Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Preventivka

#1 Příspěvek od pepe3dx »

Dobrý den,
prosím o preventivní kontrolu logu.(podivné chování při načítání stránek v chromu) Konkrétně třeba Twitter se nenačte vůbec. Stále se opakovaně načítá v okně.

ActiveX/COM Issue LocalServer32\C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechRuntime.exe -ToastNotifier HKCR\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab}

Tento prvek nemohu odstranit z registrů CCleanerem.

Předem moc děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021
Ran by Pepe3dx (administrator) on DESKTOP-DSG-011 (08-02-2021 13:39:14)
Running from C:\Users\pepe3\Downloads
Loaded Profiles: Pepe3dx
Platform: Windows 10 Pro Version 20H2 19042.789 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <23>
(Kingston Technology Company, Inc. -> HyperX NGenuity Software) C:\Program Files (x86)\HyperX\NGenuity\Device\Cloud Flight\NGenuity.exe
(Kingston Technology Company, Inc. -> HyperX NGenuity Software) C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe <3>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-07-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-30] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [NGenuity] => C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe [1834040 2019-03-29] (Kingston Technology Company, Inc. -> HyperX NGenuity Software)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32873544 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {33ccff58-5d1c-11eb-aec8-107b44947968} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {f7816062-34c4-11eb-aeb1-107b44947968} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\88.1.19.92\Installer\chrmstp.exe [2021-02-05] (Brave Software, Inc. -> Brave Software, Inc.)
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C7BD329-D086-4081-8FE0-1F7A7F948073} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {19E733EB-574F-46C2-86F6-D317CE57DF0B} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {218EAC62-806E-4827-A0B7-8B3D38C5D0BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
Task: {22D50E4D-175E-4CD9-B05D-415AD2152F4A} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {26A77E22-B2FB-47A9-B937-4AA3D59C6DE9} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3454A907-AD8E-40F6-8C6E-4506D5B60236} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {349A1E37-AE24-47A3-99AF-5163E38C87F0} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [1071760 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {48BDE236-2955-4FB5-A681-4F1A3087697B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4C06CC73-30B5-4A8A-B246-E60E0651BF0C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4CA59060-A069-410B-BA90-1ADF850D8606} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6BA5DE85-5730-4515-9754-D797454E7C9A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1111073687-3998721342-1139661879-500 => C:\Users\pepe3\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6F3BBEEB-AF88-479D-98EA-C0933FE0C832} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {7279CB9D-D99E-4EBE-BD30-06A3C6C9B827} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8D458EF7-7C50-4B82-A9EE-4838F2D06565} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {A2DBFF96-4140-4D6E-BFA9-E834FE0D8AE2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B5929272-4F42-4C61-B42C-DDA59CEA73A4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {D9633B7B-DF8B-4941-AB33-54BAA966407D} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {DB6B7EAE-842E-4D8F-9FBC-9EE5F4E57C0C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DBE5A1EC-A30D-42C3-9233-B5334357173A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E20BE200-AAA0-450D-B03A-AACCD47E9CCB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
Task: {EEDEA81F-2784-4ABE-9926-DCB0B3ECD6A8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0ED2E49-0BDC-49DF-9A02-EE9BE5D15890} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FF36E08C-E7AF-4F09-AD90-7FECE557EEF8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1401bb62-6e97-4440-92e8-0b3d59938531}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\pepe3\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-08]

FireFox:
========
FF DefaultProfile: iwqmc46c.default
FF ProfilePath: C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\iwqmc46c.default [2020-10-19]
FF ProfilePath: C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release [2021-02-08]
FF Extension: (Dark Reader) - C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release\Extensions\addon@darkreader.org.xpi [2020-12-03]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-02-08]

Chrome:
=======
CHR Profile: C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default [2021-02-08]
CHR Notifications: Default -> hxxps://cs.phhsnews.com; hxxps://cs.soringpcrepair.com; hxxps://moje.axa.cz; hxxps://optima-inv.ru; hxxps://www.chip.cz; hxxps://www.facebook.com; hxxps://www.g2a.com; hxxps://www.pcgamer.com; hxxps://www.reddit.com; hxxps://www.whathifi.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "chrome://history/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-19]
CHR Extension: (Dokumenty) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-19]
CHR Extension: (Disk Google) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-19]
CHR Extension: (YouTube) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-19]
CHR Extension: (WebRTC Leak Shield) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2020-10-19]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Dark Reader) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-02-06]
CHR Extension: (Tabulky) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-26]

Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-08]
BRA Extension: (Překladač Google) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-11-12]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-02-08]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-10-26]
BRA Extension: (Brave NTP sponsored images) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2021-02-08]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2020-10-19]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-10-19]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2021-02-08]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-02-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe [440368 2019-06-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe [898216 2020-10-12] (AOMEI International Network Limited -> AOMEI International Network Limited)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-30] (ESET, spol. s r.o. -> ESET)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [2109376 2019-07-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.)
R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [34976 2018-12-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-06-21] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2021-02-08] (CPUID S.A.R.L.U. -> CPUID)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-17] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-17] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15288 2020-10-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-10-17] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43720 2020-10-17] (ESET, spol. s r.o. -> ESET)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [19968 2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70048 2020-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107784 2020-10-17] (ESET, spol. s r.o. -> ESET)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 LGBusEnum; C:\Windows\system32\drivers\LGBusEnum.sys [37408 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R3 LGVirHid; C:\Windows\system32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-08 13:39 - 2021-02-08 13:39 - 000026454 _____ C:\Users\pepe3\Downloads\FRST.txt
2021-02-08 13:38 - 2021-02-08 13:39 - 000000000 ____D C:\FRST
2021-02-08 13:37 - 2021-02-08 13:37 - 002297344 _____ (Farbar) C:\Users\pepe3\Downloads\FRST64.exe
2021-02-08 01:42 - 2021-02-08 01:47 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\MPC-HC
2021-02-08 01:41 - 2021-02-08 01:41 - 000000000 ____D C:\Program Files\MPC-HC
2021-02-08 01:30 - 2021-02-08 01:30 - 000000000 ____D C:\Users\pepe3\AppData\Local\CCleaner Browser
2021-02-08 00:51 - 2021-02-08 00:51 - 000000193 _____ C:\Windows\WORDPAD.INI
2021-02-08 00:32 - 2021-02-08 00:32 - 000006268 _____ C:\Users\Administrator\Downloads\nodes.dat
2021-02-08 00:10 - 2021-02-08 00:10 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (4).zip
2021-02-07 23:11 - 2021-02-08 00:04 - 000001031 _____ C:\Users\Administrator\Desktop\eMule.lnk
2021-02-07 22:53 - 2021-02-07 22:53 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (3).zip
2021-02-07 22:18 - 2021-02-07 22:18 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (2).zip
2021-02-07 22:08 - 2021-02-07 22:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-07 22:08 - 2021-02-07 22:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-07 22:08 - 2021-02-07 22:08 - 001314112 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-02-07 22:08 - 2021-02-07 22:08 - 000231232 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-07 22:08 - 2021-02-07 22:08 - 000010908 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-02-07 22:02 - 2021-02-08 00:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2021-02-07 22:02 - 2021-02-07 22:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2021-02-07 21:55 - 2021-02-07 21:55 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (1).zip
2021-02-07 21:53 - 2021-02-07 21:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HyperX
2021-02-07 00:02 - 2021-02-07 00:03 - 000000000 ____D C:\Users\pepe3\Desktop\SKODA
2021-01-27 20:12 - 2021-01-27 20:12 - 000048426 _____ C:\Users\pepe3\Downloads\repository.hacky.zip
2021-01-27 20:00 - 2021-01-27 20:00 - 000001692 _____ C:\Users\pepe3\Desktop\Kodi.lnk
2021-01-26 23:06 - 2021-02-05 21:48 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\Kodi
2021-01-26 23:06 - 2021-01-26 23:06 - 000000000 ____D C:\Program Files\Kodi
2021-01-26 23:05 - 2021-01-26 23:05 - 063102319 _____ (XBMC Foundation) C:\Users\pepe3\Downloads\kodi-18.9-Leia-x64.exe
2021-01-26 23:03 - 2021-01-26 23:03 - 000045469 _____ C:\Users\pepe3\Downloads\repository.kodi-czsk-1.0.2.zip
2021-01-26 18:40 - 2021-01-23 09:15 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-26 18:40 - 2021-01-23 09:15 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-01-26 18:40 - 2021-01-23 09:14 - 001855192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-26 18:40 - 2021-01-23 09:14 - 001855192 _____ C:\Windows\system32\vulkaninfo.exe
2021-01-26 18:40 - 2021-01-23 09:14 - 001453728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 001193120 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 001094880 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 001094880 _____ C:\Windows\system32\vulkan-1.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 001512096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 001164960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000689312 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-01-26 18:40 - 2021-01-23 09:12 - 000680096 _____ C:\Windows\system32\nvofapi64.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000672928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000613536 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000558240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000547488 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 008262304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 007392928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 004611744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 002731168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 002103456 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 001589408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 000813216 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 000657056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 000446624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-01-26 18:40 - 2021-01-23 09:10 - 000850080 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-01-26 18:40 - 2021-01-22 23:59 - 000084264 _____ C:\Windows\system32\nvinfo.pb
2021-01-22 01:11 - 2021-01-22 02:31 - 1468006400 _____ C:\Users\pepe3\Downloads\Česká soda (1993) - 1.-6.díl DVD.part1.rar
2021-01-17 14:34 - 2021-01-17 14:34 - 000000000 ____D C:\Users\pepe3\AppData\Local\Apple Computer
2021-01-17 14:33 - 2021-01-17 14:33 - 000000000 ____D C:\Users\pepe3\Documents\Call Of Duty Black Ops Cold War
2021-01-17 14:33 - 2021-01-17 14:33 - 000000000 ____D C:\Users\pepe3\AppData\Local\Activision
2021-01-12 20:23 - 2021-01-12 20:23 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-12 20:23 - 2021-01-12 20:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-12 20:23 - 2021-01-12 20:23 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-12 20:22 - 2021-01-12 20:22 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-12 20:22 - 2021-01-12 20:22 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-12 20:22 - 2021-01-12 20:22 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-12 20:22 - 2021-01-12 20:22 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-12 20:22 - 2021-01-12 20:22 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-10 18:54 - 2021-01-10 18:54 - 000000219 _____ C:\Users\pepe3\Desktop\Left 4 Dead 2.url
2021-01-10 12:38 - 2021-01-10 12:38 - 000000000 ____D C:\Program Files (x86)\Corsair
2021-01-09 13:49 - 2021-01-09 13:49 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-08 13:34 - 2020-10-19 22:35 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-08 13:30 - 2020-10-25 16:38 - 000000000 ____D C:\Program Files\CCleaner
2021-02-08 13:17 - 2020-10-19 22:39 - 001693568 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-08 13:17 - 2019-12-07 15:43 - 000716874 _____ C:\Windows\system32\perfh005.dat
2021-02-08 13:17 - 2019-12-07 15:43 - 000145052 _____ C:\Windows\system32\perfc005.dat
2021-02-08 13:17 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-02-08 13:10 - 2020-10-25 17:26 - 000000312 _____ C:\Windows\SysWOW64\AbBakConfig.dat
2021-02-08 13:10 - 2020-10-25 17:26 - 000000150 _____ C:\Windows\SysWOW64\winsevr.dat
2021-02-08 13:10 - 2020-10-24 01:58 - 000009996 _____ C:\CosairDram.txt
2021-02-08 13:10 - 2020-10-19 22:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-08 13:10 - 2020-10-19 22:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-08 13:09 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-02-08 02:00 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-08 01:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-08 01:31 - 2020-10-20 15:20 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\TS3Client
2021-02-08 01:31 - 2020-10-20 05:50 - 000000000 ____D C:\Users\pepe3\AppData\Local\CrashDumps
2021-02-08 01:30 - 2020-10-25 16:38 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-02-08 01:29 - 2020-10-20 02:48 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2021-02-08 01:20 - 2020-10-19 23:00 - 000000000 ____D C:\Users\pepe3
2021-02-08 00:01 - 2020-11-07 04:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\MPC-HC
2021-02-08 00:01 - 2020-10-25 17:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2021-02-08 00:01 - 2020-10-19 23:56 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-07 22:12 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-02-07 22:11 - 2020-10-20 03:03 - 000258176 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-07 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-02-07 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-02-07 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-02-07 22:10 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-02-07 22:09 - 2020-10-25 16:33 - 000003394 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1111073687-3998721342-1139661879-500
2021-02-07 22:09 - 2020-10-25 16:33 - 000002388 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-07 22:09 - 2020-10-25 16:33 - 000000000 ___RD C:\Users\Administrator\OneDrive
2021-02-07 21:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-02-07 21:53 - 2020-10-25 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-02-07 21:39 - 2020-11-13 16:10 - 000000000 ____D C:\Program Files\eMule
2021-02-07 20:43 - 2020-10-20 03:04 - 000000000 ____D C:\Users\pepe3\AppData\Local\ElevatedDiagnostics
2021-02-05 02:45 - 2020-10-19 23:28 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 02:45 - 2020-10-19 23:28 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-03 12:39 - 2020-10-19 23:34 - 000000000 ____D C:\Users\pepe3\AppData\LocalLow\Mozilla
2021-02-03 00:13 - 2020-10-20 03:06 - 000000000 ____D C:\Users\pepe3\AppData\Local\Warframe
2021-02-01 19:24 - 2020-10-20 14:49 - 000000000 ____D C:\Users\pepe3\AppData\Local\Battle.net
2021-02-01 17:05 - 2020-10-24 19:35 - 000000000 ____D C:\Users\pepe3\Desktop\ALL
2021-01-31 23:29 - 2020-10-20 14:04 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\discord
2021-01-28 21:16 - 2020-10-19 23:02 - 000000000 ____D C:\Users\pepe3\AppData\Local\Packages
2021-01-27 23:35 - 2020-10-20 05:56 - 000000000 ____D C:\Users\pepe3\AppData\Local\D3DSCache
2021-01-23 09:10 - 2020-10-20 00:01 - 006070848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-01-23 09:10 - 2020-10-19 22:38 - 007116680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-01-20 13:15 - 2020-10-19 23:27 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 13:15 - 2020-10-19 23:27 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-13 18:15 - 2020-10-22 19:05 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\XnView
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-12 22:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-12 22:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-12 22:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-12 20:22 - 2020-10-19 22:37 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-12 20:18 - 2020-10-19 23:23 - 000000000 ____D C:\Windows\system32\MRT
2021-01-12 20:17 - 2020-10-19 23:23 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-10 18:54 - 2020-10-20 05:27 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-10 18:42 - 2020-10-20 14:49 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-01-10 12:40 - 2021-01-06 17:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-10 12:40 - 2020-10-19 23:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-10 12:35 - 2020-10-19 23:59 - 000000000 ____D C:\Users\pepe3\AppData\Local\NVIDIA

