Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kryptik.COVU

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Dolero
Návštěvník
Návštěvník
Příspěvky: 2
Registrován: 06 pro 2014 14:09

Kryptik.COVU

#1 Příspěvek od Dolero »

Zdravím. Vpravdě jsem si teď už včera hledal na download kompletní verzi Tenkrát v Americe od Leoneho a při brouzdání jsem si do PC nechtěně natáhl zmíněný Kryptik.COVU. Eset to hned vyhledal, ale nějak se mu to nepodařilo smáznout, tak jsem ze zvyku použil Malware Bytes. Ten se o to snad postaral (Kryptik stihl během chvíle celou složku Users/Roaming přehltit nejrůzněji pojmenovanými složkami, bylo jich na několik stovek). Teď bych jen prosil od zdejších odborníků posudek na to, jestli je už čisto a mám být v klidu a nebo mám raději PC dopřát reinstall. Díky za pomoc :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by Robin (administrator) on ROBIN-PC (24-02-2019 00:16:38)
Running from C:\Users\Robin\Desktop
Loaded Profiles: Robin (Available Profiles: Robin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) D:\Programy\ESET\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) D:\Origin\OriginWebHelperService.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Valve Corporation) D:\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Akamai Technologies, Inc.) C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) D:\Programy\CCleaner\CCleaner64.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes) D:\Programy\Anti-Malware\MBAMService.exe
(ESET) D:\Programy\ESET\egui.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Malwarebytes) D:\Programy\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Robin\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA Technologies Inc. -> VIA)
HKLM...\Run: [egui] => D:\Programy\ESET\ecmds.exe [177928 2018-10-28] (ESET, spol. s r.o. -> ESET)
HKLM...\Run: [SecurityHealth] => C:\Windows\system [0 2009-07-14] () [File not signed]
HKLM...\Run: [WindowsDefender] => C:\Windows\system [0 2009-07-14] () [File not signed]
HKLM\...\Run: [AvastUI.exe] => AvastUI.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [Steam] => D:\Steam\steam.exe [3144480 2019-02-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [1384840 2018-10-04] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [DAEMON Tools Lite] => D:\Programy\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [CCleaner Smart Cleaning] => D:\Programy\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [uTorrent] => D:\Torrent\utorrent.exe [393728 2013-10-10] (BitTorrent, Inc.)
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [SecurityHealth] => C:\Windows\system [0 2009-07-14] ()
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [WindowsDefender] => C:\Windows\system [0 2009-07-14] ()
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Run: [AvastUI.exe] => AvastUI.exe
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-07-17] ()
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvid.dll [503808 2002-10-04] ()
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\Iac25_32.ax [197632 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\Windows\SysWOW64\advpack.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B7AB55A4-716A-4E03-BF54-401ABBB90598}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Programy\Microsoft Office 2016\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programy\Microsoft Office 2016\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Programy\Microsoft Office 2016\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Programy\Microsoft Office 2016\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Programy\Microsoft Office 2016\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Programy\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3588220044-2293058574-3737256607-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Robin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3588220044-2293058574-3737256607-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-12-30] ()

