File
FirewallRules: [UDP Query User{9B484294-93E9-456F-A22A-1FCA2B09CB05}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe No File
FirewallRules: [TCP Query User{80D83BFB-50F3-4F1F-8C70-8E89649B629D}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe] => (Allow) C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe No File
FirewallRules: [UDP Query User{27BB7822-E7CD-49A9-AE9A-BB74B44BCDB8}D:\sta�eno\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe] => (Allow) D:\sta�eno\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe No File
FirewallRules: [TCP Query User{020018A1-7D15-4701-90E4-5F4270C6551E}D:\sta�eno\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe] => (Allow) D:\sta�eno\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe No File
FirewallRules: [UDP Query User{689BA7FE-3E7F-4EDE-A8CA-C3F68D86B712}D:\sta�eno\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe] => (Allow) D:\sta�eno\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe No File
FirewallRules: [TCP Query User{F36C41DB-911C-4DF0-A28E-0618F6DFAD22}D:\sta�eno\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe] => (Allow) D:\sta�eno\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 13
Average :
Sum : 10672940
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe ========================

C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
File not signed
MD5: 673E36852E2F9FA778D5D3DDCEFA591B
Creation and modification date: 2012-05-18 00:23 - 2012-05-18 00:23
Size: 002938880
Attributes: ----A
Company Name: PACE Anti-Piracy, Inc.
Internal Name: LDSvc.exe
Original Name: LDSvc.exe
Product: License Support
Description: PACE License Support Service
File Version: 1.2.0.15555
Product Version: 1.2.0.15555
Copyright: Copyright 2012, PACE Anti-Piracy, Inc., All rights reserved.
VirusTotal: https://www.virustotal.com/file/a15ef7e ... 575706406/

====== End of File: ======

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1BFDC1FA-BD12-455A-90D9-C86657593C19}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BFDC1FA-BD12-455A-90D9-C86657593C19}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
C:\WINDOWS\AutoKMS => moved successfully
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKU\S-1-5-21-981506708-2838147557-1008053113-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-981506708-2838147557-1008053113-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00CA61B6-0A1B-4919-B9BD-2F673E81B415} => removed successfully
HKLM\System\CurrentControlSet\Services\KMSEmulator => removed successfully
KMSEmulator => service removed successfully
C:\ProgramData\KMSAuto => moved successfully
C:\Users\Jan\AppData\Local\MSfree Inc => moved successfully
"C:\WINDOWS\system32\Tasks\AutoKMS" => not found
"C:\WINDOWS\AutoKMS" => not found
C:\ProgramData\Microsoft Toolkit => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsign12b36f12deded2f8 => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsigneb4f33bf78b76da7 => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsignc7879d5303654c7a => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsign7fc209986b10967a => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsignf6efff9bfe30e4d1 => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsign773389efaf87e5b2 => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsign23b822e9b7607e9c => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsign72d0563109854502 => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsign15023cb991346b9e => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsignfc86bb03bc72a446 => moved successfully
C:\Users\Jan\AppData\Local\Tempzxpsigndc73eb148add0dca => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9C3CB35D-8E7A-401E-BDD7-2A0A43C486E1}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DA08185C-EC62-4C7A-AEB2-382BAFB34343}C:\users\jan\desktop\restored\2019-08-01_14-14-28\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9B484294-93E9-456F-A22A-1FCA2B09CB05}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{80D83BFB-50F3-4F1F-8C70-8E89649B629D}C:\users\jan\desktop\restored\2019-08-01_04-35-27\qbittorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{27BB7822-E7CD-49A9-AE9A-BB74B44BCDB8}D:\sta�eno\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{020018A1-7D15-4701-90E4-5F4270C6551E}D:\sta�eno\godot_v3.1-stable_win64.exe\godot_v3.1-stable_win64.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{689BA7FE-3E7F-4EDE-A8CA-C3F68D86B712}D:\sta�eno\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F36C41DB-911C-4DF0-A28E-0618F6DFAD22}D:\sta�eno\godot_v3.0.6-stable_win64.exe\godot_v3.0.6-stable_win64.exe" => not found
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 572870924 B
Java, Flash, Steam htmlcache => 380566291 B
Windows/system/drivers => 477127 B
Edge => 4985845 B
Chrome => 145470638 B
Firefox => 786220445 B
Opera => 553867103 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 131882 B
NetworkService => 137452 B
Jan => 53211051 B

RecycleBin => 136661 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-12-2019 00:47:52)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 00:47:52 ====

[Conder]

Ako to vyzera s PC? Su este nejake problemy?

Preventivne odporucam este urobit sken cez Kaspersky Virus Removal Tool (KVRT): https://www.kaspersky.com/downloads/tha ... moval-tool
Stiahni cez cervene tlacitko "Download Now" a stiahnuty program spusti ako spravca
Klikni na "Change Parameters" a oznac moznost "System Drive"
Klikin na "Start Scan" a pockaj na dokoncenie
V pripade nalezov urob screenshot/snimku obrazovky - stlac klavesu Print Screen, otvor program Malovani / Skicar, stlac Ctrl+V a uloz obrazok (KVRT neumoznuje vytvorit skopirovatelny log)
Vytvoreny screenshot posli ako prilohu k dalsiemu prispevku alebo ho nahraj na nejake webove ulozisko a posli odkaz
Nalezy nechaj zmazat - klikni na "Neutralize all" a nasledne na "Continue"

[Joe]

Já se omlouvám, odešel mi do všeho ještě chladící větráček na procesoru, tak mi odpověď chvíli trvala.

Problémy viditelně nejsou - jen mi někdo zpronevěřil před 14 dny citlivé údaje, tak jsem chtěl jen zkontrolovat, jestli to není kvůli mé hlouposti a nemám něco na notebooku.

Screen vypadá následovně:

[Conder]

PC vyzera OK. Tieto nalezy su uz v karantene FRST, zmazu sa cez DelFix v dalsom kroku.

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"