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021
Ran by Pepe3dx (08-02-2021 13:40:08)
Running from C:\Users\pepe3\Downloads
Windows 10 Pro Version 20H2 19042.789 (X64) (2020-10-19 21:36:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1111073687-3998721342-1139661879-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1111073687-3998721342-1139661879-503 - Limited - Disabled)
Guest (S-1-5-21-1111073687-3998721342-1139661879-501 - Limited - Enabled)
Pepe3dx (S-1-5-21-1111073687-3998721342-1139661879-1001 - Administrator - Enabled) => C:\Users\pepe3
WDAGUtilityAccount (S-1-5-21-1111073687-3998721342-1139661879-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.04.09.131 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{e181ee25-9ce3-41bf-9841-870050e7e92c}) (Version: 2.04.09.131 - Advanced Micro Devices, Inc.) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{e8758547-b06a-4534-a291-d9062d2a6bf6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{b8af8e27-5c72-412c-bab7-dc6430e70f1b}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{e46f527f-1e64-4554-abc1-115f3429c25c}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{7f23d3ea-a821-4293-b7f7-34383bf06437}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{12b6811a-dcdb-43c1-b3e4-80aef31134c5}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{277875e0-972c-4705-b09c-ca5acf5b2f7c}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.38 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{55c3ae30-56f9-48ea-a96d-1fad2739e1a2}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{ae71a627-f426-4c18-afc9-b379b0e88f97}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{a3a1beb0-9f5b-4b4e-8cfa-ef25842faf55}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{d25743f5-a12e-4fa8-a426-6ee9c7b2ef9c}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{3fb92594-5d14-44b6-aa83-5e9823daa7e8}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
Asus NahimicSettingsConfigurator (HKLM\...\{F3555FAC-C3A3-4E76-A26E-D0FB369E7AA1}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus ProfileSwitcherCleanup (HKLM\...\{DFF1D9E9-057F-46F0-A2AD-37BA5003409E}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus Sonic Radar 3 (HKLM-x32\...\{f302c1fc-67c2-40b1-93c7-266d93310a2d}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{44d9a0cd-0414-49c0-8488-dc0849f46bd1}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus SonicMapperConfigurator (HKLM\...\{41AD5E46-CEFE-4775-8FA4-C3A28CC9F0FA}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus SonicRadar3Setup (HKLM\...\{09AE428F-CB54-42C8-8342-D0EC6E4136D0}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{ACA23ED7-018F-47AE-8C9C-2096E1455DA4}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.07.71 - ASUSTeK Computer Inc.)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.30 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{e6f373bb-3881-463c-bd1a-3c948b067041}) (Version: 1.0.30 - ASUS) Hidden
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.03.56 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{fae81274-d8ce-4fcf-a8c8-2c1d949df742}) (Version: 3.03.56 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 88.1.19.92 - Autoři prohlížeče Brave)
Call of Duty Black Ops Cold War (HKLM-x32\...\Call of Duty Black Ops Cold War) (Version: - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{7f2fddab-1f7d-4301-b534-6723e6315fe1}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
CORSAIR iCUE Software (HKLM-x32\...\{10730A22-FBFF-43C4-92EA-1583832711B4}) (Version: 3.37.140 - Corsair)
CPUID ROG CPU-Z 1.90 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.90 - CPUID, Inc.)
Discord (HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
eMule (HKLM-x32\...\eMule) (Version: - )
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.0.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{B380DBDE-BA95-481B-92E9-52F2E5E84F24}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{adbc3d98-57f2-4d68-b155-138f8fb0f73d}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM\...\{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{3FE4BE73-5C15-4EEE-9547-A89E3FB14F37}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.146 - Google LLC)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HyperX NGenuity Software (HKLM-x32\...\{28211B6A-65EE-4713-8677-E8D41349A122}_is1) (Version: 5.2.8.0 - HyperX)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{83d4c398-3b93-4ab0-95f0-6091b0a2f601}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Kodi (HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Kodi) (Version: - XBMC Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.0 (HKLM-x32\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.2 - Mozilla)
MPC-HC 1.9.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.8 - MPC-HC Team)
MSI MysticLight (HKLM-x32\...\{93874B70-6C5E-446A-AF4D-E5AC776A0386}}_is1) (Version: 3.0.0.70 - MSI)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
Total Commander Ultima Prime 7.9 (HKLM-x32\...\TC UP) (Version: 7.9.0.2020 - TC UP Team)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-02-07] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-29 21:25 - 2020-12-29 21:25 - 000357376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-12-29 21:05 - 2020-12-29 21:05 - 000760832 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-12-29 21:05 - 2020-12-29 21:05 - 000744960 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-12-29 21:05 - 2020-12-29 21:05 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2020-10-20 00:09 - 2016-07-26 14:10 - 000084992 _____ () [File not signed] C:\Program Files (x86)\HyperX\NGenuity\Device\Cloud Flight\HidDevice.dll
2020-10-20 00:09 - 2016-07-26 14:10 - 000084992 _____ () [File not signed] C:\Program Files (x86)\HyperX\NGenuity\HidDevice.dll
2020-12-05 14:07 - 2017-08-02 14:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\MysticLight\LEDControl.dll
2019-10-30 16:17 - 2019-10-30 16:17 - 000368128 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll
2019-10-30 16:30 - 2019-10-30 16:30 - 000230912 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll
2020-10-14 10:17 - 2020-01-13 13:51 - 000210432 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2020-10-14 10:13 - 2019-10-22 02:16 - 000264704 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-11-06 14:09 - 2019-11-06 14:09 - 000190976 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_DRAM_RGB_AURA42\x86\AacHal_x86.dll
2019-06-28 10:51 - 2019-06-28 09:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2020-10-25 17:05 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\vcomp.dll
2020-05-26 17:08 - 2019-05-06 15:07 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2020-11-15 15:51 - 2020-11-15 15:51 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2019-06-28 15:23 - 2019-06-28 15:23 - 000428544 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll
2020-12-05 14:07 - 2016-10-03 13:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MysticLight\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: XnView.File.scr => "C:\Program Files (x86)\TC UP\MEDIA\Programs\XnView\xnview.exe" "%1" <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "Delete Cached Standalone Update Binary"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "Delete Cached Update Binary"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0D98D4C2-6407-4630-AF60-77215BB26DE7}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4CFF6057-AD3E-4E11-BE29-7ADA80F5F66F}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4D81941D-0575-40F1-9341-F5CC14AA44F6}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{F0D0A6DC-932E-4E2E-9847-AD21504860AC}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{FA9B935B-832C-41CE-AE29-88C9CE74A26A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{75F73030-D79B-4CE3-A183-C0976230C027}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{6F25F2D8-9F8C-464C-9AC5-D799C0716D44}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FB78B83E-6569-497E-A017-FF0B2EBF5B15}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{909A6D70-5679-40DC-B589-27278FF92878}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4700CA54-A74E-4B41-8861-E803D19AEBD8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7F35B14F-5458-4098-BAE3-6B39D1D83741}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{D7770828-8DBE-4E0E-988A-6FB572D1F145}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{9CFA5F6E-10B8-4655-A454-4208E1ECD03C}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{BB4E2E31-DD84-4CE2-BCD1-2830302EFD50}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{2E522B2D-CF5A-4A4A-A558-016CDF645257}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{996FEDA5-2E9C-48BE-8A06-49C4EE27519D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B2252AD-75DD-4A05-BAB8-8220281A0F4A}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown (Test Server)\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{EEC0AD33-EA53-468F-89B2-BB0FBE58E96A}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown (Test Server)\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{747638A1-8CC5-42E7-9C25-A1A93F437127}] => (Allow) D:\HuntShowddown\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{5C262A43-1B51-4B5E-BEC5-80D821E50391}] => (Allow) D:\HuntShowddown\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{EFD53881-C235-4DFA-B552-F18C4E9AEC43}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{92CCDC30-C946-4012-8DC6-FBD960ECBA8A}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{94D9AA3C-D5D0-4CBF-BA74-AC9A4D777122}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{A5895B9F-0B1E-4108-8A57-339E63788FF2}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{A2B118EE-B7A8-40AE-BC1A-58A557D0C9F9}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{8BCEB54B-AACF-4F9A-99D6-D8CBF78E9428}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{D4BA5342-BE42-414C-B7F3-8BAC16CCED62}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{A1266AC2-13E4-4923-B9FF-CB39D2B8EB92}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{7D2CB29B-CF9B-4491-9E74-25C9D1086277}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{D31FB05A-759B-4998-AA5A-93E7C4475DA9}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{C49461B6-78DA-4702-9ECE-1006BCE6806F}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{78BF58CA-9A7B-4ABF-9186-A89A08CB0A2D}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{00BDB805-74AF-4237-AACF-2CCFA184DC58}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{DA6492EA-8FA0-4761-92BD-33599E93D369}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{4E80972B-57E2-4EBF-80C8-13CE872B3EC7}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{D7622520-4698-41F4-ABC9-651897113D96}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{ACF6AB0D-D209-4613-A0FC-5CFA3AC12DD4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AEFBAE7B-A090-46C5-9753-33F19F32AEFC}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D673EECA-D8CB-401B-8F80-C0681492790E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E36DEAB-83E9-48F5-AF14-E7026167D101}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B1A08F2-DC5A-426C-9457-6D23A58BA8E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{85B29B9A-6691-4B59-90B2-30DFCEF8BDBD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA7EF653-83BE-4822-84CB-CCCD67EDBFA2}] => (Allow) LPort=26820
FirewallRules: [{149C38B6-FBBF-42FB-8924-63F787F06698}] => (Allow) LPort=26822