Chrome:
=======
CHR HomePage: Default -> hxxps://cs.wikipedia.org/wiki/%C5%98ecko-tureck%C3%A1_v%C3%A1lka_(1897)
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default [2019-02-24]
CHR Extension: (Prezentace) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-25]
CHR Extension: (Dokumenty) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-25]
CHR Extension: (Disk Google) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-25]
CHR Extension: (Panorama Viewer) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbplklgcjnhehkoigoankacpmehafhfk [2019-01-03]
CHR Extension: (Tabulky) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (AdBlock) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1364904 2017-11-21] (Autodesk, Inc. -> Autodesk Inc.)
R2 ekrn; D:\Programy\ESET\ekrn.exe [2302152 2018-10-28] (ESET, spol. s r.o. -> ESET)
S3 GalaxyClientService; D:\GOG Galaxy\GalaxyClientService.exe [707144 2018-12-23] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2018-12-23] (GOG Sp. z o.o. -> GOG.com)
R2 MBAMService; D:\Programy\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2159424 2018-03-05] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3028808 2018-03-05] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2017-12-30] (Even Balance, Inc. -> )
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2017-11-25] (DT Soft Ltd -> DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2018-10-28] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107896 2018-10-28] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188832 2018-10-28] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-10-28] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82304 2018-10-28] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61528 2018-10-28] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [109864 2018-10-28] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-02-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-02-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [187392 2009-06-10] (Microsoft Windows -> Realtek Corporation )
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2018-09-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2206864 2012-10-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
U4 diagnosticshub.standardcollector.service; no ImagePath
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-24 00:16 - 2019-02-24 00:17 - 000018753 _____ C:\Users\Robin\Desktop\FRST.txt
2019-02-24 00:16 - 2019-02-24 00:16 - 000000000 ____D C:\FRST
2019-02-24 00:15 - 2019-02-24 00:15 - 002435072 _____ (Farbar) C:\Users\Robin\Desktop\FRST64 (1).exe
2019-02-23 23:48 - 2019-02-23 23:48 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-23 23:48 - 2019-02-23 23:48 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-02-23 23:48 - 2019-02-23 23:48 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-02-23 23:48 - 2019-02-23 23:48 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-02-23 23:29 - 2019-02-23 23:29 - 000000000 ____D C:\Users\Robin\AppData\Local\mbam
2019-02-23 23:28 - 2019-02-23 23:28 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-02-23 23:28 - 2019-02-23 23:28 - 000000734 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-23 23:28 - 2019-02-23 23:28 - 000000000 ____D C:\Users\Robin\AppData\Local\mbamtray
2019-02-23 23:28 - 2019-02-23 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-23 23:28 - 2019-02-23 23:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-23 23:28 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-21 13:29 - 2019-02-21 13:29 - 000000202 _____ C:\Users\Robin\Desktop\Dishonored.url
2019-02-20 13:18 - 2019-02-20 13:41 - 000000000 ____D C:\Users\Robin\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2019-02-20 13:17 - 2019-02-20 13:17 - 000000860 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2019-02-20 13:17 - 2019-02-20 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2019-02-19 15:05 - 2019-02-21 01:04 - 012933676 _____ C:\Users\Robin\Desktop\Makedon.ck2
2019-02-18 23:26 - 2019-02-20 02:28 - 000000257 _____ C:\Users\Robin\Desktop\Nový textový dokument.txt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (8).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (7).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (6).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (5).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (4).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (3).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (2).srt
2019-02-14 14:21 - 2019-02-14 14:21 - 000069506 _____ C:\Users\Robin\Downloads\Venom(0000306296) (1).srt
2019-02-14 14:20 - 2019-02-14 14:20 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (12).srt
2019-02-14 14:20 - 2019-02-14 14:20 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (11).srt
2019-02-14 14:20 - 2019-02-14 14:20 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (10).srt
2019-02-14 14:19 - 2019-02-14 14:19 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (9).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (8).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (7).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (6).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (5).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (4).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (3).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (2).srt
2019-02-14 14:18 - 2019-02-14 14:18 - 000069559 _____ C:\Users\Robin\Downloads\Venom(0000306531) (1).srt
2019-02-12 19:57 - 2019-02-20 02:28 - 000000000 ____D C:\Users\Robin\Desktop\Nová složka
2019-02-02 18:04 - 2019-02-02 18:04 - 000000000 ____D C:\Users\Robin\AppData\Roaming\REVOLT
2019-01-31 20:48 - 2019-02-15 17:54 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-31 20:48 - 2019-01-31 20:48 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-31 20:48 - 2019-01-31 20:48 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-31 20:08 - 2019-01-31 20:08 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\SKS
2019-01-31 16:18 - 2019-01-31 16:58 - 000000000 ____D C:\Users\Robin\AppData\LocalLow\Mozilla
2019-01-30 17:19 - 2019-01-30 17:19 - 000000000 ____D C:\ProgramData\EA Core
2019-01-27 01:04 - 2019-01-27 01:04 - 000000000 ____D C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crysis

