preventívna kontrola logu

Zpráva

Slovak · #1 Příspěvek od **Slovak** » 04 kvě 2020 11:07

Chcel by som poprosiť o preventívnu kontrolu logu. Ďakujem.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Trifon at 2020-05-04 12:03:55
Microsoft Windows 10 Pro
System drive C: has 111 GB (49%) free of 228 GB
Total RAM: 8130 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:59, on 4. 5. 2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0771)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\trend micro\Trifon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Trifon\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - E:\Deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KMS-R@1n - Unknown owner - C:\Windows\KMS-R@1n.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee WebAdvisor - McAfee, LLC - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12513 bytes

======Listing Processes======

C:\WINDOWS\system32\lsass.exe
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f71a794c-d78c-4c3f-9bf2-dbf7af4732d1 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-90a56ce0-e7d8-429b-91ef-fbaa2f67cff3 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-42a8461b-d8c1-4398-8cb6-e19c55c81a35 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3dd31879-79ac-4c12-8c00-d423f73063e0 -LifetimeId:eb4ee44b-f6c6-42c8-9446-852a4050fa52 -DeviceGroupId:WudfDefaultDevicePool -HostArg:0
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s LSM
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s nsi
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ae6348e7-2c23-4d73-b0e8-2f3dee59e3da -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c3a2cb7f-e28d-4bc7-bd63-b5fd27246c6f -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3bdd90d4-aadc-4c8d-88bc-cc79f2d25acf -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f0f082cb-950c-44db-8a47-8a53b90b0ba3 -LifetimeId:6944bdb2-0f55-466c-9fbd-e8c05f52b7e6 -DeviceGroupId:WpdFsGroup -HostArg:0
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s CscService

C:\WINDOWS\system32\svchost.exe -k LocalService -p -s EventSystem
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Themes
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s FontCache
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s netprofm
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s ShellHWDetection

C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\WINDOWS\system32\svchost.exe -k apphost -s AppHostSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\Windows\KMS-R@1n.exe
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
"C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SstpSvc
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
rundll32.exe "c:\program files\nvidia corporation\nvstreamsrv\rxdiag.dll" RxDiagSetRuntimeMessagePump
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"ctfmon.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\AUDIODG.EXE 0x578
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s LicenseManager
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20041.85.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\AVAST Software\Avast\aswEngSrv.exe" /pipename="49A4199D-526F-12EA-3412-816F99DCFEC2" /binpath="C:\Program Files\AVAST Software\Avast"
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=gpu-process --field-trial-handle=1980,17715797091625015746,15648264438386969590,131072 --disable-features=VizDisplayCompositor --no-sandbox --log-file="C:\Users\Trifon\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Trifon\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --service-request-channel-token=6563263734801086015 --mojo-platform-channel-handle=2024 /prefetch:2
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4