==================== Restore Points =========================

21-01-2021 19:49:10 Naplánovaný kontrolní bod
30-01-2021 13:29:36 Naplánovaný kontrolní bod
07-02-2021 22:05:45 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/08/2021 02:03:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 333c

Čas spuštění: 01d6fdb63abececa

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: 26983485-2c36-4d84-bf7f-86ac894c51e4

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (02/08/2021 02:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 27d4

Čas spuštění: 01d6fdb621583d07

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: 70eb1aa9-3be7-446e-a212-49bf5246886a

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (02/08/2021 01:59:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3cf8

Čas spuštění: 01d6fdb5b1a7f99e

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: 8491e1b2-4657-4cfa-b2c3-dbea20e03c64

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (02/08/2021 01:58:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 33c4

Čas spuštění: 01d6fdb57ef00f91

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: db6ce545-108b-4c98-a700-707516e17bc3

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (02/08/2021 01:56:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program svchost.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: b74

Čas spuštění: 01d6fdb213037429

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\System32\svchost.exe

ID hlášení: 40aca59f-e8b2-4eec-9c9d-8810348ca436

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Cross-process

Error: (02/08/2021 01:55:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program mpc-hc64.exe verze 1.9.8.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: c18

Čas spuštění: 01d6fdb51201e344

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\MPC-HC\mpc-hc64.exe

ID hlášení: e4ed5a1c-fafb-4a3d-99a5-96306c918b1f

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (02/08/2021 01:55:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program mpc-hc64.exe verze 1.9.8.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 16a4

Čas spuštění: 01d6fdb4f73b6b39

Čas ukončení: 19825

Cesta k aplikaci: C:\Program Files\MPC-HC\mpc-hc64.exe

ID hlášení: 5b355051-d5e7-4c05-8443-39590ac3dddb

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (02/08/2021 01:46:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program mpc-hc64.exe verze 1.9.8.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 13e8

Čas spuštění: 01d6fdb3c8c72e8d

Čas ukončení: 10

Cesta k aplikaci: C:\Program Files\MPC-HC\mpc-hc64.exe

ID hlášení: a08015e8-c9d0-44a6-8d5f-40483c58be05

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown


System errors:
=============
Error: (02/08/2021 01:06:52 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-DSG-011)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/08/2021 02:13:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (2:09:34, ‎08.‎02.‎2021) bylo neočekávané.

Error: (02/08/2021 02:04:14 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-DSG-011)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/08/2021 12:01:27 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-DSG-011)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/07/2021 10:02:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (21:28:59, ‎07.‎02.‎2021) bylo neočekávané.

Error: (02/07/2021 10:02:35 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684Při zpracování obnovovacích dat došlo k závažné chybě.

Error: (02/07/2021 09:56:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Uživatelská služba schránky_a9193 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 3000 milisekund: Restartovat službu.

Error: (02/07/2021 09:56:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Uživatelská služba schránky_19150f66 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 3000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2020-12-11 12:45:02.4570000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {4FAED621-DA69-4DD4-ABB3-AA76CCF0CE30}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-10 12:43:53.7440000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C863C360-3763-48DC-8EF4-5CB459C2D58F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-10 03:23:34.2990000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {38809093-919F-42C8-9415-771ADD7FCCCF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-11-12 00:06:09.3210000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {123D02E9-E142-4CAA-B76B-AD137DC57A93}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-11-07 16:39:29.9330000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C25
ID: 2147755994
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\Crack\Backupper_Registrator.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze bezpečnostních informací: AV: 1.327.467.0, AS: 1.327.467.0, NIS: 1.327.467.0
Verze modulu: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-07 16:39:22.2360000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

CodeIntegrity:
===================================

Date: 2021-02-08 13:12:22.4610000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-08 13:12:22.4590000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-08 13:12:22.4570000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-08 13:12:22.4530000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-08 13:12:22.4510000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-08 13:12:22.4490000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-08 13:12:22.3700000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-08 13:12:22.3680000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 7704 12/16/2019
Motherboard: ASUSTeK COMPUTER INC. ROG CROSSHAIR VI EXTREME
Processor: AMD Ryzen 7 3700X 8-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 32696.41 MB
Available physical RAM: 26715.44 MB
Total Virtual: 37560.41 MB
Available Virtual: 29133.29 MB

==================== Drives ================================

Drive c: (Win) (Fixed) (Total:209.53 GB) (Free:91.35 GB) NTFS
Drive d: (Games) (Fixed) (Total:683.59 GB) (Free:413.08 GB) NTFS
Drive e: (2000) (Fixed) (Total:1863.01 GB) (Free:1612.26 GB) NTFS

\\?\Volume{6bde2e4b-1643-46b2-9278-e8798eff0efd}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{a40e1f46-9bbd-43b3-9ffb-1235934f9ecf}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivka

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: Preventivka

#3 Příspěvek od pepe3dx »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-08-2021
# Duration: 00:00:12
# OS: Windows 10 Pro
# Scanned: 31956
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivka

#4 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {33ccff58-5d1c-11eb-aec8-107b44947968} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {f7816062-34c4-11eb-aeb1-107b44947968} - "F:\HiSuiteDownLoader.exe"
Task: {218EAC62-806E-4827-A0B7-8B3D38C5D0BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
Task: {22D50E4D-175E-4CD9-B05D-415AD2152F4A} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {7279CB9D-D99E-4EBE-BD30-06A3C6C9B827} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E20BE200-AAA0-450D-B03A-AACCD47E9CCB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
CHR Notifications: Default -> hxxps://cs.phhsnews.com; hxxps://cs.soringpcrepair.com; hxxps://moje.axa.cz; hxxps://optima-inv.ru; hxxps://www.chip.cz; hxxps://www.facebook.com; hxxps://www.g2a.com; hxxps://www.pcgamer.com; hxxps://www.reddit.com; hxxps://www.whathifi.com; hxxps://www.youtube.com
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\...\.scr: XnView.File.scr => "C:\Program Files (x86)\TC UP\MEDIA\Programs\XnView\xnview.exe" "%1" <==== ATTENTION
FirewallRules: [{0D98D4C2-6407-4630-AF60-77215BB26DE7}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4CFF6057-AD3E-4E11-BE29-7ADA80F5F66F}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4D81941D-0575-40F1-9341-F5CC14AA44F6}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{F0D0A6DC-932E-4E2E-9847-AD21504860AC}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{DA7EF653-83BE-4822-84CB-CCCD67EDBFA2}] => (Allow) LPort=26820
FirewallRules: [{149C38B6-FBBF-42FB-8924-63F787F06698}] => (Allow) LPort=26822

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: Preventivka

#5 Příspěvek od pepe3dx »

CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {33ccff58-5d1c-11eb-aec8-107b44947968} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {f7816062-34c4-11eb-aeb1-107b44947968} - "F:\HiSuiteDownLoader.exe"
Task: {218EAC62-806E-4827-A0B7-8B3D38C5D0BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
Task: {22D50E4D-175E-4CD9-B05D-415AD2152F4A} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {7279CB9D-D99E-4EBE-BD30-06A3C6C9B827} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E20BE200-AAA0-450D-B03A-AACCD47E9CCB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
CHR Notifications: Default -> hxxps://cs.phhsnews.com; hxxps://cs.soringpcrepair.com; hxxps://moje.axa.cz; hxxps://optima-inv.ru; hxxps://www.chip.cz; hxxps://www.facebook.com; hxxps://www.g2a.com; hxxps://www.pcgamer.com; hxxps://www.reddit.com; hxxps://www.whathifi.com; hxxps://www.youtube.com
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\...\.scr: XnView.File.scr => "C:\Program Files (x86)\TC UP\MEDIA\Programs\XnView\xnview.exe" "%1" <==== ATTENTION
FirewallRules: [{0D98D4C2-6407-4630-AF60-77215BB26DE7}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4CFF6057-AD3E-4E11-BE29-7ADA80F5F66F}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4D81941D-0575-40F1-9341-F5CC14AA44F6}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{F0D0A6DC-932E-4E2E-9847-AD21504860AC}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{DA7EF653-83BE-4822-84CB-CCCD67EDBFA2}] => (Allow) LPort=26820
FirewallRules: [{149C38B6-FBBF-42FB-8924-63F787F06698}] => (Allow) LPort=26822

EmptyTemp:

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivka

#6 Příspěvek od Diallix »

Fix Log nie je cely.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: Preventivka

#7 Příspěvek od pepe3dx »

sry. asi jsem nevložil celý txt.

Tady je nový log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by Pepe3dx (09-02-2021 12:19:40) Run:2
Running from C:\Users\pepe3\Desktop
Loaded Profiles: Pepe3dx & Administrator
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {33ccff58-5d1c-11eb-aec8-107b44947968} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\MountPoints2: {f7816062-34c4-11eb-aeb1-107b44947968} - "F:\HiSuiteDownLoader.exe"
Task: {218EAC62-806E-4827-A0B7-8B3D38C5D0BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
Task: {22D50E4D-175E-4CD9-B05D-415AD2152F4A} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {7279CB9D-D99E-4EBE-BD30-06A3C6C9B827} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E20BE200-AAA0-450D-B03A-AACCD47E9CCB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-19] (Google LLC -> Google LLC)
CHR Notifications: Default -> hxxps://cs.phhsnews.com; hxxps://cs.soringpcrepair.com; hxxps://moje.axa.cz; hxxps://optima-inv.ru; hxxps://www.chip.cz; hxxps://www.facebook.com; hxxps://www.g2a.com; hxxps://www.pcgamer.com; hxxps://www.reddit.com; hxxps://www.whathifi.com; hxxps://www.youtube.com
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\...\.scr: XnView.File.scr => "C:\Program Files (x86)\TC UP\MEDIA\Programs\XnView\xnview.exe" "%1" <==== ATTENTION
FirewallRules: [{0D98D4C2-6407-4630-AF60-77215BB26DE7}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4CFF6057-AD3E-4E11-BE29-7ADA80F5F66F}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{4D81941D-0575-40F1-9341-F5CC14AA44F6}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{F0D0A6DC-932E-4E2E-9847-AD21504860AC}] => (Allow) F:\Emu\123456\eMule\emule.exe => No File
FirewallRules: [{DA7EF653-83BE-4822-84CB-CCCD67EDBFA2}] => (Allow) LPort=26820
FirewallRules: [{149C38B6-FBBF-42FB-8924-63F787F06698}] => (Allow) LPort=26822

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ccff58-5d1c-11eb-aec8-107b44947968} => not found
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7816062-34c4-11eb-aeb1-107b44947968} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{218EAC62-806E-4827-A0B7-8B3D38C5D0BB}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22D50E4D-175E-4CD9-B05D-415AD2152F4A}" => not found
"C:\Windows\System32\Tasks\BraveSoftwareUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7279CB9D-D99E-4EBE-BD30-06A3C6C9B827}" => not found
"C:\Windows\System32\Tasks\BraveSoftwareUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20BE200-AAA0-450D-B03A-AACCD47E9CCB}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"Chrome Notifications:" => not found
semav6msr64 => service not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => not found
HKLM\Software\Classes\.scr\\"Default"="scrfile" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D98D4C2-6407-4630-AF60-77215BB26DE7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CFF6057-AD3E-4E11-BE29-7ADA80F5F66F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D81941D-0575-40F1-9341-F5CC14AA44F6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0D0A6DC-932E-4E2E-9847-AD21504860AC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA7EF653-83BE-4822-84CB-CCCD67EDBFA2}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{149C38B6-FBBF-42FB-8924-63F787F06698}" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8937472 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8478085 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1766 B
Edge => 0 B
Chrome => 123988732 B
Brave => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4608 B
NetworkService => 4608 B
pepe3 => 56601762 B
Administrator => 56601762 B