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-23 23:54 - 2009-07-14 16:18 - 008463136 _____ C:\Windows\system32\perfh005.dat
2019-02-23 23:54 - 2009-07-14 16:18 - 002787474 _____ C:\Windows\system32\perfc005.dat
2019-02-23 23:54 - 2009-07-14 06:13 - 000006416 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-23 23:53 - 2009-07-14 05:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-23 23:53 - 2009-07-14 05:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-23 23:51 - 2018-12-23 22:03 - 000007602 _____ C:\Users\Robin\AppData\Local\Resmon.ResmonCfg
2019-02-23 23:48 - 2017-12-03 21:34 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
2019-02-23 23:48 - 2017-11-25 16:03 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-23 23:48 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-23 23:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-02-23 23:43 - 2018-07-12 23:26 - 000000000 ____D C:\Windows\Minidump
2019-02-23 23:43 - 2017-11-25 17:40 - 000000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2019-02-23 23:35 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2019-02-23 21:53 - 2017-11-25 20:01 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-23 21:43 - 2018-05-17 07:42 - 000004118 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-23 21:33 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-23 21:09 - 2017-11-25 19:27 - 000000000 ____D C:\Users\Robin\AppData\Local\ElevatedDiagnostics
2019-02-22 23:44 - 2017-11-25 17:12 - 000000000 ____D C:\Users\Robin\AppData\Roaming\vlc
2019-02-22 17:04 - 2018-01-09 15:19 - 000000000 ____D C:\Users\Robin\AppData\Local\Spotify
2019-02-21 15:10 - 2017-11-25 17:26 - 000000000 ____D C:\Users\Robin\Documents\My Games
2019-02-17 12:10 - 2017-11-25 17:10 - 000000000 ____D C:\Users\Robin\AppData\Roaming\DAEMON Tools Lite
2019-02-17 02:20 - 2018-01-09 15:18 - 000000000 ____D C:\Users\Robin\AppData\Roaming\Spotify
2019-02-13 16:23 - 2017-11-25 20:01 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-08 17:07 - 2018-05-12 23:21 - 000000739 _____ C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No One Lives Forever 2.lnk
2019-02-06 18:10 - 2017-12-19 15:41 - 000000000 ____D C:\Users\Robin\Documents\Larian Studios
2019-02-06 18:10 - 2017-12-19 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2019-02-03 20:59 - 2017-12-04 19:00 - 000000000 ____D C:\Users\Robin\AppData\Local\Ubisoft Game Launcher
2019-01-31 20:48 - 2017-11-25 15:43 - 000000000 ____D C:\Users\Robin\AppData\Local\Deployment
2019-01-31 20:48 - 2017-11-25 15:43 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-31 20:46 - 2017-11-25 15:42 - 000001397 _____ C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-30 17:19 - 2018-02-13 19:44 - 000000000 ____D C:\ProgramData\Electronic Arts
2019-01-27 21:37 - 2018-02-13 18:41 - 000000000 ____D C:\Users\Robin\AppData\Roaming\Origin
2019-01-27 21:36 - 2018-02-13 18:34 - 000000000 ____D C:\ProgramData\Origin
2019-01-27 21:29 - 2018-12-24 00:03 - 000000000 ____D C:\Users\Robin\Documents\The Witcher 3

==================== Files in the root of some directories =======

2002-08-29 18:33 - 2002-08-29 18:33 - 000319488 ____R () C:\Users\Robin\AppData\Roaming\MafiaSetup.exe
2018-12-23 22:03 - 2019-02-23 23:51 - 000007602 _____ () C:\Users\Robin\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-23 13:29