"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Trifon\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --field-trial-handle=1980,17715797091625015746,15648264438386969590,131072 --disable-features=VizDisplayCompositor --service-pipe-token=3158679074139133208 --lang=en-US --log-file="C:\Users\Trifon\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3158679074139133208 --renderer-client-id=3 --mojo-platform-channel-handle=2588 /prefetch:1
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\System32\SecurityHealthSystray.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
AvastUI.exe /nogui
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\WINDOWS\system32\browser_broker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\MicrosoftEdgeCP.exe" -ServerName:Windows.Internal.WebRuntime.ContentProcessServer
C:\WINDOWS\system32\MicrosoftEdgeSH.exe SCODEF:9204 CREDAT:9730 APH:624000000000B JITHOST /prefetch:2
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UsoSvc
KMS-R@1nHook.exe "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Trifon\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Trifon\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=81.0.4044.129 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdebfebd28,0x7ffdebfebd38,0x7ffdebfebd48
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9612 --on-initialized-event-handle=728 --parent-handle=732 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1612 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1876 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=3696,7717774894344665478,2817139589028708054,131072 --no-sandbox --log-file="C:\Users\Trifon\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.2.2401)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAMAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=9343156145674542539 --mojo-platform-channel-handle=2620 /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6816 --ignored=" --type=renderer " /prefetch:8
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe -Embedding
"C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe" -ServerName:App.AppXagta193n5rpf7mheremt3yyfa1g555vc.mca
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wuauserv
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10144 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1648,12529641551034728501,10033662253559350947,131072 --lang=sk --enable-auto-reload --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 772 780 788 8192 784
KMS-R@1nHook.exe C:\WINDOWS\system32\SppExtComObj.exe -Embedding
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
"C:\Users\Trifon\Desktop\RSITx64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18 228968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-04-21 1352072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2018-07-18 2353944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18 163440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-04-21 1059496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2018-07-18 1744672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\WINDOWS\system32\SecurityHealthSystray.exe [2018-09-15 83968]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-10-22 7203032]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2020-04-21 108216]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2020-03-04 3022416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Opera Browser Assistant"=C:\Users\Trifon\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2020-03-27 3024920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-08-25 293872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe]
"Debugger="KMS-R@1nHook.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe]
"Debugger="KMS-R@1nHook.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-05-04 12:03:55 ----D---- C:\rsit
2020-04-27 09:39:37 ----D---- C:\Users\Trifon\AppData\Roaming\MaskOfThePlagueDoctor
2020-04-21 12:45:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2020-04-21 12:45:48 ----A---- C:\WINDOWS\system32\drivers\aswStm.sys
2020-04-21 12:45:48 ----A---- C:\WINDOWS\system32\drivers\aswNetHub.sys
2020-04-21 12:45:48 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2020-04-16 19:56:30 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2020-04-16 19:56:30 ----A---- C:\WINDOWS\SYSWOW64\MSFlacDecoder.dll
2020-04-16 19:56:30 ----A---- C:\WINDOWS\system32\rdpshell.exe
2020-04-16 19:56:30 ----A---- C:\WINDOWS\system32\rdpinit.exe
2020-04-16 19:56:30 ----A---- C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\SYSWOW64\mfmkvsrcsnk.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\system32\mfps.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\system32\mfmkvsrcsnk.dll
2020-04-16 19:56:29 ----A---- C:\WINDOWS\system32\mfcore.dll
2020-04-16 19:56:28 ----A---- C:\WINDOWS\system32\tellib.dll
2020-04-16 19:56:28 ----A---- C:\WINDOWS\system32\drivers\csc.sys
2020-04-16 19:56:21 ----A---- C:\WINDOWS\SYSWOW64\WinSATAPI.dll
2020-04-16 19:56:21 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2020-04-16 19:56:21 ----A---- C:\WINDOWS\SYSWOW64\msjet40.dll
2020-04-16 19:56:21 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2020-04-16 19:56:21 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2020-04-16 19:56:21 ----A---- C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 19:56:20 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2020-04-16 19:56:20 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2020-04-16 19:56:19 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2020-04-16 19:56:19 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2020-04-16 19:56:19 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2020-04-16 19:56:19 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\wsecedit.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\srumsvc.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\msrd3x40.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\msltus40.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\msexcl40.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\mispace.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\SYSWOW64\iasacct.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\system32\WinSATAPI.dll
2020-04-16 19:56:18 ----A---- C:\WINDOWS\system32\WinSAT.exe
2020-04-16 19:56:17 ----A---- C:\WINDOWS\system32\rdpclip.exe
2020-04-16 19:56:17 ----A---- C:\WINDOWS\system32\nltest.exe
2020-04-16 19:56:17 ----A---- C:\WINDOWS\system32\mstscax.dll
2020-04-16 19:56:17 ----A---- C:\WINDOWS\system32\msi.dll
2020-04-16 19:56:17 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2020-04-16 19:56:16 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2020-04-16 19:56:16 ----A---- C:\WINDOWS\system32\edgehtml.dll
2020-04-16 19:56:15 ----A---- C:\WINDOWS\system32\mshtml.dll
2020-04-16 19:56:15 ----A---- C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\wsecedit.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\StorSvc.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\jscript9.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\jscript.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\iscsiwmiv2.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\iasacct.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 19:56:14 ----A---- C:\WINDOWS\system32\Chakra.dll
2020-04-16 19:56:11 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2020-04-16 19:56:11 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2020-04-16 19:56:11 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2020-04-16 19:56:11 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2020-04-16 19:56:11 ----A---- C:\WINDOWS\system32\wbadmin.exe
2020-04-16 19:56:11 ----A---- C:\WINDOWS\system32\mispace.dll
2020-04-16 19:56:11 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\wpnapps.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\uReFS.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\mf3216.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\InstallServiceTasks.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2020-04-16 19:56:10 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2020-04-16 19:56:09 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2020-04-16 19:56:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 19:56:09 ----A---- C:\WINDOWS\SYSWOW64\TSWorkspace.dll
2020-04-16 19:56:09 ----A---- C:\WINDOWS\SYSWOW64\sppcext.dll
2020-04-16 19:56:09 ----A---- C:\WINDOWS\SYSWOW64\slc.dll
2020-04-16 19:56:09 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll
2020-04-16 19:56:09 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\tbauth.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\FlightSettings.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2020-04-16 19:56:08 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\system32\wininet.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\system32\t2embed.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 19:56:08 ----A---- C:\WINDOWS\system32\gdi32full.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\sxssrv.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\smss.exe
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\ntdll.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\mf3216.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\KernelBase.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\fontsub.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\dwmcore.dll
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\drivers\mrxsmb20.sys
2020-04-16 19:56:07 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\winresume.exe
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\winload.exe
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\uReFS.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\uDWM.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\taskschd.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\TabSvc.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\slc.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\refsutil.exe
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\pcasvc.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\kernel32.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\invagent.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\drivers\refs.sys
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\devinv.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\appraiser.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\aitstatic.exe
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\aeinv.dll
2020-04-16 19:56:06 ----A---- C:\WINDOWS\system32\acmigration.dll
2020-04-16 19:56:05 ----A---- C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 19:56:05 ----A---- C:\WINDOWS\system32\ntshrui.dll
2020-04-16 19:56:05 ----A---- C:\WINDOWS\system32\generaltel.dll
2020-04-16 19:56:04 ----A---- C:\WINDOWS\system32\vbscript.dll
2020-04-16 19:56:04 ----A---- C:\WINDOWS\system32\sppsvc.exe
2020-04-16 19:56:04 ----A---- C:\WINDOWS\system32\sppcext.dll
2020-04-16 19:56:04 ----A---- C:\WINDOWS\system32\shell32.dll
2020-04-16 19:56:04 ----A---- C:\WINDOWS\system32\rasmans.dll
2020-04-16 19:56:04 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 19:56:04 ----A---- C:\WINDOWS\system32\comdlg32.dll
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\win32kfull.sys
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\user32.dll
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\hal.dll
2020-04-16 19:56:03 ----A---- C:\WINDOWS\system32\drivers\hwpolicy.sys
2020-04-16 19:56:02 ----A---- C:\WINDOWS\system32\wpncore.dll
2020-04-16 19:56:02 ----A---- C:\WINDOWS\system32\wpnapps.dll
2020-04-16 19:56:02 ----A---- C:\WINDOWS\system32\WindowManagement.dll
2020-04-16 19:56:02 ----A---- C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 19:56:02 ----A---- C:\WINDOWS\system32\InstallService.dll
2020-04-16 19:56:02 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2020-04-16 19:56:02 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2020-04-16 19:56:00 ----A---- C:\WINDOWS\system32\win32kbase.sys
2020-04-16 19:56:00 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2020-04-16 19:56:00 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\wow64win.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\tbauth.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\cloudAP.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-04-16 19:55:59 ----A---- C:\WINDOWS\system32\aadtb.dll
2020-04-16 19:55:58 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 19:55:58 ----A---- C:\WINDOWS\system32\advapi32.dll
2020-04-16 19:55:58 ----A---- C:\WINDOWS\explorer.exe
2020-04-16 19:55:57 ----A---- C:\WINDOWS\SYSWOW64\windowsperformancerecordercontrol.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\SYSWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\SYSWOW64\Microsoft.Uev.AppAgent.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\wuuhext.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\webservices.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\usocore.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\srumsvc.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 19:55:57 ----A---- C:\WINDOWS\system32\drivers\http.sys
2020-04-16 19:55:56 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\utcutil.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\umpo.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\tcbloader.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\skci.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\securekernel.exe
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\runexehelper.exe
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\netlogon.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\LsaIso.exe
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\kerberos.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\dosvc.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\domgmt.dll
2020-04-16 19:55:56 ----A---- C:\WINDOWS\system32\diagtrack.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\SYSWOW64\logoncli.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\SYSWOW64\iscsiwmiv2.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\WinTypes.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\winhttp.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\windows.storage.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\samsrv.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\rpcss.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\offlinesam.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\logoncli.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\dnsapi.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\dcntel.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\combase.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\ci.dll
2020-04-16 19:55:55 ----A---- C:\WINDOWS\system32\aepic.dll
2020-04-16 19:55:54 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2020-04-16 19:55:54 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2020-04-16 19:55:54 ----A---- C:\WINDOWS\SYSWOW64\webservices.dll
2020-04-16 19:55:54 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2020-04-16 19:55:54 ----A---- C:\WINDOWS\SYSWOW64\taskschd.dll
2020-04-16 19:55:54 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2020-04-16 19:55:54 ----A---- C:\WINDOWS\SYSWOW64\KerbClientShared.dll
2020-04-16 19:55:54 ----A---- C:\WINDOWS\system32\hvix64.exe
2020-04-16 19:55:54 ----A---- C:\WINDOWS\system32\hvax64.exe
2020-04-16 19:55:53 ----A---- C:\WINDOWS\system32\drivers\volmgr.sys
2020-04-16 19:55:53 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2020-04-16 19:55:53 ----A---- C:\WINDOWS\system32\drivers\sfloppy.sys
2020-04-16 19:55:53 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2020-04-16 19:55:53 ----A---- C:\WINDOWS\system32\drivers\scmbus.sys
2020-04-16 19:55:53 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2020-04-11 16:19:57 ----D---- C:\Users\Trifon\AppData\Roaming\BlackstoneAcademyForTheMagicalArts
2020-04-06 12:14:23 ----D---- C:\Users\Trifon\AppData\Roaming\AegisSaga