RecycleBin => 0 B
EmptyTemp: => 242.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:20:01 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivka

#8 Příspěvek od Diallix »

Poprosim o nove logy FRST + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: Preventivka

#9 Příspěvek od pepe3dx »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021 01
Ran by Pepe3dx (administrator) on DESKTOP-DSG-011 (09-02-2021 14:47:25)
Running from C:\Users\pepe3\Desktop
Loaded Profiles: Pepe3dx
Platform: Windows 10 Pro Version 20H2 19042.789 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe
(ASUSTeK COMPUTER INC.) [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <37>
(Kingston Technology Company, Inc. -> HyperX NGenuity Software) C:\Program Files (x86)\HyperX\NGenuity\Device\Cloud Flight\NGenuity.exe
(Kingston Technology Company, Inc. -> HyperX NGenuity Software) C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-07-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-30] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [NGenuity] => C:\Program Files (x86)\HyperX\NGenuity\NGenuity.exe [1834040 2019-03-29] (Kingston Technology Company, Inc. -> HyperX NGenuity Software)
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32873544 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\88.1.19.92\Installer\chrmstp.exe [2021-02-05] (Brave Software, Inc. -> Brave Software, Inc.)
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C7BD329-D086-4081-8FE0-1F7A7F948073} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {19E733EB-574F-46C2-86F6-D317CE57DF0B} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {26A77E22-B2FB-47A9-B937-4AA3D59C6DE9} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3454A907-AD8E-40F6-8C6E-4506D5B60236} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {349A1E37-AE24-47A3-99AF-5163E38C87F0} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [1071760 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {48BDE236-2955-4FB5-A681-4F1A3087697B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4C06CC73-30B5-4A8A-B246-E60E0651BF0C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4CA59060-A069-410B-BA90-1ADF850D8606} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6BA5DE85-5730-4515-9754-D797454E7C9A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1111073687-3998721342-1139661879-500 => C:\Users\pepe3\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6F3BBEEB-AF88-479D-98EA-C0933FE0C832} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {8D458EF7-7C50-4B82-A9EE-4838F2D06565} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {A2DBFF96-4140-4D6E-BFA9-E834FE0D8AE2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B5929272-4F42-4C61-B42C-DDA59CEA73A4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {D9633B7B-DF8B-4941-AB33-54BAA966407D} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {DB6B7EAE-842E-4D8F-9FBC-9EE5F4E57C0C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DBE5A1EC-A30D-42C3-9233-B5334357173A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EEDEA81F-2784-4ABE-9926-DCB0B3ECD6A8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0ED2E49-0BDC-49DF-9A02-EE9BE5D15890} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FF36E08C-E7AF-4F09-AD90-7FECE557EEF8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1401bb62-6e97-4440-92e8-0b3d59938531}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\pepe3\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-08]

FireFox:
========
FF DefaultProfile: iwqmc46c.default
FF ProfilePath: C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\iwqmc46c.default [2021-02-08]
FF ProfilePath: C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release [2021-02-09]
FF Extension: (Dark Reader) - C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release\Extensions\addon@darkreader.org.xpi [2020-12-03]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-02-09]

Chrome:
=======
CHR Profile: C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default [2021-02-09]
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "chrome://history/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-19]
CHR Extension: (Dokumenty) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-19]
CHR Extension: (Disk Google) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-19]
CHR Extension: (YouTube) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-19]
CHR Extension: (WebRTC Leak Shield) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2020-10-19]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Dark Reader) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2021-02-06]
CHR Extension: (Tabulky) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-26]

Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-08]
BRA Extension: (Překladač Google) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-11-12]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-02-08]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-10-26]
BRA Extension: (Brave NTP sponsored images) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2021-02-08]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2020-10-19]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-10-19]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2021-02-08]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-02-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe [440368 2019-06-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe [898216 2020-10-12] (AOMEI International Network Limited -> AOMEI International Network Limited)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-10-20] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-30] (ESET, spol. s r.o. -> ESET)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [2109376 2019-07-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.)
R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [34976 2018-12-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-06-21] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2021-02-09] (CPUID S.A.R.L.U. -> CPUID)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-17] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-17] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15288 2020-10-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-10-17] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [43720 2020-10-17] (ESET, spol. s r.o. -> ESET)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [19968 2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70048 2020-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107784 2020-10-17] (ESET, spol. s r.o. -> ESET)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 LGBusEnum; C:\Windows\system32\drivers\LGBusEnum.sys [37408 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R3 LGVirHid; C:\Windows\system32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-09 14:47 - 2021-02-09 14:47 - 000025246 _____ C:\Users\pepe3\Desktop\FRST.txt
2021-02-08 22:42 - 2021-02-08 22:42 - 000003015 _____ C:\Users\pepe3\Desktop\.txt
2021-02-08 22:36 - 2021-02-08 22:49 - 000000000 ____D C:\Users\pepe3\Downloads\FRST-OlderVersion
2021-02-08 16:06 - 2021-02-08 16:07 - 000000000 ____D C:\AdwCleaner
2021-02-08 16:06 - 2021-02-08 16:06 - 008457584 _____ (Malwarebytes) C:\Users\pepe3\Downloads\adwcleaner_8.0.9.1.exe
2021-02-08 13:44 - 2021-02-08 13:44 - 000000318 _____ C:\Users\pepe3\Documents\registry.txt
2021-02-08 13:40 - 2021-02-08 13:40 - 000045164 _____ C:\Users\pepe3\Downloads\Addition.txt
2021-02-08 13:39 - 2021-02-08 13:40 - 000045914 _____ C:\Users\pepe3\Downloads\FRST.txt
2021-02-08 13:38 - 2021-02-09 14:47 - 000000000 ____D C:\FRST
2021-02-08 13:37 - 2021-02-08 22:36 - 002297344 _____ (Farbar) C:\Users\pepe3\Desktop\FRST64.exe
2021-02-08 01:42 - 2021-02-08 01:47 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\MPC-HC
2021-02-08 01:41 - 2021-02-08 01:41 - 000000000 ____D C:\Program Files\MPC-HC
2021-02-08 01:30 - 2021-02-08 01:30 - 000000000 ____D C:\Users\pepe3\AppData\Local\CCleaner Browser
2021-02-08 00:51 - 2021-02-08 00:51 - 000000193 _____ C:\Windows\WORDPAD.INI
2021-02-08 00:32 - 2021-02-08 00:32 - 000006268 _____ C:\Users\Administrator\Downloads\nodes.dat
2021-02-08 00:10 - 2021-02-08 00:10 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (4).zip
2021-02-07 23:11 - 2021-02-08 00:04 - 000001031 _____ C:\Users\Administrator\Desktop\eMule.lnk
2021-02-07 22:53 - 2021-02-07 22:53 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (3).zip
2021-02-07 22:18 - 2021-02-07 22:18 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (2).zip
2021-02-07 22:08 - 2021-02-07 22:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-07 22:08 - 2021-02-07 22:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-07 22:08 - 2021-02-07 22:08 - 001314112 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-02-07 22:08 - 2021-02-07 22:08 - 000231232 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-07 22:08 - 2021-02-07 22:08 - 000010908 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-02-07 22:02 - 2021-02-08 00:01 - 000000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2021-02-07 22:02 - 2021-02-07 22:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn
2021-02-07 21:55 - 2021-02-07 21:55 - 003594098 _____ C:\Users\Administrator\Downloads\ipfilter (1).zip
2021-02-07 21:53 - 2021-02-07 21:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HyperX
2021-02-07 00:02 - 2021-02-07 00:03 - 000000000 ____D C:\Users\pepe3\Desktop\SKODA
2021-01-27 20:12 - 2021-01-27 20:12 - 000048426 _____ C:\Users\pepe3\Downloads\repository.hacky.zip
2021-01-27 20:00 - 2021-01-27 20:00 - 000001692 _____ C:\Users\pepe3\Desktop\Kodi.lnk
2021-01-26 23:06 - 2021-02-05 21:48 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\Kodi
2021-01-26 23:06 - 2021-01-26 23:06 - 000000000 ____D C:\Program Files\Kodi
2021-01-26 23:05 - 2021-01-26 23:05 - 063102319 _____ (XBMC Foundation) C:\Users\pepe3\Downloads\kodi-18.9-Leia-x64.exe
2021-01-26 23:03 - 2021-01-26 23:03 - 000045469 _____ C:\Users\pepe3\Downloads\repository.kodi-czsk-1.0.2.zip
2021-01-26 18:40 - 2021-01-23 09:15 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-26 18:40 - 2021-01-23 09:15 - 001435864 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-01-26 18:40 - 2021-01-23 09:14 - 001855192 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-26 18:40 - 2021-01-23 09:14 - 001855192 _____ C:\Windows\system32\vulkaninfo.exe
2021-01-26 18:40 - 2021-01-23 09:14 - 001453728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 001193120 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 001094880 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 001094880 _____ C:\Windows\system32\vulkan-1.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-26 18:40 - 2021-01-23 09:14 - 000948952 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 001512096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 001164960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000689312 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-01-26 18:40 - 2021-01-23 09:12 - 000680096 _____ C:\Windows\system32\nvofapi64.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000672928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000613536 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000558240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-01-26 18:40 - 2021-01-23 09:12 - 000547488 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 008262304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 007392928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 004611744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 002731168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 002103456 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 001589408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 000813216 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 000657056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-01-26 18:40 - 2021-01-23 09:11 - 000446624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-01-26 18:40 - 2021-01-23 09:10 - 000850080 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-01-26 18:40 - 2021-01-22 23:59 - 000084264 _____ C:\Windows\system32\nvinfo.pb
2021-01-22 01:11 - 2021-01-22 02:31 - 1468006400 _____ C:\Users\pepe3\Downloads\Česká soda (1993) - 1.-6.díl DVD.part1.rar
2021-01-17 14:34 - 2021-01-17 14:34 - 000000000 ____D C:\Users\pepe3\AppData\Local\Apple Computer
2021-01-17 14:33 - 2021-01-17 14:33 - 000000000 ____D C:\Users\pepe3\Documents\Call Of Duty Black Ops Cold War
2021-01-17 14:33 - 2021-01-17 14:33 - 000000000 ____D C:\Users\pepe3\AppData\Local\Activision
2021-01-12 20:23 - 2021-01-12 20:23 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-12 20:23 - 2021-01-12 20:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-12 20:23 - 2021-01-12 20:23 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2021-01-12 20:23 - 2021-01-12 20:23 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-12 20:22 - 2021-01-12 20:22 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-12 20:22 - 2021-01-12 20:22 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-12 20:22 - 2021-01-12 20:22 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-12 20:22 - 2021-01-12 20:22 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-12 20:22 - 2021-01-12 20:22 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-12 20:22 - 2021-01-12 20:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-12 20:22 - 2021-01-12 20:22 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-12 20:22 - 2021-01-12 20:22 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-12 20:22 - 2021-01-12 20:22 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-10 18:54 - 2021-01-10 18:54 - 000000219 _____ C:\Users\pepe3\Desktop\Left 4 Dead 2.url
2021-01-10 12:38 - 2021-01-10 12:38 - 000000000 ____D C:\Program Files (x86)\Corsair