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Robin (24-02-2019 00:17:25)
Running from C:\Users\Robin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-11-25 14:41:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3588220044-2293058574-3737256607-500 - Administrator - Disabled)
Guest (S-1-5-21-3588220044-2293058574-3737256607-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3588220044-2293058574-3737256607-1002 - Limited - Enabled)
Robin (S-1-5-21-3588220044-2293058574-3737256607-1001 - Administrator - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
Crusader Kings II Holy Fury (HKLM-x32\...\Crusader Kings II Holy Fury_is1) (Version: - )
Crysis (HKLM-x32\...\Crysis) (Version: - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.35 - NVIDIA Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ESET Security (HKLM\...\{3EB22EED-2263-4174-9F36-09BD15A7AEF8}) (Version: 11.0.159.5 - ESET, spol. s r.o.)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.33.5294 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GOTHIC2 - Noc Havrana - 'Systémový balíček' (HKLM-x32\...\GOTHIC2 - Noc Havrana - 'Systémový balíček') (Version: 1.7 - World of Gothic RU © 2017)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Gyazo 3.4.1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
LEGO Racers (HKLM-x32\...\LEGO Racers) (Version: - )
Mafia (HKLM-x32\...\Mafia) (Version: - )
Mafia Game (HKLM-x32\...\Mafia Game) (Version: - )
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
No One Lives Forever 2 (HKLM-x32\...\{EBCCE08A-B3EE-40E7-96D7-31741D481015}) (Version: - )
NVIDIA Ovladač 3D Vision 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.35 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Óńňŕíîâęŕ Chicago 1930 (HKLM-x32\...\Óńňŕíîâęŕ Chicago 1930) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.14.38647 - Electronic Arts, Inc.)
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{0adeacd2-a31e-4941-b1b8-a727388fe06f}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 417.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 417.35 - NVIDIA Corporation) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Risen 3 Titan Lords Enhanced Edition (HKLM-x32\...\Risen 3 Titan Lords Enhanced Edition_is1) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spotify (HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\Spotify) (Version: 1.1.0.237.g378f6f25 - Spotify AB)
STARWARS: The Battle of Endor version 2.1 (HKLM-x32\...\STARWARS: The Battle of Endor v2.1_is1) (Version: - Bruno R. Marcos)
STARWARS: The Battle of Yavin version 1.1 (HKLM-x32\...\STARWARS: The Battle of Yavin v1.1_is1) (Version: - Bruno R. Marcos)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
T3A Patch for BFME 1 version 1.06 (HKLM-x32\...\T3APATCH106_is1) (Version: 1.06 - )
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
The Battle for Middle-earth (tm) (HKLM-x32\...\{962E05CF-3394-496D-0091-850CF1762F6B}) (Version: - )
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Vietcong Zlatá Kolekce (CZ) (HKLM-x32\...\Vietcong Zlatá Kolekce (CZ)) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
YTD Video Downloader 5.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.6 - GreenTree Applications SRL) <==== ATTENTION
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Programy\Microsoft Office 2016\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Programy\Microsoft Office 2016\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Programy\Microsoft Office 2016\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Programy\Microsoft Office 2016\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Programy\Microsoft Office 2016\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Programy\Microsoft Office 2016\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Programy\ESET\shellExt.dll [2018-10-28] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Programy\ESET\shellExt.dll [2018-10-28] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Programy\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-12-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\Programy\ESET\shellExt.dll [2018-10-28] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Programy\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programy\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programy\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {197EB1A1-FD3F-4D0A-A9B3-3541F5F8C866} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {36560D9C-92F5-44AB-82A8-056A75558169} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe () [File not signed]
Task: {3AB31CFF-3702-4804-A31B-A254257311BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => D:\Programy\Microsoft Office 2016\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3E4EA03A-54F4-4481-877E-D67F6EA6A146} - System32\Tasks\{FE3DD968-9FE5-40E2-876F-43B3DF11C8FA} => C:\Windows\system32\pcalua.exe -a "D:\Hry\Star Wars Empire at War\Install\uninst.exe" -d "D:\Hry\Star Wars Empire at War\Install"
Task: {42664F81-3B4D-4F95-B98A-9094A8AFA1F3} - System32\Tasks\CCleanerSkipUAC => D:\Programy\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {42F3834C-4BA2-471B-8EAE-00E0C5886638} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (Nota Inc. -> Nota Inc.)
Task: {4AB92309-B9B2-4DB6-B2F7-333DECDB9DF5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {7B1384FB-05A2-4D7D-85CE-DB9A8FC903C5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => D:\Programy\Microsoft Office 2016\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {81A91DD8-3F54-4F62-B54B-24B7CE5C85ED} - System32\Tasks\CCleaner Update => D:\Programy\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9E68DF2E-610C-4198-8006-830E9E70D438} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A0E2D740-63B1-4960-9539-10C32FED96FE} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe (Nota Inc. -> Nota Inc.)