======List of files/folders modified in the last 1 month======

2020-05-04 12:03:58 ----D---- C:\Program Files\trend micro
2020-05-04 12:02:21 ----D---- C:\WINDOWS\Temp
2020-05-04 11:15:00 ----D---- C:\WINDOWS\system32\sru
2020-05-04 11:02:24 ----D---- C:\WINDOWS\system32\SleepStudy
2020-05-04 10:18:08 ----D---- C:\WINDOWS\System32
2020-05-04 10:18:08 ----D---- C:\WINDOWS\INF
2020-05-04 10:18:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-04 10:12:43 ----D---- C:\WINDOWS\Prefetch
2020-05-04 10:12:16 ----D---- C:\ProgramData\NVIDIA
2020-05-04 10:12:10 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2020-05-03 15:59:53 ----RD---- C:\WINDOWS\Microsoft.NET
2020-05-03 12:25:41 ----D---- C:\Program Files (x86)\Steam
2020-05-02 15:17:16 ----SHD---- C:\System Volume Information
2020-05-02 15:17:08 ----D---- C:\WINDOWS\Logs
2020-05-02 09:14:40 ----HD---- C:\Program Files\WindowsApps
2020-05-02 09:14:25 ----D---- C:\WINDOWS\AppReadiness
2020-05-02 09:10:34 ----D---- C:\WINDOWS\system32\config
2020-04-28 12:00:01 ----D---- C:\WINDOWS\system32\LogFiles
2020-04-27 18:23:29 ----D---- C:\WINDOWS\system32\NDF
2020-04-27 09:39:38 ----D---- C:\Users\Trifon\AppData\Roaming\SmartSteamEmu
2020-04-21 17:32:04 ----D---- C:\WINDOWS\system32\drivers
2020-04-21 12:45:58 ----D---- C:\WINDOWS\system32\Tasks
2020-04-21 12:45:54 ----HD---- C:\WINDOWS\ELAMBKUP
2020-04-19 21:01:20 ----D---- C:\WINDOWS\system32\catroot2
2020-04-19 14:08:02 ----D---- C:\WINDOWS\WinSxS
2020-04-18 18:58:03 ----D---- C:\Users\Trifon\AppData\Roaming\uTorrent
2020-04-18 13:40:42 ----D---- C:\WINDOWS\CbsTemp
2020-04-18 13:29:59 ----D---- C:\WINDOWS\SYSWOW64\en-US
2020-04-18 13:29:59 ----D---- C:\WINDOWS\SysWOW64
2020-04-18 13:29:59 ----D---- C:\WINDOWS\system32\en-US
2020-04-18 13:29:59 ----A---- C:\WINDOWS\SYSWOW64\dpnsvr.exe
2020-04-18 13:29:59 ----A---- C:\WINDOWS\SYSWOW64\dpnlobby.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\SYSWOW64\dpnhupnp.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\SYSWOW64\dpnhpast.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\SYSWOW64\dpnet.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\SYSWOW64\dpnathlp.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\SYSWOW64\dpnaddr.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2020-04-18 13:29:59 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\system32\dpnet.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\system32\dpnathlp.dll
2020-04-18 13:29:59 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2020-04-18 13:29:58 ----A---- C:\WINDOWS\SYSWOW64\dpwsockx.dll
2020-04-18 13:29:58 ----A---- C:\WINDOWS\SYSWOW64\dpmodemx.dll
2020-04-18 13:29:58 ----A---- C:\WINDOWS\SYSWOW64\dplayx.dll
2020-04-18 13:29:58 ----A---- C:\WINDOWS\SYSWOW64\dplaysvr.exe
2020-04-18 13:28:42 ----SHD---- C:\WINDOWS\Installer
2020-04-18 13:28:40 ----D---- C:\Windows
2020-04-17 09:48:33 ----D---- C:\WINDOWS\system32\DriverStore
2020-04-17 09:47:02 ----D---- C:\WINDOWS\SYSWOW64\de-DE
2020-04-17 09:47:02 ----D---- C:\WINDOWS\system32\wbem
2020-04-17 09:47:02 ----D---- C:\WINDOWS\system32\sk-SK
2020-04-17 09:47:02 ----D---- C:\WINDOWS\system32\migration
2020-04-17 09:47:02 ----D---- C:\WINDOWS\system32\de-DE
2020-04-17 09:47:02 ----D---- C:\WINDOWS\system32\Boot
2020-04-17 09:47:02 ----D---- C:\WINDOWS\ShellExperiences
2020-04-17 09:47:01 ----D---- C:\WINDOWS\Provisioning
2020-04-17 09:47:01 ----D---- C:\WINDOWS\PolicyDefinitions
2020-04-17 09:47:01 ----D---- C:\WINDOWS\bcastdvr
2020-04-17 09:47:01 ----D---- C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-15 10:52:50 ----D---- C:\ProgramData\Microsoft Help
2020-04-15 10:50:55 ----RD---- C:\WINDOWS\assembly
2020-04-15 10:50:02 ----A---- C:\WINDOWS\win.ini
2020-04-11 15:30:04 ----D---- C:\Users\Trifon\AppData\Roaming\TheMagiciansWorkshop
2020-04-06 14:20:07 ----D---- C:\Users\Trifon\AppData\Roaming\along_the_edge