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-09 14:46 - 2020-10-19 22:35 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-09 13:30 - 2020-10-25 16:38 - 000000000 ____D C:\Program Files\CCleaner
2021-02-09 12:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-09 12:27 - 2020-10-19 22:39 - 001693568 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-09 12:27 - 2019-12-07 15:43 - 000716874 _____ C:\Windows\system32\perfh005.dat
2021-02-09 12:27 - 2019-12-07 15:43 - 000145052 _____ C:\Windows\system32\perfc005.dat
2021-02-09 12:27 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-02-09 12:20 - 2020-10-25 17:26 - 000000312 _____ C:\Windows\SysWOW64\AbBakConfig.dat
2021-02-09 12:20 - 2020-10-25 17:26 - 000000150 _____ C:\Windows\SysWOW64\winsevr.dat
2021-02-09 12:20 - 2020-10-24 01:58 - 000010094 _____ C:\CosairDram.txt
2021-02-09 12:20 - 2020-10-19 22:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-09 12:20 - 2020-10-19 22:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-09 12:20 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-02-08 01:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-08 01:31 - 2020-10-20 15:20 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\TS3Client
2021-02-08 01:31 - 2020-10-20 05:50 - 000000000 ____D C:\Users\pepe3\AppData\Local\CrashDumps
2021-02-08 01:30 - 2020-10-25 16:38 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-02-08 01:29 - 2020-10-20 02:48 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2021-02-08 01:20 - 2020-10-19 23:00 - 000000000 ____D C:\Users\pepe3
2021-02-08 00:01 - 2020-11-07 04:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\MPC-HC
2021-02-08 00:01 - 2020-10-25 17:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2021-02-08 00:01 - 2020-10-19 23:56 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-07 22:12 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-02-07 22:11 - 2020-10-20 03:03 - 000258176 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-07 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-02-07 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-02-07 22:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-07 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-02-07 22:10 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-02-07 22:09 - 2020-10-25 16:33 - 000003394 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1111073687-3998721342-1139661879-500
2021-02-07 22:09 - 2020-10-25 16:33 - 000002388 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-07 22:09 - 2020-10-25 16:33 - 000000000 ___RD C:\Users\Administrator\OneDrive
2021-02-07 21:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-02-07 21:53 - 2020-10-25 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-02-07 21:39 - 2020-11-13 16:10 - 000000000 ____D C:\Program Files\eMule
2021-02-07 20:43 - 2020-10-20 03:04 - 000000000 ____D C:\Users\pepe3\AppData\Local\ElevatedDiagnostics
2021-02-03 12:39 - 2020-10-19 23:34 - 000000000 ____D C:\Users\pepe3\AppData\LocalLow\Mozilla
2021-02-03 00:13 - 2020-10-20 03:06 - 000000000 ____D C:\Users\pepe3\AppData\Local\Warframe
2021-02-01 19:24 - 2020-10-20 14:49 - 000000000 ____D C:\Users\pepe3\AppData\Local\Battle.net
2021-02-01 17:05 - 2020-10-24 19:35 - 000000000 ____D C:\Users\pepe3\Desktop\ALL
2021-01-31 23:29 - 2020-10-20 14:04 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\discord
2021-01-28 21:16 - 2020-10-19 23:02 - 000000000 ____D C:\Users\pepe3\AppData\Local\Packages
2021-01-27 23:35 - 2020-10-20 05:56 - 000000000 ____D C:\Users\pepe3\AppData\Local\D3DSCache
2021-01-23 09:10 - 2020-10-20 00:01 - 006070848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-01-23 09:10 - 2020-10-19 22:38 - 007116680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-01-20 13:15 - 2020-10-19 23:27 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 13:15 - 2020-10-19 23:27 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-13 18:15 - 2020-10-22 19:05 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\XnView
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-12 22:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-12 22:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-12 22:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-12 22:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-01-12 22:24 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-12 20:22 - 2020-10-19 22:37 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-12 20:18 - 2020-10-19 23:23 - 000000000 ____D C:\Windows\system32\MRT
2021-01-12 20:17 - 2020-10-19 23:23 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-10 18:54 - 2020-10-20 05:27 - 000000000 ____D C:\Users\pepe3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-10 18:42 - 2020-10-20 14:49 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-01-10 12:40 - 2021-01-06 17:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-10 12:40 - 2020-10-19 23:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-10 12:35 - 2020-10-19 23:59 - 000000000 ____D C:\Users\pepe3\AppData\Local\NVIDIA

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by Pepe3dx (09-02-2021 14:48:19)
Running from C:\Users\pepe3\Desktop
Windows 10 Pro Version 20H2 19042.789 (X64) (2020-10-19 21:36:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1111073687-3998721342-1139661879-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1111073687-3998721342-1139661879-503 - Limited - Disabled)
Guest (S-1-5-21-1111073687-3998721342-1139661879-501 - Limited - Enabled)
Pepe3dx (S-1-5-21-1111073687-3998721342-1139661879-1001 - Administrator - Enabled) => C:\Users\pepe3
WDAGUtilityAccount (S-1-5-21-1111073687-3998721342-1139661879-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AIDA64 Extreme v5.99 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.99 - FinalWire Ltd.)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.04.09.131 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{e181ee25-9ce3-41bf-9841-870050e7e92c}) (Version: 2.04.09.131 - Advanced Micro Devices, Inc.) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{e8758547-b06a-4534-a291-d9062d2a6bf6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{b8af8e27-5c72-412c-bab7-dc6430e70f1b}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{e46f527f-1e64-4554-abc1-115f3429c25c}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{7f23d3ea-a821-4293-b7f7-34383bf06437}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{12b6811a-dcdb-43c1-b3e4-80aef31134c5}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{277875e0-972c-4705-b09c-ca5acf5b2f7c}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.38 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{55c3ae30-56f9-48ea-a96d-1fad2739e1a2}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{ae71a627-f426-4c18-afc9-b379b0e88f97}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{a3a1beb0-9f5b-4b4e-8cfa-ef25842faf55}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{d25743f5-a12e-4fa8-a426-6ee9c7b2ef9c}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{3fb92594-5d14-44b6-aa83-5e9823daa7e8}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
Asus NahimicSettingsConfigurator (HKLM\...\{F3555FAC-C3A3-4E76-A26E-D0FB369E7AA1}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus ProfileSwitcherCleanup (HKLM\...\{DFF1D9E9-057F-46F0-A2AD-37BA5003409E}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus Sonic Radar 3 (HKLM-x32\...\{f302c1fc-67c2-40b1-93c7-266d93310a2d}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{44d9a0cd-0414-49c0-8488-dc0849f46bd1}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus SonicMapperConfigurator (HKLM\...\{41AD5E46-CEFE-4775-8FA4-C3A28CC9F0FA}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus SonicRadar3Setup (HKLM\...\{09AE428F-CB54-42C8-8342-D0EC6E4136D0}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{ACA23ED7-018F-47AE-8C9C-2096E1455DA4}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.07.71 - ASUSTeK Computer Inc.)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.30 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{e6f373bb-3881-463c-bd1a-3c948b067041}) (Version: 1.0.30 - ASUS) Hidden
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.03.56 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{fae81274-d8ce-4fcf-a8c8-2c1d949df742}) (Version: 3.03.56 - ASUSTeK Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 88.1.19.92 - Autoři prohlížeče Brave)
Call of Duty Black Ops Cold War (HKLM-x32\...\Call of Duty Black Ops Cold War) (Version: - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{7f2fddab-1f7d-4301-b534-6723e6315fe1}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
CORSAIR iCUE Software (HKLM-x32\...\{10730A22-FBFF-43C4-92EA-1583832711B4}) (Version: 3.37.140 - Corsair)
CPUID ROG CPU-Z 1.90 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.90 - CPUID, Inc.)
Discord (HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
eMule (HKLM-x32\...\eMule) (Version: - )
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.0.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{B380DBDE-BA95-481B-92E9-52F2E5E84F24}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{adbc3d98-57f2-4d68-b155-138f8fb0f73d}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM\...\{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Security (HKLM\...\{3FE4BE73-5C15-4EEE-9547-A89E3FB14F37}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.146 - Google LLC)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HyperX NGenuity Software (HKLM-x32\...\{28211B6A-65EE-4713-8677-E8D41349A122}_is1) (Version: 5.2.8.0 - HyperX)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{83d4c398-3b93-4ab0-95f0-6091b0a2f601}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Kodi (HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Kodi) (Version: - XBMC Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.0 (HKLM-x32\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.2 - Mozilla)
MPC-HC 1.9.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.8 - MPC-HC Team)
MSI MysticLight (HKLM-x32\...\{93874B70-6C5E-446A-AF4D-E5AC776A0386}}_is1) (Version: 3.0.0.70 - MSI)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
Total Commander Ultima Prime 7.9 (HKLM-x32\...\TC UP) (Version: 7.9.0.2020 - TC UP Team)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-02-07] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-30] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-29 21:25 - 2020-12-29 21:25 - 000357376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-12-29 21:05 - 2020-12-29 21:05 - 000760832 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-12-29 21:05 - 2020-12-29 21:05 - 000744960 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-12-29 21:05 - 2020-12-29 21:05 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2020-10-20 00:09 - 2016-07-26 14:10 - 000084992 _____ () [File not signed] C:\Program Files (x86)\HyperX\NGenuity\Device\Cloud Flight\HidDevice.dll
2020-10-20 00:09 - 2016-07-26 14:10 - 000084992 _____ () [File not signed] C:\Program Files (x86)\HyperX\NGenuity\HidDevice.dll
2020-12-05 14:07 - 2017-08-02 14:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\MysticLight\LEDControl.dll
2019-10-30 16:17 - 2019-10-30 16:17 - 000368128 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll
2019-10-30 16:30 - 2019-10-30 16:30 - 000230912 _____ () [File not signed] C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll
2020-10-14 10:17 - 2020-01-13 13:51 - 000210432 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2020-10-14 10:13 - 2019-10-22 02:16 - 000264704 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-11-06 14:09 - 2019-11-06 14:09 - 000190976 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_DRAM_RGB_AURA42\x86\AacHal_x86.dll
2019-06-28 10:51 - 2019-06-28 09:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2020-10-25 17:05 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\vcomp.dll
2020-05-26 17:08 - 2019-05-06 15:07 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2020-11-15 15:51 - 2020-11-15 15:51 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-12-29 21:04 - 2020-12-29 21:04 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2019-06-28 15:23 - 2019-06-28 15:23 - 000428544 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll
2020-12-05 14:07 - 2016-10-03 13:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MysticLight\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1111073687-3998721342-1139661879-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "Delete Cached Standalone Update Binary"
HKU\S-1-5-21-1111073687-3998721342-1139661879-500\...\StartupApproved\Run: => "Delete Cached Update Binary"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FA9B935B-832C-41CE-AE29-88C9CE74A26A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{75F73030-D79B-4CE3-A183-C0976230C027}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{6F25F2D8-9F8C-464C-9AC5-D799C0716D44}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FB78B83E-6569-497E-A017-FF0B2EBF5B15}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{909A6D70-5679-40DC-B589-27278FF92878}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4700CA54-A74E-4B41-8861-E803D19AEBD8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7F35B14F-5458-4098-BAE3-6B39D1D83741}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{D7770828-8DBE-4E0E-988A-6FB572D1F145}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.1.0\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{9CFA5F6E-10B8-4655-A454-4208E1ECD03C}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{BB4E2E31-DD84-4CE2-BCD1-2830302EFD50}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{2E522B2D-CF5A-4A4A-A558-016CDF645257}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{996FEDA5-2E9C-48BE-8A06-49C4EE27519D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B2252AD-75DD-4A05-BAB8-8220281A0F4A}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown (Test Server)\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{EEC0AD33-EA53-468F-89B2-BB0FBE58E96A}] => (Allow) D:\HuntShowddown\steamapps\common\Hunt Showdown (Test Server)\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{747638A1-8CC5-42E7-9C25-A1A93F437127}] => (Allow) D:\HuntShowddown\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{5C262A43-1B51-4B5E-BEC5-80D821E50391}] => (Allow) D:\HuntShowddown\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{EFD53881-C235-4DFA-B552-F18C4E9AEC43}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{92CCDC30-C946-4012-8DC6-FBD960ECBA8A}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{94D9AA3C-D5D0-4CBF-BA74-AC9A4D777122}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{A5895B9F-0B1E-4108-8A57-339E63788FF2}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{A2B118EE-B7A8-40AE-BC1A-58A557D0C9F9}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{8BCEB54B-AACF-4F9A-99D6-D8CBF78E9428}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{D4BA5342-BE42-414C-B7F3-8BAC16CCED62}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{A1266AC2-13E4-4923-B9FF-CB39D2B8EB92}] => (Allow) C:\Users\pepe3\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{7D2CB29B-CF9B-4491-9E74-25C9D1086277}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{D31FB05A-759B-4998-AA5A-93E7C4475DA9}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{C49461B6-78DA-4702-9ECE-1006BCE6806F}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{78BF58CA-9A7B-4ABF-9186-A89A08CB0A2D}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{00BDB805-74AF-4237-AACF-2CCFA184DC58}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{DA6492EA-8FA0-4761-92BD-33599E93D369}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{4E80972B-57E2-4EBF-80C8-13CE872B3EC7}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{D7622520-4698-41F4-ABC9-651897113D96}] => (Allow) D:\HuntShowddown\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{ACF6AB0D-D209-4613-A0FC-5CFA3AC12DD4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AEFBAE7B-A090-46C5-9753-33F19F32AEFC}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D673EECA-D8CB-401B-8F80-C0681492790E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E36DEAB-83E9-48F5-AF14-E7026167D101}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B1A08F2-DC5A-426C-9457-6D23A58BA8E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{85B29B9A-6691-4B59-90B2-30DFCEF8BDBD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{835082D4-9F15-4B63-9D55-C86023F9FFAF}] => (Allow) LPort=26820
FirewallRules: [{9C2E9A8C-869F-4412-B43F-8EC604A5CEBD}] => (Allow) LPort=26822