Task: {C6721ADC-6340-44B1-918D-4B5F7C1E598E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-26 13:26 - 2012-10-25 10:26 - 000078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2017-11-26 13:26 - 2012-10-25 10:26 - 000386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2018-05-10 19:14 - 2018-09-10 19:42 - 000085320 _____ () D:\Programy\CCleaner\lang\lang-1029.dll
2018-08-29 20:15 - 2019-02-05 02:46 - 001072416 _____ () D:\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-08-29 20:15 - 2018-11-20 01:56 - 102804768 _____ () D:\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-29 20:15 - 2018-11-20 01:56 - 004866336 _____ () D:\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-08-29 20:15 - 2018-11-20 01:56 - 000116000 _____ () D:\Steam\bin\cef\cef.win7x64\libegl.dll
2017-12-30 23:17 - 2017-12-30 23:17 - 000075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2019-02-23 23:28 - 2019-01-25 16:36 - 002845712 _____ () D:\PROGRAMY\ANTI-MALWARE\MwacLib.dll
2019-02-23 23:28 - 2019-01-24 11:09 - 002714000 _____ () D:\PROGRAMY\ANTI-MALWARE\SelfProtectionSdk.dll
2019-02-15 17:54 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-15 17:54 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2013-12-14 11:08 - 2019-02-05 02:46 - 000890144 _____ () D:\Steam\SDL2.dll
2015-01-19 23:29 - 2016-09-01 02:02 - 004969248 _____ () D:\Steam\v8.dll
2015-01-19 23:29 - 2016-09-01 02:02 - 001563936 _____ () D:\Steam\icui18n.dll
2015-01-19 23:29 - 2016-09-01 02:02 - 001195296 _____ () D:\Steam\icuuc.dll
2014-05-22 13:21 - 2019-02-18 23:21 - 002666784 _____ () D:\Steam\video.dll
2017-12-14 13:21 - 2018-11-05 19:53 - 005137696 _____ () D:\Steam\libavcodec-57.dll
2017-12-14 13:21 - 2018-11-05 19:53 - 000847136 _____ () D:\Steam\libavutil-55.dll
2017-12-14 13:21 - 2018-11-05 19:53 - 000810784 _____ () D:\Steam\libavformat-57.dll
2017-12-14 13:21 - 2018-11-05 19:53 - 000351520 _____ () D:\Steam\libavresample-3.dll
2017-12-14 13:21 - 2018-11-05 19:53 - 000783648 _____ () D:\Steam\libswscale-4.dll
2013-12-14 11:08 - 2019-02-18 23:21 - 001031456 _____ () D:\Steam\bin\chromehtml.DLL
2016-03-10 09:51 - 2016-07-04 23:17 - 000266560 _____ () D:\Steam\openvr_api.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3588220044-2293058574-3737256607-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{32BFEEA4-3D33-4D68-B820-3C47C33EF92C}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{50969077-8877-4F45-BFA2-B42E425A4954}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A9F250BE-18B5-4F16-B0FD-69B0A60C4176}] => (Allow) D:\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe ()
FirewallRules: [{DEC13971-D7EB-4D25-9D3F-C3593F65BF0A}] => (Allow) D:\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe ()
FirewallRules: [{0D46BFD3-D463-409A-82A2-92F1412966C4}] => (Allow) D:\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe (Nordic Games)
FirewallRules: [{42998611-8D83-4159-B252-DE3D6702388C}] => (Allow) D:\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe (Nordic Games)
FirewallRules: [TCP Query User{29C4114A-09A5-4A1E-B752-2A44DA621C05}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [UDP Query User{2E880969-3328-4D2A-AA30-532EBD91992A}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [TCP Query User{1FF04A9B-F2B3-465C-8FB0-51B181361474}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [UDP Query User{9100F5DA-0175-4725-A07D-C048CA282B66}D:\torrent\utorrent.exe] => (Allow) D:\torrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [TCP Query User{25BE61F4-2658-4463-8455-FF1ADB197EFD}D:\hry\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) D:\hry\age of empires 2 & the conquerors expansion - full game\age2_x1.exe No File
FirewallRules: [UDP Query User{B61BB21C-6390-450E-84B9-67F03B83E597}D:\hry\age of empires 2 & the conquerors expansion - full game\age2_x1.exe] => (Allow) D:\hry\age of empires 2 & the conquerors expansion - full game\age2_x1.exe No File
FirewallRules: [{9C0DE5B7-0069-4C67-B4DA-79BA9DB043B7}] => (Allow) D:\Torrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{B36A1C65-1CFE-4176-81B0-DAB1C0D46358}] => (Allow) D:\Torrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{5F2762EB-5C40-468C-BFA9-758C8B7BE57A}] => (Allow) D:\Steam\SteamApps\common\Shadow Warrior\sw.exe (Flying Wild Hog)
FirewallRules: [{F4904062-9A14-4F4D-8EEC-2B3B7C2A2CE3}] => (Allow) D:\Steam\SteamApps\common\Shadow Warrior\sw.exe (Flying Wild Hog)
FirewallRules: [TCP Query User{7F44D56A-59CE-4E8F-ACD4-26160955D6EF}C:\users\robin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\robin\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{E6979DF9-B1B0-4B7C-B79F-A54061B441B2}C:\users\robin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\robin\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{E240DC80-D479-4AB3-A55A-38CE81E33DE8}] => (Allow) D:\Programy\Microsoft Office 2016\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9E635155-2ADA-48C8-98AC-BD3693F0ECC3}] => (Allow) D:\Programy\Microsoft Office 2016\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE3C471A-64F9-4FF3-BE46-6773873F1C4F}] => (Allow) D:\Programy\Microsoft Office 2016\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2F36B44-F0AE-4251-8154-22E108BC00D1}] => (Allow) D:\Programy\Microsoft Office 2016\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{388237B6-A517-4DF2-A566-52506F09BBE3}] => (Allow) D:\Programy\Microsoft Office 2016\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{69289F21-0644-4A6D-843B-FC7D54900763}] => (Allow) D:\Steam\SteamApps\common\swkotor\swkotor.exe (BioWare Corp.)