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\WINDOWS\system32\drivers\aswArDisk.sys [2020-04-21 37856]
R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsh.sys [2020-04-21 178968]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniv.sys [2020-04-21 60696]
R0 aswElam;aswElam; C:\WINDOWS\system32\drivers\aswElam.sys [2020-02-26 16304]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2020-04-21 85056]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2020-04-21 317280]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2019-12-04 55608]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2020-03-12 254264]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-09-15 40960]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-08-22 15232]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2020-04-21 206120]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriver.sys [2020-04-21 234776]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2020-04-21 42984]
R1 aswNetHub;aswNetHub; C:\WINDOWS\system32\drivers\aswNetHub.sys [2020-04-21 500960]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2020-04-21 109480]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2020-04-21 851808]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2020-04-21 459408]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-09-15 63288]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-09-15 60416]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-09-15 8704]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\E:\Program Files (x86) instal games\iso\UltraISO\drivers\ISODrv64.sys [2013-11-21 115448]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2020-04-21 175920]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2020-04-21 235696]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2020-02-14 452608]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2019-12-04 51712]
R2 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2019-12-02 184320]
R3 dtlitescsibus;@oem5.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-02-24 30264]
R3 dtliteusbbus;@oem32.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2017-02-24 47672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 MEIx64;@oem16.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;@oem19.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2019-11-21 228792]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_eb2e336f678f7f83\nvlddmkm.sys [2019-12-03 22744696]
R3 nvvad_WaveExtensible;@oem14.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2019-04-17 69840]
R3 nvvhci;@oem12.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\WINDOWS\System32\drivers\nvvhci.sys [2019-04-17 75600]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2018-09-15 605696]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-09-15 42504]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-09-15 319488]
S0 iaStorA;iaStorA; C:\WINDOWS\system32\DRIVERS\iaStorA.sys [2013-08-07 644968]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-09-15 885048]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-09-15 148480]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-09-15 124416]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-09-15 128512]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-09-15 75264]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-09-15 79872]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-09-15 58880]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-09-15 68608]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-09-15 41784]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2020-04-16 134968]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-09-15 19968]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-09-15 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2020-02-14 137528]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2019-12-04 174392]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2018-09-15 153400]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2020-03-12 103952]
S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2016-01-18 78088]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2019-12-04 111104]
S3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2019-12-04 91136]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\WINDOWS\System32\drivers\BTHMINI.sys [2018-09-15 34816]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2019-12-04 1232384]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2019-12-04 92672]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-09-15 40960]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-09-15 63288]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-09-15 125952]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-09-15 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-09-15 51512]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\WINDOWS\System32\drivers\hidspi.sys [2018-09-15 60928]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-12-04 80400]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-09-15 27648]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-09-15 1866768]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-09-15 36352]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-09-15 91136]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-09-15 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-09-15 93184]
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2018-09-15 112128]
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2018-09-15 96256]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-09-15 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-09-15 175104]
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [2018-09-15 180736]
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [2018-09-15 177664]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-09-15 566800]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-09-15 45568]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-09-15 42496]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-09-15 124928]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-09-15 515384]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-09-15 58680]
S3 MbbCx;MBB Network Adapter Class Extension; C:\WINDOWS\system32\drivers\MbbCx.sys [2019-12-04 290304]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2018-09-15 53760]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-09-15 1150496]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-09-15 153616]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-09-15 184320]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-09-15 148480]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2019-07-23 30336]
S3 PktMon;Packet Monitor Driver; C:\WINDOWS\system32\drivers\PktMon.sys [2018-09-15 85504]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2019-12-04 117248]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-09-15 17408]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-12-04 981816]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-09-15 202240]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-09-15 108032]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-09-15 33280]
S4 NvStUSB;@oem36.inf,%NvStUSB.SvcDesc%;NVIDIA Stereoscopic 3D USB driver; C:\WINDOWS\system32\DRIVERS\nvstusb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2020-03-04 3374160]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020-03-04 3103824]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2013-05-07 936728]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-06-18 1360016]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2020-04-21 345384]
R2 AvastWscReporter;AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2020-04-21 58048]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
R2 CDPUserSvc_4c9c7;CDPUserSvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 KMS-R@1n;KMS-R@1n; C:\Windows\KMS-R@1n.exe [2019-12-03 26112]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 McAfee WebAdvisor;McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [2020-04-21 916712]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2019-12-02 26112]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-12-07 139056]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-12-07 139056]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-12-07 139056]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-09-28 858480]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2019-11-21 860016]
R2 OneSyncSvc_4c9c7;OneSyncSvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\syswow64\PnkBstrA.exe [2015-10-14 76888]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2020-04-21 5504928]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
R3 cbdhsvc_4c9c7;cbdhsvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-12-10 335416]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 BcastDVRUserService_4c9c7;BcastDVRUserService_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 BluetoothUserService_4c9c7;BluetoothUserService_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 BRSptStub;BitRaider Mini-Support Service Stub Loader; C:\ProgramData\BitRaider\BRSptStub.exe [2016-01-18 363208]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 CaptureService_4c9c7;CaptureService_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 ConsentUxUserSvc_4c9c7;ConsentUxUserSvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 DevicePickerUserSvc_4c9c7;DevicePickerUserSvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 DevicesFlowUserSvc_4c9c7;DevicesFlowUserSvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-12-04 92672]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; E:\Deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
S3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-09-09 43632]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\elevation_service.exe [2020-04-25 1095664]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-10 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 MessagingService_4c9c7;MessagingService_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-09-28 858480]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-13 189640]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [2018-09-15 78848]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 PimIndexMaintenanceSvc_4c9c7;PimIndexMaintenanceSvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 PrintWorkflowUserSvc_4c9c7;PrintWorkflowUserSvc_4c9c7; C:\WINDOWS\system32\svchost.exe [2018-09-15 51696]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-09-15 51696]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2020-02-14 831800]

-----------------EOF-----------------

#2 Příspěvek od **Conder** » 04 kvě 2020 21:07

Ahoj

Program McAfee WebAdvisor mozes odinstalovat, ak ho nepotrebujes. V PC uz nainstalovany Avast.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Spustit skenovani a pockaj na dokoncenie
V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede

Slovak · #3 Příspěvek od **Slovak** » 05 kvě 2020 09:31

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-05-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 2
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted acklnhgjphbhhomkneonohbjnbmkclfb

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1446 octets] - [05/05/2020 10:27:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Conder** » 05 kvě 2020 14:06

Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

Slovak · #5 Příspěvek od **Slovak** » 05 kvě 2020 14:27

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by Trifon (administrator) on TRIFON-PC (ASUS All Series) (05-05-2020 15:21:08)
Running from C:\Users\Trifon\Desktop
Loaded Profiles: Trifon (Available Profiles: Trifon)
Platform: Windows 10 Pro Version 1809 17763.1158 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\KMS-R@1n.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe <2>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(StarWind Software) [File not signed] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108216 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKU\S-1-5-21-1601266965-4254244799-107981220-1000\...\Run: [Opera Browser Assistant] => C:\Users\Trifon\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3024920 2020-03-27] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Policies\...\system: [disablecmd] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-29] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01DCDED8-C9F2-4C34-BAD8-231701F4BFCA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {023D8757-E321-4E00-9252-F08E3C07B22F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {07695D79-8BE9-4A45-8DE8-3E5E4970BB4C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0A459120-3CF3-4173-B633-ABB3BF2E2E25} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0B0DF744-959A-49F6-AADA-9536D019EB14} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0C5FEEAC-080D-47A8-80FA-76FBD09C4880} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {10369A3F-9DD0-41B5-B5BF-416509F219DF} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {1404FF05-A006-4A92-84FC-41CE1B4BE450} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {179EF8CA-7316-4B24-97ED-6769CCD28CAD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3325032 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
Task: {19EC6F21-6574-484F-867A-B54E07F8D2C8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {255ABDBB-CF61-46D3-82BB-F472CCC762BA} - System32\Tasks\{DC49EDFF-3518-4D7A-A7AF-A2F40FAF5AB0} => C:\Program Files (x86)\Zoom Player\zplayer.exe [7918080 2015-11-25] (Inmatrix LTD) [File not signed]
Task: {323CD2D0-67B8-45A4-953F-48D13B3672C1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {34753DAA-A3B9-43B8-A514-0C6A3039B7EA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {350EBEBE-38E9-4FED-8301-DC2953EBAAA4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {37ED267F-CBDC-4F10-8D10-770AA3E26298} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3F11C961-0302-400E-BFD3-24E80651DD68} - System32\Tasks\{2F8702A7-BDD0-421A-AB32-372C69A8FCCF} => C:\Program Files (x86)\Zoom Player\zplayer.exe [7918080 2015-11-25] (Inmatrix LTD) [File not signed]
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4A334B79-6562-4769-87A7-C24FD35C1639} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F21BADC-370E-421B-B92E-EADE7CFEB649} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5294E04F-527F-4457-A370-475908E03F03} - System32\Tasks\Opera scheduled assistant Autoupdate 1582268066 => C:\Users\Trifon\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Task: {535A92F8-0858-4349-9CD4-83255709EF84} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5922A78B-4749-4C4D-880B-272E09FE9E8D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {61998629-9A5F-4F13-90BA-88E2745D410A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {64384F20-17ED-48A4-A9BA-454795FAA455} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {653D1DAB-EA25-4B5B-8183-AD40B14708FB} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6EDE8F0A-7492-4F84-91D8-C8336D19C851} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77A4E56F-752B-47DF-91F8-4D6E0CB1BCED} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7B70996F-6AAE-4F27-9339-DB94C3AD01DA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7EA8453D-26FA-4DDB-925F-5F25A99F0697} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {85B59E5A-D9D3-4380-B8F8-6FA029663BCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {8983FCC7-1E96-4FBC-9357-F92F816F2A1A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {89BE730F-F8FE-44BB-8AC0-A0F43C8A2229} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654456 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B1FC2D4-8AD2-44EF-BC1D-B2D4CA2DB460} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-10] (Google Inc -> Google Inc.)
Task: {8E04CBF9-C995-4A3F-8316-5B70A9CB1460} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {92178D0F-4367-4AC0-AE55-BFB41917B8EA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {93BFEE50-D622-4CEB-90DA-E2F84C2CB180} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {9F5CB5F7-BEEC-42F1-9E2D-B7A3634C17FD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A2A416DA-2C41-4594-9F59-88EB39817ACE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A398FEED-2B11-492D-9D70-6FBCCCA8BDFE} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A80F23FF-BD0D-4602-8781-1C1047A93589} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AF40FF5E-F354-444E-9292-535F04562AB8} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B7793902-4213-45F7-AF9E-19E64FFE4A39} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFD91888-E490-4246-987E-C0F106CAA766} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {C2D2CC21-5DF2-4652-B2C3-DDE7974446C0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3D4B5BF-1E7F-468F-8684-F7955F4AC5D7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4B43DE2-1AE0-483F-9C65-2E44C604DA0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C9D9E2CF-B0D1-4053-B939-C1819CE5B16C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D015A61A-B514-4EE0-87FE-11C0B04E3E4E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBEBFB9C-D300-4E3E-A06E-967187EB508E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {DD9C46F5-9D04-42A2-8DEC-3924B5DA4E13} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DED08345-1B2D-4DD8-9947-910E5BF2C51D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301928 2019-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1C12F68-F739-43E0-8BC3-92EFFC137A00} - System32\Tasks\Opera scheduled Autoupdate 1575368150 => C:\Users\Trifon\AppData\Local\Programs\Opera\launcher.exe [1538584 2020-03-27] (Opera Software AS -> Opera Software)
Task: {E7926B6D-5F50-4F9E-B2E0-B6D3424C4968} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {EF253B19-A33B-4FD3-938D-153710FF0323} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-10] (Google Inc -> Google Inc.)
Task: {F02168A8-3D34-4523-B72C-E824F18EABB0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {F3A0B4C1-AD21-4F73-905F-2D2522BDA75F} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
Task: {F7C96917-10C6-4FDB-9743-C99985295E22} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{0F4109E8-C368-4BBD-B627-550F3133A50A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{98AE020D-A730-4922-94BD-8C823B93D3E4}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rk8vrt1e.default
FF ProfilePath: C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default [2019-12-03]
FF Homepage: Mozilla\Firefox\Profiles\rk8vrt1e.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Avast SafePrice | Porovnanie, ponuky, kupóny) - C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default\Extensions\sp@avast.com.xpi [2019-12-02]
FF Extension: (Avast Online Security) - C:\Users\Trifon\AppData\Roaming\Mozilla\Firefox\Profiles\rk8vrt1e.default\Extensions\wrc@avast.com.xpi [2019-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default [2020-05-05]
CHR HomePage: Default -> hxxps://www.google.com/
CHR Extension: (Dokumenty) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-03-04]
CHR Extension: (YouTube) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-11]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-06]
CHR Extension: (Hľadať v Google) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-03]
CHR Extension: (Avast Passwords) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-02-10]
CHR Extension: (Avast SafePrice | Porovnanie, ponuky, kupóny) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-03-19]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-14]
CHR Extension: (Avast Online Security) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-28]
CHR Extension: (QuickClean) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdeoflfbkpmebldjfkemfhjomgjipgn [2016-05-11]
CHR Extension: (Game of Thrones Ascent) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlmehpiikmcdamekkndkbkcefnfefai [2016-05-11]
CHR Extension: (JoJo's Bizarre Adventure (Theme)) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilcjfhgbaghkofnnpndjpejfdklfjfmp [2019-03-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-04-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]
CHR Profile: C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\System Profile [2019-10-25]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] (ASUSTeK Computer Inc. -> )
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-06-18] (ASUSTeK Computer Inc. -> ) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5504928 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [345384 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft -> Alcohol Soft Development Team)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-18] (BitRaider LLC -> BitRaider, LLC)
S3 Disc Soft Lite Bus Service; E:\Deamon tools\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd -> Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2019-12-03] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-14] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5897960 2020-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-12-04] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37856 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206120 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [234776 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178968 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60696 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42984 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175920 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [500960 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109480 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85056 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851808 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459408 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235696 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317280 2020-04-21] (Avast Software s.r.o. -> AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-01-18] (BitRaider -> BitRaider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-24] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ISODrive; E:\Program Files (x86) instal games\iso\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_eb2e336f678f7f83\nvlddmkm.sys [22744696 2019-12-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [394296 2017-02-24] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-02-28] (CyberLink -> CyberLink Corp.)
U3 idsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\DRIVERS\nvstusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-05 15:21 - 2020-05-05 15:21 - 000032670 _____ C:\Users\Trifon\Desktop\FRST.txt
2020-05-05 15:20 - 2020-05-05 15:21 - 000000000 ____D C:\FRST
2020-05-05 15:18 - 2020-05-05 15:18 - 002283520 _____ (Farbar) C:\Users\Trifon\Desktop\FRST64.exe
2020-05-05 10:26 - 2020-05-05 10:28 - 000000000 ____D C:\AdwCleaner
2020-05-05 10:25 - 2020-05-05 10:25 - 008196784 _____ (Malwarebytes) C:\Users\Trifon\Desktop\adwcleaner_8.0.4.exe
2020-05-04 18:57 - 2020-05-04 18:57 - 000021811 _____ C:\Users\Trifon\AppData\Local\recently-used.xbel
2020-05-04 12:03 - 2020-05-04 12:04 - 000000000 ____D C:\rsit
2020-05-04 12:03 - 2020-05-04 12:03 - 001222144 _____ C:\Users\Trifon\Desktop\RSITx64.exe
2020-04-28 09:05 - 2020-04-28 09:05 - 000000221 _____ C:\Users\Trifon\Desktop\Total War SHOGUN 2.url
2020-04-27 09:39 - 2020-04-27 09:40 - 000000000 ____D C:\Users\Trifon\AppData\Roaming\MaskOfThePlagueDoctor
2020-04-21 12:45 - 2020-04-21 12:46 - 000500960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-04-21 12:45 - 2020-04-21 12:45 - 000337048 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-04-21 12:45 - 2020-04-21 12:45 - 000235696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-04-21 12:45 - 2020-04-21 12:45 - 000175920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 023463424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 022137632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 019020800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 015222272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 009672208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 008907264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 007923712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 007871488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 006543528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 006318840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 006060032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 005608120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 004872704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 004695552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 004628480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 004589056 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 003933184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 003887640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 003703808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 003636224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 003632128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 003550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 003493376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 003361080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 003097600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 002917688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 002801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 002749800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 002706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 002417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 002182472 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 002078392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001962000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001709560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001702608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-16 19:56 - 2020-04-16 19:56 - 001702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001675008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001668968 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001664696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001647616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001473296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 001465344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001465272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001346192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-04-16 19:56 - 2020-04-16 19:56 - 001333760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001320448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001257984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001249792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 001012224 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000861496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000808272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000725904 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000649272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000591160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000535056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000452920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSATAPI.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSATAPI.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000280136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000261944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-04-16 19:56 - 2020-04-16 19:56 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmiv2.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 19:56 - 2020-04-16 19:56 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 19:56 - 2020-04-16 19:56 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-16 19:55 - 2020-04-16 19:56 - 001796408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 017487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 007701208 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 004442352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 003582976 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 003005952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 002706944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 002590736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 002426680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 002200576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001727288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001568768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001519488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001387304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001383680 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001259832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 001205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001133056 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 001050640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 001038848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000948288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000902248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000902144 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000856432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000803400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 000744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000659520 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000652600 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 000583096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000536112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000515384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000505640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000298808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000278416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 000253048 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000252728 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 000222008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 000189496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 000131112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 000124504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmiv2.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000089928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-16 19:55 - 2020-04-16 19:55 - 000057856 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 19:55 - 2020-04-16 19:55 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 19:55 - 2020-04-16 19:55 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-11 16:19 - 2020-04-18 15:09 - 000000000 ____D C:\Users\Trifon\AppData\Roaming\BlackstoneAcademyForTheMagicalArts
2020-04-07 12:52 - 2020-04-07 12:52 - 000000000 ____D C:\Users\Trifon\AppData\LocalLow\Brave At Night
2020-04-07 12:46 - 2020-04-07 12:46 - 000000922 _____ C:\Users\Public\Desktop\UltraISO.lnk
2020-04-07 12:46 - 2020-04-07 12:46 - 000000922 _____ C:\ProgramData\Desktop\UltraISO.lnk
2020-04-07 09:29 - 2020-04-07 09:29 - 000001155 _____ C:\Users\Trifon\Desktop\Magical Diary - Horse Hall.lnk
2020-04-07 09:29 - 2020-04-07 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magical Diary - Horse Hall
2020-04-06 14:15 - 2020-04-06 14:15 - 000000000 ____D C:\Users\Trifon\AppData\LocalLow\Sneaky Yak Studio
2020-04-06 12:14 - 2020-04-17 12:07 - 000000000 ____D C:\Users\Trifon\AppData\Roaming\AegisSaga