==================== Restore Points =========================

30-01-2021 13:29:36 Naplánovaný kontrolní bod
07-02-2021 22:05:45 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/09/2021 12:19:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/09/2021 12:19:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {e9d065b1-c92b-499f-985d-491152b80fc8}

Error: (02/08/2021 10:49:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/08/2021 10:49:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {972c63c0-a0db-4609-b5c3-ad06f10b1389}

Error: (02/08/2021 02:03:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 333c

Čas spuštění: 01d6fdb63abececa

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: 26983485-2c36-4d84-bf7f-86ac894c51e4

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (02/08/2021 02:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 27d4

Čas spuštění: 01d6fdb621583d07

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: 70eb1aa9-3be7-446e-a212-49bf5246886a

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (02/08/2021 01:59:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3cf8

Čas spuštění: 01d6fdb5b1a7f99e

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: 8491e1b2-4657-4cfa-b2c3-dbea20e03c64

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (02/08/2021 01:58:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 33c4

Čas spuštění: 01d6fdb57ef00f91

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: db6ce545-108b-4c98-a700-707516e17bc3

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread


System errors:
=============
Error: (02/09/2021 12:20:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DSG-011)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/09/2021 12:19:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/09/2021 12:19:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LightingService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/09/2021 12:19:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Realtek Bluetooth Device Manager Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/09/2021 12:19:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Logitech Gaming Registry Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/09/2021 12:19:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (02/09/2021 12:19:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ASUS Com Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/09/2021 12:19:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MysticLight2_Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2020-12-11 12:45:02.4570000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {4FAED621-DA69-4DD4-ABB3-AA76CCF0CE30}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-10 12:43:53.7440000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C863C360-3763-48DC-8EF4-5CB459C2D58F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-10 03:23:34.2990000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {38809093-919F-42C8-9415-771ADD7FCCCF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-11-12 00:06:09.3210000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {123D02E9-E142-4CAA-B76B-AD137DC57A93}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-11-07 16:39:29.9330000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C25
ID: 2147755994
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Administrator\Desktop\Crack\Backupper_Registrator.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\ESET\ESET Security\ekrn.exe
Verze bezpečnostních informací: AV: 1.327.467.0, AS: 1.327.467.0, NIS: 1.327.467.0
Verze modulu: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-07 16:39:22.2360000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

CodeIntegrity:
===================================

Date: 2021-02-09 12:33:47.9080000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-09 12:33:47.9060000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-09 12:33:47.9020000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-09 12:22:59.3450000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-09 12:22:59.3410000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-09 12:22:59.2460000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-09 12:22:59.2420000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-09 12:21:23.2380000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 7704 12/16/2019
Motherboard: ASUSTeK COMPUTER INC. ROG CROSSHAIR VI EXTREME
Processor: AMD Ryzen 7 3700X 8-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 32696.41 MB
Available physical RAM: 25922.85 MB
Total Virtual: 37560.41 MB
Available Virtual: 28166.11 MB

==================== Drives ================================

Drive c: (Win) (Fixed) (Total:209.53 GB) (Free:95.05 GB) NTFS
Drive d: (Games) (Fixed) (Total:683.59 GB) (Free:413.08 GB) NTFS
Drive e: (2000) (Fixed) (Total:1863.01 GB) (Free:1612.26 GB) NTFS

\\?\Volume{6bde2e4b-1643-46b2-9278-e8798eff0efd}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{a40e1f46-9bbd-43b3-9ffb-1235934f9ecf}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivka

#10 Příspěvek od Diallix »

Este posledne docistenie:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

FirewallRules: [{835082D4-9F15-4B63-9D55-C86023F9FFAF}] => (Allow) LPort=26820
FirewallRules: [{9C2E9A8C-869F-4412-B43F-8EC604A5CEBD}] => (Allow) LPort=26822
GroupPolicy\User: Restriction ? <==== ATTENTION

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.



Referujte ako je na tom pocitac.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: Preventivka

#11 Příspěvek od pepe3dx »

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by Pepe3dx (09-02-2021 15:06:34) Run:3
Running from C:\Users\pepe3\Desktop
Loaded Profiles: Pepe3dx
Boot Mode: Normal
==============================================

fixlist content:
*****************
FirewallRules: [{835082D4-9F15-4B63-9D55-C86023F9FFAF}] => (Allow) LPort=26820
FirewallRules: [{9C2E9A8C-869F-4412-B43F-8EC604A5CEBD}] => (Allow) LPort=26822
GroupPolicy\User: Restriction ? <==== ATTENTION
*****************

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{835082D4-9F15-4B63-9D55-C86023F9FFAF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C2E9A8C-869F-4412-B43F-8EC604A5CEBD}" => removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully


The system needed a reboot.

==== End of Fixlog 15:06:34 ====


Vypadá to, že je vše ok. Jen mám stále problém s přihlášením na Twitter v chromu. Po zadaní acc se okno restartuje a znovu se začne načítat a takhle stále dokola. To ale může být problém v prohlížeči. Ještě zkusím jiný browser.
Každopádně díky za Váš čas a za pomoc.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivka

#12 Příspěvek od Diallix »

Skusime precistit prehliadace:

Spusťte postupně tyto utility:

1. Stahnete Zoek.exe www.diallix.net/other/zoek.rar a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: Preventivka

#13 Příspěvek od pepe3dx »

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Pepe3dx on 09.02.2021 at 15:25:28,57.
Microsoft Windows 10 Pro 10.0.19042 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\pepe3\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

09.02.2021 15:27:02 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\Administrator\AppData\Local\CrashDumps deleted successfully
C:\Users\Administrator\AppData\Local\GHISLER deleted successfully
C:\Users\Administrator\AppData\Local\PeerDistRepub deleted successfully
C:\Users\pepe3\AppData\Local\CrashDumps deleted successfully
C:\Users\pepe3\AppData\Local\PeerDistRepub deleted successfully
C:\Users\pepe3\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release\prefs.js:

Added to C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\pepe3\AppData\Roaming\discord deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Administrator\AppData\Local\cache deleted
C:\Users\pepe3\AppData\Local\cache deleted
C:\Users\pepe3\AppData\Local\CrashRpt deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM240C8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM25105.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM256B9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM256F9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2DBC4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tpm-27a4-2f00-2a09bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tpm-400c-4008-1fd3de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tpm-654-1f4c-184569.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de8ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de900.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de902.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de904.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de906.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de917.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de919.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de91b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de91d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de91f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de931.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de933.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de935.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de937.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de949.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de94b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de94d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de94f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-106c-18d4-12de960.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b83ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b8401.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b8403.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b8405.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b8407.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b8419.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b841b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b841d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b841f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b8431.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-109c-225c-1b8433.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154b97.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154b99.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154b9b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bb2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bb4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bc6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bc8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bcc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bde.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154be0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154be2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154be4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154be6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bf7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1334-17e8-154bf9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-9567e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-95690.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-95692.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956a7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a4-20d8-956f0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740b4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740b6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740d2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740e5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740eb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-2740ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-274101.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-274103.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14bc-3110-274115.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c486.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c488.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c48a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c48c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c48e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-14e4-14e8-c4d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340a83.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340a85.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340a87.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340a98.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340a9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340a9c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340a9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340aa0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ab2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ab4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ab6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ab8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340aca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340acc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ace.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ad0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ae1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ae3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-157c-3ad4-1340ae5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee47.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee4b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee4d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee61.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee65.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee67.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee69.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee7a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee7c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee92.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee94.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee96.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-165c-39bc-486ee98.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4f90.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4f92.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4fa3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4fa5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4fa7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4fa9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4fab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4fbd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f4fbf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f509c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50af.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50b3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50b5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-17f4-1eb8-18f50cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584f4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584f6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-8584fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-85850e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-858510.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-858512.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-858514.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-858516.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-858518.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1820-2f50-858529.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4ba9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bbb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bbd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bbf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bd2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bd4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bd6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bd8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bf0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bf2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4bf4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4c05.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4c07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4c09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1938-2a20-6a4c0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda29.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda2b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda2f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda31.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda43.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda45.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda47.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda5b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda5d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda5f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda61.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda72.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda74.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda76.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda78.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda7a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b34-241c-8fda8c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8135.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8137.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8149.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a814b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a814d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a814f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8151.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8162.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8164.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8166.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8168.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a816a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a817c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a817e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8180.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8182.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8184.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8196.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e10-1c3c-1a8198.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105ddf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105de1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105de3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105df4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105df6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105df8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105dfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105dfc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105dfe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e14.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e16.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e28.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e2a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e2c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e30.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-3230-105e41.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fbe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fc0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fc2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fc4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fd6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fd8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fdc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fde.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027fef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027ff1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027ff3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4027ff5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4028007.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4028009.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-402800b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-402800d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-402801f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f60-1c58-4028021.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e13f2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e13f4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e13f6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e13f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e140a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e140c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e140e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1410.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1412.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1424.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1426.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1428.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e142a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e142c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e143d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e143f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1441.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1443.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f94-2ca8-9e1455.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bb63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bb65.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bb67.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bb69.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bb7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bb7d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bb9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbb2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbb4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbb6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbc7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbc9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbcb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbcd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bbcf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bc00.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bc02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fc4-3500-381bc33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107213.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107224.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107236.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107238.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-10723a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-10723c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-10724e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107250.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107252.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107254.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107256.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107267.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107269.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-10726b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-10726d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-10726f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107281.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107283.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20b4-594-107285.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc093.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc095.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc097.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0af.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0f4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-213c-31fc-42cc0f6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80b4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80b6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80cf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80eb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80ed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e80ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e8101.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2154-1140-6e8103.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247be.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247d2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247eb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247ed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-5247ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-524801.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-524803.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-524805.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-524807.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21d4-2fd0-524809.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-102848.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-10284a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-10284c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-10284e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-102850.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-102862.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-102864.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-102866.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-102868.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-102879.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-10288b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-10289d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-1028ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-1028b0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-1028b2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-1028c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-1028c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-1028c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2314-2c48-1028ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178d78.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178d8a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178d8c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178d8e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178d90.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178d92.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178da4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178da6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178da8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178daa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dbd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dbf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dc3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dc5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178dd9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2368-25c4-178ddb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148902.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148914.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148916.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148918.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-14891a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-14891c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-14892e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148930.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148932.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148934.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148936.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148947.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148949.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-14894b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-14894d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-14895f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148961.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148963.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2454-246c-148965.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899311.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899323.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899325.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899327.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899338.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-289933a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-289933c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-289933e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899350.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899352.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899354.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899366.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899368.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-289936a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-289936c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-289937d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-289937f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899381.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-24cc-2f3c-2899393.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f01.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f05.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f1b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f1f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f23.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f37.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f39.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f3b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f4c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f4e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f50.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f52.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2684-2e88-2e7f64.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a08ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a090e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0910.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0912.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0914.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0935.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0937.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0939.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a094b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a095c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a095e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0960.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0962.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0964.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a0985.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a09a7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a09b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a09ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27a4-2f00-2a09bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-1046fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-1046fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-1046ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104711.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104713.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104715.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104717.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104719.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-10472b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-10472d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-10472f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104731.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104742.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104744.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104746.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-104748.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-10474a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-10475c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27e8-3a4-10475e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-44498f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449df.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449f1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449f3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-4449f5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-444a06.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-444a08.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-444a0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-444a1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-444a1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2948-2494-444a20.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a996e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a9970.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a9972.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a9974.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a9976.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a9988.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a998a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a998c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a998e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a999f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99a7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-29d4-2680-a99c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b6c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b82.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b84.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b86.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b88.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b99.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b9b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b9d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549b9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549ba1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549bb3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549bb5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549bb7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549bb9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549bbb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ba0-1d30-549bcc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcd9f1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcd9f3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcd9f5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda0f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda20.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda22.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda24.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda26.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda38.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda3a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda3c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda3e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda50.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda52.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2c0c-3458-3fcda54.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b0959.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b096b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b096d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b097f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b0981.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b0983.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b0985.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b0996.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b0998.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b099a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09b0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2dc-7a4-5b09db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ebe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ec0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ec2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ec4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ed6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ed8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2eda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2edc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ede.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ef0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ef2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ef4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ef6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2ef8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2f09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2f0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2f0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2f0f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e6c-1744-2e2f21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cb59.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cb5b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cb6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cb6f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cb71.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cb92.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cba4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cba6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cba8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cbc9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cbda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cbdc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cbde.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cbe0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cc02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cc13.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cc15.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60ccf2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f40-3748-60cd33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9adf5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9adf7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9adf9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9adfb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae0c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae0e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae14.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae26.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae28.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae2a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae2c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3238-3044-9ae57.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c34.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c36.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c38.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c4a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c4c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c4e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c5f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c61.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c75.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c8d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c8f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909c91.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909ca2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909ca4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3300-3304-1909ca6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40f2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40f4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40f6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b40fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b410b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b410d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b410f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b4111.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-332c-3b4123.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d611.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d622.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d624.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d626.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d628.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d63a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d63c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d63e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d640.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d642.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d653.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d655.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d657.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d659.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d65b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d66d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d66f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d671.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3970-3aa4-113d673.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5df.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5e1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5e5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5f6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba5fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba610.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba612.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba614.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba616.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba628.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba62a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba62c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba62e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ae8-2bb4-ba630.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e565d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e565f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5661.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5663.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5675.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5677.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5679.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e567b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e567d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e568e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5690.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5692.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5694.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e5696.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e56a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e56aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e56ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e56ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b78-166c-3e56c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f515e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f5170.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f5172.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f5174.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f5176.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f5178.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f5189.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f518b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f518d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f518f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f5191.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51a7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b84-1ddc-15f51c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165527.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165529.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-16552b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-16552d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-16552f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165541.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165543.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165545.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165547.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165558.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-16555a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-16555c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-16555e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165560.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165572.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165574.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165576.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-165578.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ddc-38d8-16557a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b45f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b461.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b472.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b474.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b476.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b478.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b47a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b48c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b48e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b490.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b492.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f2c-6bc-72b4c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd153.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd164.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd166.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd168.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd17a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd247.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd249.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd25b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd25d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd25f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd270.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd272.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd284.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd286.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd288.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd29a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd29c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2af.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd2f0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd302.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd313.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd315.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd327.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd329.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd33b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd33d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd34e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd350.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd362.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd373.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd375.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd387.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd3a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd3d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd3db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-400c-4008-1fd3dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3020.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3032.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3034.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3036.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3038.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3049.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b306b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b307c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b307e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3080.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3092.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3094.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3096.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b3098.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b30aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b30ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b30ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b30bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-42cc-cac-b30c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-18406d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-18407e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-184080.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-184082.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-184084.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-184086.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-184098.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-18409a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-18409c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-18409e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5b4-1288-1840df.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1842ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184311.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184313.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184315.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184317.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184319.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18432a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844d2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844f0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-1844f2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184504.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184506.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184508.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18450a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18450c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18451d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18451f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184521.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184533.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184535.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184537.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184539.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18453b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18453d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-18454e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184550.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184552.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184554.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184556.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-654-1f4c-184568.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce50a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce51c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce51e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce520.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce532.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce534.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce545.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce547.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce549.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce54b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce55d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce55f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce561.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce563.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce565.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce576.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce578.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce57a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6f4-12c-3ce57c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5818.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d582a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d582c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d582e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5830.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5841.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5843.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5845.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5847.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5849.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d585b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d585d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d585f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5861.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5863.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5875.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5877.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d5879.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-748-3cfc-12d587b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2dd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2dd9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2ddb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2ddd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2def.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2df1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2df3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2df5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2df7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e08.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e0c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e0e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e22.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e24.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e26.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e28.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7f8-208c-4b2e39.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98afc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98afe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b00.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b04.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b15.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b17.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b19.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b1b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b2f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b31.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b37.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b4b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b4d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-890-22fc-98b4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d97d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d98f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d991.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d993.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d995.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9be.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9ed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-97c-40d0-c7d9ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f47.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f4b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f5c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f5e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f60.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f62.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f74.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f76.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f78.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f7a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f8d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f8f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555f91.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555fa3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555fa5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555fa7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d0c-250c-555fa9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed6c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed70.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed82.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed84.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed86.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed88.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed8a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed9b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed9d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eed9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eeda1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eeda3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eedb5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eedb7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-e00-1c48-7eedb9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5b3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5b5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5cf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee5fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee600.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee602.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ea4-2008-5ee604.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1b3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1b5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e1e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e215.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e217.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e219.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e22b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e22d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e22f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e250.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e252.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e254.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e266.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e268.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e26a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e27b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e28d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e28f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e291.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e2e1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e351.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e353.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e355.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e366.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e368.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e36a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e36c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e37e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e380.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e382.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e384.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e386.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e398.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e39a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e39c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e39e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e3a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e3b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e3b3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e3b5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-f84-2478-25e3b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982b9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bb2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bb4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bb6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bb8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bc9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bcb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bcd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bcf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bd1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982be3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982be5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982be7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982be9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982beb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bfd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982bff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fdc-a88-982c01.tmp deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops Cold War deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
"C:\DumpStack.log.tmp" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\pepe3\AppData\Roaming\Mozilla\Firefox\Profiles\0qf0mpe2.default-release
- Undetermined - %ProfilePath%\extensions\addon@darkreader.org.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


Chrome Media Router - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
WebRTC Leak Shield - pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl
Dark Reader - pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh
Direct Messages - pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgeocpdicgmkeemopbanhokmhcgcflmi
Chrome Media Router - pepe3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Startpages ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
cale":"en","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/#settings","permissions":["notifications"],"update_url":"https://clients2.google.com/service/upd ... ons":{"api":["alarms","cast","desktopCapture","gcm","identity","identity.email","management","mediaRouterPrivate","metricsPrivate","mdns","networkingPrivate","settingsPrivate","storage","tabs","tabCapture","webview","system.cpu"],"explicit_host":["http://*/*","https://*.google.com/*","https://hangouts.google.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["cast.channel.onError","cast.channel.onMessage","identity.onSignInChanged","runtime.onStartup","runtime.onSuspend","settingsPrivate.onPrefsChanged"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["alarms","cast","desktopCapture","gcm","identity","identity.email","management","mediaRouterPrivate","metricsPrivate","mdns","networkingPrivate","settingsPrivate","storage","tabs","tabCapture","webview","system.cpu"],"explicit_host":["http://*/*","https://*.google.com/*","https://hangouts.google.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13257204901289346","lastpingday":"13248082801545192","location":10,"manifest":{"background":{"persistent":false,"scripts":["common.js","mirroring_common.js","background_script.js"]},"content_security_policy":"default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://apis.google.com https://feedback.googleusercontent.com https://www.google.com https://www.gstatic.com; child-src https://accounts.google.com https://content.googleapis.com https://www.google.com; connect-src 'self' http://*:* https://*:*; font-src https://fonts.gstatic.com; object-src 'self';","current_locale":"cs","default_locale":"en","description":"Provider for discovery and services for mirroring of Chrome Media Router","differential_fingerprint":"1.8fdcd9381791669caafc8142957dc288ab410a05010331f0f0b037322b531f44","externally_connectable":{"ids":["idmofbkcelhplfjnmmdolenpigiiiecc","ggedfkijiiammpnbdadhllnehapomdge","njjegkblellcjnakomndbaloifhcoccg"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNTWJoPZ9bT32yKxuuVa9LSEYobjPoXCLX3dgsZ9djDrWKNikTECjdRe3/AFXb+v8jkmmtYQPnOgSYn06J/QodDlCIG6l470+gkOoobUM7fOs1AVOse23qYUV4jbuRW3+YZlCvaWCFeczCNbGIUgKEi5B2fyQazy60AL1sLW3utQIDAQAB","manifest_version":2,"minimum_chrome_version":"37","name":"Chrome Media Router","oauth2":{"client_id":"919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/calenda ... info.email"]},"permissions":["alarms","cast","declarativeWebRequest","desktopCapture","gcm","http://*/*","identity","identity.email","management","mdns","mediaRouterPrivate","metricsPrivate","networkingPrivate","processes","storage","system.cpu","settingsPrivate","tabCapture","tabs","webview","https://hangouts.google.com/*","https://*.google.com/cast/chromecast/home/gsse"],"update_url":"https://clients2.google.com/service/upd ... _resources":["cast_sender.js"]},"path":"pkedcjkdefgpdelpbcmbmeomcjbeemfm\\8820.1109.0.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"864F832A1A4FF06CCB81FDC84FE3C3BEF04C8A74F6AC5ED19E6EB95BAC733CB5"},"default_search_provider_data":{"template_url_data":"7113BCED741BEB75EA98FFA85891A4BFE2EFB899E298747573E5878C14C18F6D"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"8EFF327621B5CD137D7E1F533EAF88812C419BFA15EAAD13080D13FD55E72D0B","ahfgeienlihckogmohjhadlkjgocpleb":"D3D329CB351BCCB677C0ACD2EF7378D685BE9719D4BD205EF47C60EEEB6E60DA","aohghmighlieiainnegkcijnfilokake":"5F8F5BA510684176188E934D1BE58CBEF9983257C84C4017A91DE9111FC743F0","apdfllckaahabafndbhieahigkjlhalf":"6FC8C6444C1BB302EB20B71BF711358C72D618828F84EA1720A4C0EB9D3A4F6B","blpcfgokakmgnkcojhhkbfbldkacnbeo":"861EB203F1364050FFCC5423F556A5F8B6E66886FA40B64718EC71D90836AE56","felcaaldnbdncclmgdcncolpebgiejap":"4A13A3E28D90B7FF8D2E24C6A11C89800532E2F0ECECAAC55F13F2A5C4DDEFB5","gfdkimpbcpahaombhbimeihdjnejgicl":"875FB964BB94D5B7A54E8EF777FC9DDA5E908ECAAB4C7D65C52867805E9D76B6","ghbmnnjooekpmoecnnnilnnbdlolhkhi":"CD2D2DFBD7B49BEA527D417BE1BCACD3FE176A808EC82B790537C811156C1D09","kmendfapggjehodndflmmgagdbamhnfd":"1EDC42EBD730C741838757D2F38276C2AE6E39C567CF5A9D7DC9EF119698EB98","mfehgcgbbipciphmccgaenjidiccnmng":"689C1228BA3CFC6D72CA89319CF2F037BE180259CEB17EC9F5E6038E8A88D135","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A5EFA174373F2D62094BDC89415C13EB5655F3D5E9238487DEFC985C739D722B","neajdppkdcdipfabeoofebfddakdcjhd":"F47D52BC765B3269CA9E9D70B304A0E2AA800570FB19EDDD2619E1D5236A21EA","nkeimhogjdpnpccoofpliimaahmaaome":"E7C5ACC30B7F7691054C02E9F76954A66F95745710537CF09044231865717D6E","nmmhkkegccagdldgiimedpiccmgmieda":"7F0A33ECEC4A6C8BE936AA2D0EFF518F9FBA8F3210F0B3DDB4F05E3BC259B616","pjkljhegncpnkpknbcohdijeoejaedia":"BA3DB695DCF5BCD4879240CC82310F78FDF90312DDF666A0CD5A89A3D8518863","pkedcjkdefgpdelpbcmbmeomcjbeemfm":"EE2694A1AB83AFE25CEB0CAFF6EAB1ACEA1D55545B6B4B250B1314EDC5EF4EC4"}},"google":{"services":{"account_id":"15ADAE697B6219E1B3E11EFE296A7610D586C3CEEFFBC27857D30F949F61370A","last_account_id":"03BC21A4A6E6C841A9587FCBF72F4E9F22F8A07940DC5D24B20F76DDA9D59FAF","last_username":"5CBF2A79FA6AB6D92F6503A35D0573184070F8C2D563843E6347ADD2883FE2EB"}},"homepage":"79CDC22F3C4440838570A12018809D90AA6FCA4B6F36A157F8D08F24870C9A8C","homepage_is_newtabpage":"295AC4BCC5CB38E9909EDC508A41C4AB73ACF271B800AA8DC19CDD41CAE3F1B6","media":{"storage_id_salt":"917046DACB8B429F8A2A1B5BC020D3AB7E8F7998451BC17A5378C65240504D1C"},"module_blacklist_cache_md5_digest":"937A0D5C87CC72434F3417BF4546E3F6F966F4AFCD698CD2788BBE4216939D34","pinned_tabs":"CAD74EE7490D212A1FFC8A55B6858FBC4D907A6A24D593F693FAF546D58BD384","prefs":{"preference_reset_time":"F329948692251BE73684B530D1C77BBBB2FEF15605571E1A2D895865B2899DCA"},"safebrowsing":{"incidents_sent":"144E0760186A9056CD158F9DDAC62C603192FFB921075945C8666F7AB626327C"},"search_provider_overrides":"E5615D6F555719A374DA9281513337A123F96B868763DFFB34B488F4A5A9D31B","session":{"restore_on_startup":"EC2E7A33D6AB72EB0E638FBE11A8C6250161EDA14911B6D01A3DC9434DA4EC0D","startup_urls":"66052DAF25FE659BE3679B7308F95EA4CC9075117B832CF164E16077095C469A"},"settings_reset_prompt":{"last_triggered_for_default_search":"22B7BD3981FECC51BDB465AC39B092DB0E200CA4C847BB07F5EC209A4E74B0E9","last_triggered_for_homepage":"6054F5D0E7902903651E53B8B60028826F21D035CE59AAB7B0B2C4B9DCC90512","last_triggered_for_startup_urls":"048760721661FCB60347A7059B80F70B12715E92CF7F83A26C45A22C50ECA70C","prompt_wave":"F7DF2FA2565D7929CBBD11A8C0CDD30BA543B748259CC37AC363BE40CAB716D5"},"software_reporter":{"prompt_seed":"3D127A0A615E1FCC1D44594F34A1ED92A9FCE698078356D4D5B21256A7D295AC","prompt_version":"69F7EB55D30975E8DF187F59CA36DB0D62E16CD533173B100382FD2358D84B3F","reporting":"A9E589A2B810CF071908916EB6216633E41D4DEB16B81CBDA1C4FA63AAAFD7D0"}},"super_mac":"45185DCF12936CF405FE02C0E0EEB6255512865896E6AC3A2785CA9F2D8E4BAF"},"session":{"restore_on_startup":1}}