FirewallRules: [{A3F6540D-07D6-4216-BD47-F0A041D10C71}] => (Allow) D:\Steam\SteamApps\common\swkotor\swkotor.exe (BioWare Corp.)
FirewallRules: [{B6A97D0D-10FE-42DE-8E34-5C13202094BA}] => (Allow) D:\Steam\SteamApps\common\Doki Doki Literature Club\DDLC.exe ()
FirewallRules: [{C886F91C-8C00-4B29-A109-770330DC3054}] => (Allow) D:\Steam\SteamApps\common\Doki Doki Literature Club\DDLC.exe ()
FirewallRules: [{5C1ECC03-B0DD-49D6-B2D0-24D63D32D77F}] => (Allow) D:\Hry\Pán Prstenů Bitva o Středozem\game.dat ()
FirewallRules: [{468EBFDA-2E4F-47FF-9CAA-4483767E6425}] => (Allow) D:\Hry\Pán Prstenů Bitva o Středozem\game.dat ()
FirewallRules: [{24E332AD-64B5-4A1D-9225-94AC13195D97}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{B74B0230-E590-45AD-A516-B930198FC6DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{87830483-5A5E-45E4-8440-4A1881F2A392}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{3B95BB96-A88D-472F-BE9D-33D315934955}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{E2F5A141-EE4B-4BDC-A21F-125F6B6D2770}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{72479115-C0B0-4B3A-AB61-E7098994EAC2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [TCP Query User{30EC92E3-144D-4653-BD97-8D8D9F2DC5FF}C:\users\robin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\robin\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [UDP Query User{4216958C-1481-43A7-A468-F9802ACE2AA3}C:\users\robin\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\robin\appdata\local\akamai\netsession_win.exe (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
FirewallRules: [{F5420EA2-4128-4A86-94B2-A5B93DBABDF6}] => (Allow) D:\Steam\SteamApps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{2FBE6A7F-6172-4EB3-B111-EE19AA87E40A}] => (Allow) D:\Steam\SteamApps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [TCP Query User{C7C146B7-AFEA-43B3-A1F1-F5C202A4BF9F}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{00B775F8-6243-4669-AC16-EDCB76BB5843}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{00AC56BD-3DAF-4918-9387-B2247F7A1FC3}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{AE2C24C1-B714-48D4-B444-AAD88A33DB52}C:\users\robin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\robin\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{849DC815-771D-4298-A7F1-D596EB1C74D0}] => (Allow) D:\Steam\SteamApps\common\ICEY\ICEY.exe ()
FirewallRules: [{3A87A4D7-B294-4C2C-B5CF-0C9FA9D784C4}] => (Allow) D:\Steam\SteamApps\common\ICEY\ICEY.exe ()
FirewallRules: [TCP Query User{80C0A3C9-6A18-4138-8767-C6F64FD73A9B}D:\gog galaxy\games\gwent\gwent.exe] => (Allow) D:\gog galaxy\games\gwent\gwent.exe No File
FirewallRules: [UDP Query User{B40E90FC-ED71-46C5-9E18-0A5F6354E802}D:\gog galaxy\games\gwent\gwent.exe] => (Allow) D:\gog galaxy\games\gwent\gwent.exe No File
FirewallRules: [TCP Query User{56B78CFC-6C8A-4AED-9404-42DDC4877984}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [UDP Query User{3E25EE71-F451-4D90-9B26-A1F973AB907E}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File
FirewallRules: [{BE91538F-FEB1-4983-A31D-B4769A0A6310}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D7772BF2-4DA2-4EE9-85C4-8D4B919A00AE}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8445F481-381E-4E5C-AA9A-FD2754F5F614}] => (Allow) D:\Steam\SteamApps\common\Empire Total War\Empire.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{22D04194-84F3-445B-8222-6C3E2D0067E0}] => (Allow) D:\Steam\SteamApps\common\Empire Total War\Empire.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{4CEDBC11-81C2-41B3-8C60-9632F3311F9C}] => (Allow) D:\Programy\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{FEF1FF78-3684-446B-8F20-C86F6700AB14}] => (Allow) D:\Programy\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{FD37529D-523C-4F05-9A51-D67E312FD952}D:\hry\total war - shogun 2\shogun2.exe] => (Allow) D:\hry\total war - shogun 2\shogun2.exe No File
FirewallRules: [UDP Query User{19C47453-E13B-4FFF-B72C-17432FAB3DDA}D:\hry\total war - shogun 2\shogun2.exe] => (Allow) D:\hry\total war - shogun 2\shogun2.exe No File
FirewallRules: [TCP Query User{13B7DE25-AC35-4E4C-A57C-F68768165C60}D:\hry\act of war - direct action\actofwar.exe] => (Allow) D:\hry\act of war - direct action\actofwar.exe No File
FirewallRules: [UDP Query User{16324D47-2300-4C31-AFFB-F63775E989CE}D:\hry\act of war - direct action\actofwar.exe] => (Allow) D:\hry\act of war - direct action\actofwar.exe No File
FirewallRules: [{55E74F8D-E4BB-496C-A3FF-AF13F752AA5E}] => (Allow) D:\Steam\SteamApps\common\KnightShift\KnightShift.exe (Reality Pump Sp. z o.o. -> Reality Pump)
FirewallRules: [{A7E85E5F-2572-434A-8F9D-451998057602}] => (Allow) D:\Steam\SteamApps\common\KnightShift\KnightShift.exe (Reality Pump Sp. z o.o. -> Reality Pump)
FirewallRules: [{D4B69459-FF63-4DC1-98AC-635557142908}] => (Allow) D:\Steam\SteamApps\common\KnightShift\KnightShift.ex1 (Reality Pump Sp. z o.o. -> Reality Pump)
FirewallRules: [{DC9E11BA-BF3F-4A29-B275-99B2E61F4589}] => (Allow) D:\Steam\SteamApps\common\KnightShift\KnightShift.ex1 (Reality Pump Sp. z o.o. -> Reality Pump)
FirewallRules: [{EE925D0A-27E1-4E98-B797-697AD9BE50AD}] => (Allow) D:\Steam\SteamApps\common\KnightShift\KnightShift.ex2 (Reality Pump Sp. z o.o. -> Reality Pump)
FirewallRules: [{32A0EEE6-663F-44EA-9077-13D3C32004C3}] => (Allow) D:\Steam\SteamApps\common\KnightShift\KnightShift.ex2 (Reality Pump Sp. z o.o. -> Reality Pump)
FirewallRules: [TCP Query User{33B902B4-57FE-46BE-A97E-EC7E3A2D11B0}D:\hry\metin2 quadcore\pack\core.bin] => (Allow) D:\hry\metin2 quadcore\pack\core.bin No File
FirewallRules: [UDP Query User{BA8A66EB-36F1-462A-BBB2-6C2BA590978C}D:\hry\metin2 quadcore\pack\core.bin] => (Allow) D:\hry\metin2 quadcore\pack\core.bin No File