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-05 15:16 - 2019-12-02 21:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-05-05 14:59 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-05 14:02 - 2015-10-14 12:56 - 000000000 ____D C:\Program Files (x86)\Steam
2020-05-05 13:41 - 2019-12-02 21:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-05 10:35 - 2019-12-02 21:51 - 000941180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-05 10:35 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2020-05-05 10:30 - 2018-06-08 07:36 - 000000000 ____D C:\Users\Trifon\AppData\Local\AVAST Software
2020-05-05 10:29 - 2019-12-02 21:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-05 10:29 - 2015-10-10 20:41 - 000000000 ____D C:\ProgramData\NVIDIA
2020-05-05 10:28 - 2018-09-15 08:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-05-04 18:57 - 2020-02-24 17:08 - 000000000 ____D C:\Users\Trifon\AppData\Local\gtk-2.0
2020-05-04 18:57 - 2020-02-24 17:04 - 000000000 ____D C:\Users\Trifon\AppData\Local\babl-0.1
2020-05-04 12:03 - 2015-12-10 15:36 - 000000000 ____D C:\Program Files\trend micro
2020-05-03 15:25 - 2019-12-02 21:54 - 000000000 ____D C:\Users\Trifon\AppData\Local\Packages
2020-05-03 15:25 - 2018-04-22 20:56 - 000000000 ____D C:\Users\Trifon\AppData\LocalLow\Temp
2020-05-02 10:44 - 2015-10-14 10:24 - 000000000 ____D C:\Users\Trifon\AppData\Local\CrashDumps
2020-05-02 09:14 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-02 09:14 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-02 09:13 - 2019-12-28 12:11 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-05-02 09:13 - 2019-12-28 12:11 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-04-29 08:41 - 2015-10-10 20:37 - 000002331 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-29 08:41 - 2015-10-10 20:37 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-29 08:41 - 2015-10-10 20:37 - 000002290 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-27 18:23 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-04-27 09:39 - 2016-01-09 20:13 - 000000000 ____D C:\Users\Trifon\AppData\Roaming\SmartSteamEmu
2020-04-24 19:17 - 2019-12-02 21:51 - 000000000 ____D C:\Users\Trifon
2020-04-21 12:46 - 2019-12-02 22:28 - 000459408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000851808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000317280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000234776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000206120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000178968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000109480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000085056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000060696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000042984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000037856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-04-21 12:45 - 2019-12-02 22:28 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-04-21 12:45 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-19 13:59 - 2019-12-03 11:13 - 000000000 ____D C:\Users\Trifon\AppData\Local\D3DSCache
2020-04-19 10:17 - 2019-12-02 22:00 - 000000000 ____D C:\Users\Trifon\AppData\Local\PlaceholderTileLogoFolder
2020-04-18 18:58 - 2015-10-10 21:42 - 000000000 ____D C:\Users\Trifon\AppData\Roaming\uTorrent
2020-04-18 13:40 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-18 13:29 - 2018-09-15 09:41 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2020-04-18 13:29 - 2018-09-15 09:41 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2020-04-18 13:29 - 2018-09-15 09:41 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2020-04-18 13:29 - 2018-09-15 09:41 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2020-04-18 13:29 - 2018-09-15 09:37 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2020-04-18 13:29 - 2018-09-15 09:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2020-04-18 13:29 - 2018-09-15 09:37 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2020-04-18 13:29 - 2018-09-15 09:37 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2020-04-18 13:29 - 2018-09-15 09:37 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2020-04-18 13:29 - 2018-09-15 09:37 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2020-04-18 13:29 - 2018-09-15 09:37 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2020-04-18 13:29 - 2015-10-14 09:55 - 000000000 ____D C:\Users\Trifon\Documents\My Games
2020-04-17 09:48 - 2019-12-02 21:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-04-17 09:48 - 2019-12-02 21:54 - 000000000 ___RD C:\Users\Trifon\3D Objects
2020-04-17 09:48 - 2019-12-02 21:50 - 000484216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-17 09:47 - 2018-09-15 18:24 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-17 09:47 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-17 09:47 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-17 09:47 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-17 09:47 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-15 10:52 - 2015-10-14 14:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-04-15 10:50 - 2009-07-14 04:34 - 000000478 _____ C:\WINDOWS\win.ini
2020-04-11 15:30 - 2020-03-25 17:07 - 000000000 ____D C:\Users\Trifon\AppData\Roaming\TheMagiciansWorkshop
2020-04-07 12:48 - 2015-11-26 12:29 - 000000000 ____D C:\Users\Trifon\Documents\My ISO Files
2020-04-07 12:46 - 2015-11-26 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2020-04-06 14:20 - 2017-09-17 14:10 - 000000000 ____D C:\Users\Trifon\AppData\Roaming\along_the_edge