C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Preferences
/auth/calendar.readonly","https://www.googleapis.com/auth/hangout ... info.email"]},"permissions":["alarms","cast","declarativeWebRequest","desktopCapture","gcm","http://*/*","identity","identity.email","management","mdns","mediaRouterPrivate","metricsPrivate","networkingPrivate","processes","storage","system.cpu","settingsPrivate","tabCapture","tabs","webview","https://hangouts.google.com/*","https://*.google.com/cast/chromecast/home/gsse"],"update_url":"https://clients2.google.com/service/upd ... _resources":["cast_sender.js"]},"path":"pkedcjkdefgpdelpbcmbmeomcjbeemfm\\8820.1109.0.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"101866747371801600656","last_account_id":"101866747371801600656","last_username":"josef.oplt1980@gmail.com"}},"homepage":"http://www.google.cz/","homepage_is_new ... artup_urls":["chrome://history/"]}}

C:\Users\pepe3\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
","webrtcLoggingPrivate","system.cpu","enterprise.hardwarePlatform"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13247620102787768","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/*","https://*.microsoft.com/*","https://*.skype.com/*","*://localhost/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google Hangouts","permissions":["desktopCapture","enterprise.hardwarePlatform","processes","system.cpu","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate"],"version":"1.3.15"},"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\86.0.622.48\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"66D81642C62BBDF63C003883C7FBE631DBEA93EB623030F53D8980B7A8853467"},"default_search_provider_data":{"template_url_data":"039D4FF70C123400167EDDD17CB7653E2DAEA4867BF464A484F02B6CF2BE0668"},"edge":{"services":{"account_id":"35991A2789D6BCD8C0A3ABE58745E7199D9C644A0EE75548B3AFE7E54E6FD39D","identity":{"schema":"2D3FFA46CA4368198F4F12D26AEDE38CB16680E48B3B42D78424E31A5BE4E8E1"},"last_account_id":"57683F5402897597D04D908F28E0FF5C3F916F52644CE46BA1DD55E855AEFEE5","last_username":"B7E1786F087F0D704A88C1407E695AFFF2ED294EF7ACB75C113E76CB5CE4E404"}},"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":"6CA3E27AAD21ACCC7D0D0D504C734CDE01D59E8B3FD1D2A79315407423A4F88E","fikbjbembnmfhppjfnmfkahdhfohhjmg":"016DC2E700A650228F7EF9689C7EF0A01F816BE6436545AC79F4D34EE8F53F57","fogppepbgmgkpdkinbojbibkhoffpief":"8C13E9155B5A3E48EF8DC449E2EA395CDF327457C430F5A0A42ED208F1F976F4","iglcjdemknebjbklcgkfaebgojjphkec":"4629BCDED63A2A92A14D86D6D0FCC33B44C1B9022F0D3F00EDC7E3E94573139F","ihmafllikibpmigkcoadcmckbfhibefp":"AA86371ADC49EDA67AFDD42FB0709DBC8B8D31063BBCC1C0E5940C835AAC2D9C","jdiccldimpdaibmpdkjnbmckianbfold":"F1C98FA92A78AE5089FE400F446EE6A816471C65F2A5476427CB4AE92C47E76D","kmendfapggjehodndflmmgagdbamhnfd":"6218F53FB79657D9DC5151839D672A022EA1BB9F55A139F4A3718030F0855BF0","mhjfbmdgcfjbbpaeojofohoefgiehjai":"BE2B3DD0BC9A30CDD93AAF9898C788A4903B3A9546CF1A23F7C14D561C899AAA","ncbjelpjchkpbikbpkcchkhkblodoama":"6B14F26FC1DB22FF5678CA4A72E7605F079FCD5283AFDE53109A4DB61A714B4A","nkeimhogjdpnpccoofpliimaahmaaome":"DA8560CF2A342180FB7769434A528E78EBDBE7082B19564EE38F640F90756307"}},"homepage":"3B4C52825B753E6E38B9D61F6E30BE0025CA974178C713AFA29B901FE0B97D89","homepage_is_newtabpage":"C8E4D07C186A5AFD3720C4B5FD41C0F7600EB40D2C5A8718D93007DD0461A170","media":{"storage_id_salt":"99985C0E423F4C16F19436AB582315DA20C2FD974EBDAD9EE959D204C797F2ED"},"pinned_tabs":"EA48315356B79BBB371A33516B67D3CE0A6023AD514E51F7A73C6126964857F9","prefs":{"preference_reset_time":"E60C636B08126DE11F395B6F579DBC1DBB92EFA471D86D8A665EE8D50712C1CB"},"safebrowsing":{"incidents_sent":"2405C17E85078A813D2C30D07ED0F07197C461CEDFFA6C57EEA4CBAB5D9ADB73"},"search_provider_overrides":"4E09C1C42490EDDC27E4F81AD5696DC741AE75672CF3E47107258F7BE686B25D","session":{"restore_on_startup":"DCF61C5192DF9DE12B5A38EDA6C9BFA899FB160908D8A8D5566A0EE0ACF2D2E9","startup_urls":"16CF30D28DA6A9D929CB229DA49EA590145BE8F0451103F71FDF021521821137"},"settings_reset_prompt":{"last_triggered_for_default_search":"188FF918758539C98CE26E9A5189BA8C3706BCD6DE9EA974B838C85F9E17BB28","last_triggered_for_homepage":"A12EDA7A43DB79D31F9771F3222D34E81841E8B04401934E35C4C2AB1EA95622","last_triggered_for_startup_urls":"AF9DB5E2BE14F37CDF438DECB1543AA6067D460CD5D18CF00B60799A524D23D1","prompt_wave":"28EC7C45B29B2397EBF533FC092FB363F6AB1801DC12BC8ED62B5DD1675AA3EA"},"software_reporter":{"prompt_seed":"3C665A30DCDE1D1D45F33E3EEF8B0ABA90594AF2817B1C12CD4276BC475C6B56","prompt_version":"A700231E541A29B9004080DD2A3A296FAB9D664A594C86DCB7E0937780619617","reporting":"5DFF4A0976A41E5A75076E0AC84BECA863799C0A20EC00EE5A329E5F3BE2A646"}},"super_mac":"A0E1994EC5153E29668FD7532645184C599F53FE91B120FE397D86A1FB00A47F"},"session":{"restore_on_startup":5,"startup_urls":[]}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Administrator\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences was reset successfully
C:\Users\Administrator\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences was reset successfully
C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\pepe3\AppData\Local\CCleaner Browser\User Data\Default\Preferences was reset successfully
C:\Users\pepe3\AppData\Local\CCleaner Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\pepe3\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\pepe3\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\Administrator\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully
C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data was reset successfully
C:\Users\pepe3\AppData\Local\CCleaner Browser\User Data\Default\Web Data was reset successfully
C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\pepe3\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\pepe3\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\pepe3\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\pepe3\AppData\Local\Mozilla\Firefox\Profiles\0qf0mpe2.default-release\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Administrator\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache emptied successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Users\pepe3\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache emptied successfully
C:\Users\pepe3\AppData\Local\CCleaner Browser\User Data\Default\Cache emptied successfully
C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
C:\Users\pepe3\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4198 folders=1532 722848365 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\pepe3\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\pepe3\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted

==== EOF on 09.02.2021 at 15:37:26,70 ======================


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Pepe3dx (Administrator) on 09.02.2021 at 15:41:03,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\pepe3\Desktop\twitter.lnk (Shortcut)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2021 at 15:42:04,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Na Twitter se z chromu stále nemohu lognout. Přes FireFox to jde normálně. Všechny ostatní stránky se načítají a loguji normálně.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivka

#14 Příspěvek od Diallix »

Nemozete sa dostat ani po aplikovani predosleho postupu?

Skusal ste vymazat cookies a cache - historiu?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: Preventivka

#15 Příspěvek od pepe3dx »

Tak jsem vymazal cookies a už to jde normálně. Měl jsem to udělat hned, ale nenapadlo mne to. :)

Tak ještě jednou díky a jako vždy zasílám příspěvek na provoz fora.

Přeji pěkný den a hodně zdaru v boji s havětí.. :thumbsup:

Zamčeno