FirewallRules: [TCP Query User{69AA235A-B239-4A04-B274-3283F97F61B5}D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe No File
FirewallRules: [UDP Query User{FB730E05-0BA6-42FD-A5AB-5537F7FF487D}D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe No File
FirewallRules: [{39B80CF8-974E-4527-8828-22DF4E17139E}] => (Allow) D:\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe (Obsidian Entertainment, Inc.)
FirewallRules: [{065A44E5-CF6C-40B1-8DB6-AAF404A7FF17}] => (Allow) D:\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe (Obsidian Entertainment, Inc.)
FirewallRules: [TCP Query User{580C3B56-EB07-4DF2-92C9-143198A512EE}D:\hry\anno 1404 gold edition\tools\addonweb.exe] => (Allow) D:\hry\anno 1404 gold edition\tools\addonweb.exe No File
FirewallRules: [UDP Query User{2E85CC18-43AA-4FB0-ACAE-897E473FF541}D:\hry\anno 1404 gold edition\tools\addonweb.exe] => (Allow) D:\hry\anno 1404 gold edition\tools\addonweb.exe No File
FirewallRules: [{C184C4C3-BE91-4343-9F8C-C9C908452DC1}] => (Allow) D:\Steam\SteamApps\common\Star Wars Empire at War\runme.exe ()
FirewallRules: [{59E2CDB2-E460-4DCB-B9DA-8EDD5904ADCE}] => (Allow) D:\Steam\SteamApps\common\Star Wars Empire at War\runme.exe ()
FirewallRules: [{8F1F6761-A506-4EE8-B1CD-CFBD90501C3B}] => (Allow) D:\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe ()
FirewallRules: [{8E8DBF8F-641E-43C5-80C4-DA2A6A28B451}] => (Allow) D:\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe ()
FirewallRules: [{29A37F83-2C36-4174-A3D7-5BCE07A414BC}] => (Allow) D:\Steam\SteamApps\common\Star Wars Empire at War\corruption\StarWarsG.exe (Lucasfilm Entertainment Company, Ltd.)
FirewallRules: [{9F8505E0-4860-4C83-A8F2-18D1DB1F278F}] => (Allow) D:\Steam\SteamApps\common\Star Wars Empire at War\corruption\StarWarsG.exe (Lucasfilm Entertainment Company, Ltd.)
FirewallRules: [TCP Query User{6DC5322D-3B31-4611-B42E-0D2C666DB606}D:\hry\the witcher 3 wild hunt goty\witcher script merger v0.6.2-484-0-6-2\tools\wcc_lite\bin\x64\wcc_lite.exe] => (Allow) D:\hry\the witcher 3 wild hunt goty\witcher script merger v0.6.2-484-0-6-2\tools\wcc_lite\bin\x64\wcc_lite.exe ()
FirewallRules: [UDP Query User{17DEFA15-4AB1-4DF3-A1A4-E4FCA80EFF30}D:\hry\the witcher 3 wild hunt goty\witcher script merger v0.6.2-484-0-6-2\tools\wcc_lite\bin\x64\wcc_lite.exe] => (Allow) D:\hry\the witcher 3 wild hunt goty\witcher script merger v0.6.2-484-0-6-2\tools\wcc_lite\bin\x64\wcc_lite.exe ()
FirewallRules: [TCP Query User{427B9466-72A2-494B-8380-A726458D1614}D:\hry\crusader kings ii holy fury\ck2game.exe] => (Allow) D:\hry\crusader kings ii holy fury\ck2game.exe (Paradox Interactive)
FirewallRules: [UDP Query User{D19C0D6E-ED9E-4A72-AC3F-2B2DBCD3BEC4}D:\hry\crusader kings ii holy fury\ck2game.exe] => (Allow) D:\hry\crusader kings ii holy fury\ck2game.exe (Paradox Interactive)
FirewallRules: [TCP Query User{FC723294-FD38-460D-A930-7A3EE8594779}D:\hry\europa universaliv iv 1.17.1\igg-europa.universalis.iv.v1.17.1.inclu.all.dlc\eu4.exe] => (Allow) D:\hry\europa universaliv iv 1.17.1\igg-europa.universalis.iv.v1.17.1.inclu.all.dlc\eu4.exe (Paradox Interactive)
FirewallRules: [UDP Query User{C38F017F-99B3-4D15-804D-B92E5013EFD6}D:\hry\europa universaliv iv 1.17.1\igg-europa.universalis.iv.v1.17.1.inclu.all.dlc\eu4.exe] => (Allow) D:\hry\europa universaliv iv 1.17.1\igg-europa.universalis.iv.v1.17.1.inclu.all.dlc\eu4.exe (Paradox Interactive)
FirewallRules: [TCP Query User{AD7502D2-5F09-4FE6-9CF3-9DF51738A4E2}D:\hry\crysis 2\bin32\crysis2.exe] => (Allow) D:\hry\crysis 2\bin32\crysis2.exe No File
FirewallRules: [UDP Query User{6CECC1FC-A626-4231-BBBC-AD4F330F229B}D:\hry\crysis 2\bin32\crysis2.exe] => (Allow) D:\hry\crysis 2\bin32\crysis2.exe No File
FirewallRules: [TCP Query User{C6993E44-A8BC-4CDE-98F8-498E323E34BF}D:\hry\the forest\theforest.exe] => (Allow) D:\hry\the forest\theforest.exe No File
FirewallRules: [UDP Query User{5FFD22C9-B548-4260-8740-AEDDE8740DAD}D:\hry\the forest\theforest.exe] => (Allow) D:\hry\the forest\theforest.exe No File
FirewallRules: [TCP Query User{BF7C47C2-1119-44E9-9AE3-1559554B22EF}D:\hry\vietcong zlatá kolekce (cz) [repack] by.jazz22\vietcong.exe] => (Allow) D:\hry\vietcong zlatá kolekce (cz) [repack] by.jazz22\vietcong.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> )
FirewallRules: [UDP Query User{E6E27F94-358F-4B25-B0D8-9FD806B67BAC}D:\hry\vietcong zlatá kolekce (cz) [repack] by.jazz22\vietcong.exe] => (Allow) D:\hry\vietcong zlatá kolekce (cz) [repack] by.jazz22\vietcong.exe (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> )
FirewallRules: [{7D0CAB24-7D52-4E8A-9302-CAEBE9FE5E91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{061C7DA5-D65D-4088-9B4C-21DA95D6556B}] => (Allow) D:\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe (Flying Wild Hog)
FirewallRules: [{D53AD5BB-9099-4369-A4C4-6826C5FD6025}] => (Allow) D:\Steam\SteamApps\common\Shadow Warrior\dx11\launcher.exe (Flying Wild Hog)
FirewallRules: [{B39B4C01-393E-418A-B713-4F6A87946014}] => (Allow) D:\Hry\Pán Prstenů Bitva o Strředozem 2\game.dat (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Electronic Arts Inc.)
FirewallRules: [{1B89D609-6CEE-4AEB-A362-BE69FD68B9DF}] => (Allow) D:\Hry\Pán Prstenů Bitva o Strředozem 2\game.dat (Error3: CryptCATAdminCalcHashFromFileHandle failed to return cbHash, #2 -> Electronic Arts Inc.)
FirewallRules: [{03754F4B-A3F3-461B-B1C3-AD88675624A2}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{0CA51CC1-7A41-49C4-B000-F44153C65C3E}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{13CD1918-87E1-4EBB-8906-F87BD799D570}] => (Allow) LPort=50376
FirewallRules: [{E9FC94BC-9F98-4C95-98EC-1CE0BDBCBDD0}] => (Allow) LPort=5000