==================== Files in the root of some directories ========

2018-06-02 13:12 - 2018-06-22 19:19 - 000000132 _____ () C:\Users\Trifon\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2017-06-25 15:35 - 2019-12-01 16:12 - 000000132 _____ () C:\Users\Trifon\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-08-11 09:00 - 2019-06-03 20:49 - 000000132 _____ () C:\Users\Trifon\AppData\Roaming\Adobe Targa Format CS5 Prefs
2016-04-01 07:13 - 2016-04-01 07:13 - 000000316 _____ () C:\Users\Trifon\AppData\Roaming\redirect2.dat
2016-03-30 18:26 - 2016-03-30 18:26 - 000000009 _____ () C:\Users\Trifon\AppData\Roaming\update.dat
2019-05-27 12:16 - 2019-05-27 12:16 - 000000071 _____ () C:\Users\Trifon\AppData\Roaming\~SiMPLEX.ini
2016-03-30 18:27 - 2016-04-02 08:58 - 000000004 _____ () C:\Users\Trifon\AppData\Roaming\Microsoft\notaut.txt
2016-04-01 07:19 - 2016-04-01 07:19 - 000000004 _____ () C:\Users\Trifon\AppData\Roaming\Microsoft\notautfbb.txt
2018-05-31 16:11 - 2018-08-23 21:24 - 000001456 _____ () C:\Users\Trifon\AppData\Local\Adobe Save for Web 12.0 Prefs
2019-12-27 15:53 - 2019-12-27 15:53 - 000000410 _____ () C:\Users\Trifon\AppData\Local\oobelibMkey.log
2020-05-04 18:57 - 2020-05-04 18:57 - 000021811 _____ () C:\Users\Trifon\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Trifon (05-05-2020 15:22:02)
Running from C:\Users\Trifon\Desktop
Windows 10 Pro Version 1809 17763.1158 (X64) (2019-12-02 19:54:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1601266965-4254244799-107981220-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1601266965-4254244799-107981220-503 - Limited - Disabled)
Guest (S-1-5-21-1601266965-4254244799-107981220-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1601266965-4254244799-107981220-1002 - Limited - Enabled)
Trifon (S-1-5-21-1601266965-4254244799-107981220-1000 - Administrator - Enabled) => C:\Users\Trifon
WDAGUtilityAccount (S-1-5-21-1601266965-4254244799-107981220-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
7-Zip 19.00 (HKLM-x32\...\{23170F69-40C1-2701-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Reader 9.3 - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 38.0.2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.2.0 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - )
Beaker Browser 0.8.8 (HKU\S-1-5-21-1601266965-4254244799-107981220-1000\...\c1ad1bae-6337-51fe-a91b-ad398e15a38d) (Version: 0.8.8 - Paul Frazee)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1501 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version: - )
ffdshow v1.2.4453 [2012-05-21] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4453.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version: - )
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
GitKraken (HKU\S-1-5-21-1601266965-4254244799-107981220-1000\...\gitkraken) (Version: 6.4.1 - Axosoft, LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
CHAOS CHILD (HKLM-x32\...\CHAOS CHILD_is1) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)
MadVR (remove only) (HKLM-x32\...\MadVR) (Version: - )
Magical Diary 1.09 (HKLM-x32\...\Magical Diary - Horse Hall_is1) (Version: - Hanako Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2013 Professional Plus (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1601266965-4254244799-107981220-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{2fa65abe-2cfc-4cf3-89b1-99122a47fdd6}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Hero Ones Justice (HKLM-x32\...\My Hero Ones Justice_is1) (Version: - )
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nero 8 Lite 8.2.8.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.2.8.0 - Updatepack.nl)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation)
NVIDIA Grafický ovládač 441.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.41 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 67.0.3575.115 (HKU\S-1-5-21-1601266965-4254244799-107981220-1000\...\Opera 67.0.3575.115) (Version: 67.0.3575.115 - Opera Software)
Ovládací panel NVIDIA 441.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 441.41 - NVIDIA Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
PowerDVD (HKLM-x32\...\{8C20787A-7402-4FA7-BF25-6E5750930FDC}) (Version: 9.00.0000 - CyberLink Corp.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 13.0.0.53 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UltraISO Premium V9.72 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for Skype for Business 2015 (KB4484097) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1EB78C78-BFAF-4052-BD35-9A0F99B941CC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484097) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1EB78C78-BFAF-4052-BD35-9A0F99B941CC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484097) 64-Bit Edition (HKLM\...\{90150000-012B-041B-1000-0000000FF1CE}_Office15.PROPLUS_{1EB78C78-BFAF-4052-BD35-9A0F99B941CC}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
We The Revolution (HKU\S-1-5-21-1601266965-4254244799-107981220-1000\...\We The Revolution) (Version: - HOODLUM)
Winamp (HKLM-x32\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1601266965-4254244799-107981220-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR archivátor (HKLM-x32\...\WinRAR archiver) (Version: - )
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 11.1.0 - Inmatrix LTD)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.36.5.0_x86__kgqvnymyfvs32 [2020-05-01] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1750.5.0_x86__kgqvnymyfvs32 [2020-04-27] (king.com)
Doplnok mediálneho nástroja pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0 [2020-04-22] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-21] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-21] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86) instal games\notepad\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-21] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] () [File not signed]
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlex.dll [2013-09-17] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxShlEx64.dll [2013-09-17] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => E:\Program Files (x86) instal games\iso\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-21] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => E:\Program Files (x86) instal games\iso\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] () [File not signed]
ContextMenuHandlers4: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files (x86)\Zoom Player\zpshlext64.dll [2008-08-05] () [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-11-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-21] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => E:\Program Files (x86) instal games\iso\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [79872 2012-05-13] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-05-13] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2011-05-13] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Trifon\AppData\Local\Google\Chrome\User Data\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --show-app-list
ShortcutWithArgument: C:\Users\Trifon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --show-app-list
ShortcutWithArgument: C:\Users\Trifon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --show-app-list