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2019 11:53:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (02/23/2019 11:53:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (02/23/2019 11:53:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (02/23/2019 11:41:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (02/23/2019 11:41:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (02/23/2019 11:41:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (02/23/2019 11:19:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (02/23/2019 11:19:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.


System errors:
=============
Error: (02/24/2019 12:07:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Autodesk Desktop App Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2019 11:13:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/23/2019 11:13:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (02/23/2019 10:41:31 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (02/23/2019 09:33:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/23/2019 02:43:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3EB3C877-1F16-487C-9050-104DBCD66683} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/22/2019 05:04:31 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (02/21/2019 12:15:13 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.


Windows Defender:
===================================
Date: 2019-01-31 21:14:28.149
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{9C6B16C3-EB19-480F-A266-34622D35F883}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Robin-PC\Robin

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU K 875 @ 2.93GHz
Percentage of memory in use: 58%
Total physical RAM: 8182.05 MB
Available physical RAM: 3374.17 MB
Total Virtual: 16362.28 MB
Available Virtual: 11086.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:6.31 GB) NTFS
Drive d: (Déčko) (Fixed) (Total:931.51 GB) (Free:27.14 GB) NTFS

\\?\Volume{12e3c5a0-d1ee-11e7-a09d-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 88DC5B6E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 88DC5B73)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119420
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Kryptik.COVU

#2 Příspěvek od Rudy »

Zdravím!
Jak je na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“