==================== Loaded Modules (Whitelisted) =============

2015-10-10 21:42 - 2006-12-11 02:14 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2019-12-03 10:37 - 2019-12-03 10:37 - 000004096 _____ () [File not signed] C:\WINDOWS\KMS-R@1nHook.dll
2015-10-10 20:39 - 2020-05-05 10:29 - 000033936 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-10 19:52 - 2014-08-25 05:49 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-12-06 19:00 - 2019-09-09 20:37 - 000000035 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Trifon\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Photo Viewer.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4832EEFA-7EA7-47B2-89CF-B729A1D356F3}] => (Allow) D:\Steam - games\steamapps\common\Armello\armello.exe No File
FirewallRules: [{45946636-8DF3-42D4-96F8-4858FE74083F}] => (Allow) D:\Steam - games\steamapps\common\Armello\armello.exe No File
FirewallRules: [{7334FF8B-7009-4FEC-83DE-C44F4117FFB7}] => (Allow) D:\Steam - games\steamapps\common\Hearts of Iron IV\hoi4.exe No File
FirewallRules: [{D4F7A29C-F92B-41BC-8AD3-CF3FFAC777B3}] => (Allow) D:\Steam - games\steamapps\common\Hearts of Iron IV\hoi4.exe No File
FirewallRules: [{0648ECF2-D215-4985-9670-D62A2453D58B}] => (Allow) D:\Steam - games\steamapps\common\Hearts of Iron IV\dowser.exe No File
FirewallRules: [{E53D2F3D-1377-433E-8DDA-301CCA72A39F}] => (Allow) D:\Steam - games\steamapps\common\Hearts of Iron IV\dowser.exe No File
FirewallRules: [{F40B0357-C0D0-490E-9F08-D247BCCD0013}] => (Allow) D:\Steam - games\steamapps\common\Crusader Kings II\CK2game.exe No File
FirewallRules: [{A1919126-6441-4770-99A7-D7EBACC538C6}] => (Allow) D:\Steam - games\steamapps\common\Crusader Kings II\CK2game.exe No File
FirewallRules: [{19438BE7-6C83-4296-831E-16340AE6DB3F}] => (Allow) D:\Steam - games\steamapps\common\Ostalgie The Berlin Wall\Ostalgie.exe No File
FirewallRules: [{DE3278DD-AFA8-4AC2-BAD4-0986ADEE0949}] => (Allow) D:\Steam - games\steamapps\common\Ostalgie The Berlin Wall\Ostalgie.exe No File
FirewallRules: [{7F0E16B1-A2E2-4EE4-BBC9-569A3A55774F}] => (Allow) D:\Steam - games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [{37474C73-C39C-4DD2-B25A-6938FC1A10FD}] => (Allow) D:\Steam - games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [{B3102BA6-8F7A-446C-A821-6794900E567C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D12C202B-E67D-4D6F-960D-3849685B8316}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D156BEF9-CC37-4786-9FEA-AE97D25FA926}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{942E87D7-A2C4-40B3-8F98-405106C90225}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C7F1E6DB-C11B-4B8D-8EBC-19BEA3DAEA46}] => (Allow) D:\Steam - games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [{842A1C45-C319-4779-B2DA-2AA4E5181070}] => (Allow) D:\Steam - games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe No File
FirewallRules: [{AEFEC336-95F4-4538-A1F8-51C2B1D2DBDD}] => (Allow) D:\Steam - games\steamapps\common\swkotor\swkotor.exe No File
FirewallRules: [{BFEB6CB3-4167-4A1E-9300-C752D4DC19E3}] => (Allow) D:\Steam - games\steamapps\common\swkotor\swkotor.exe No File
FirewallRules: [{5AD5D4AC-A70C-468A-8077-4382AFDCDDE4}] => (Allow) D:\Steam - games\steamapps\common\Knights of the Old Republic II\swkotor2.exe No File
FirewallRules: [{7760973B-E4B2-4E6E-9C9A-82F6188FF00A}] => (Allow) D:\Steam - games\steamapps\common\Knights of the Old Republic II\swkotor2.exe No File
FirewallRules: [{AB14D2B6-5D16-4476-B3C6-A902B2ACA109}] => (Allow) D:\Steam - games\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe No File
FirewallRules: [{D86F7897-4254-4211-88D0-D01C83777FF6}] => (Allow) D:\Steam - games\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win7.exe No File
FirewallRules: [{F301DF1F-1AF4-4362-8CE1-BF0F1D556CD5}] => (Allow) D:\Steam - games\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe No File
FirewallRules: [{D4E66E55-291F-4296-AFF3-32B4894E5FD6}] => (Allow) D:\Steam - games\steamapps\common\The Walking Dead - A New Frontier (Season 3)\WalkingDead3_win8.exe No File
FirewallRules: [{3BDE8AAA-0FB5-411E-A1CD-398EB6809C0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7516135A-DB1E-44C8-92BE-5AFB26DFED6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BFC83964-B7CF-41BE-9BA3-76AF9C177E33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{824DBDFD-CD2A-44CB-A552-01821416A1BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6A602CA1-767D-4739-98E7-752D64D085EB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8846615-3F80-4CDF-8BAC-5BF04C086FA3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6EA6E843-F08E-42D1-828B-1C853CEF3DF0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7227D57-33F8-45BB-B243-9CBEF00F0F0C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F69D36C8-0C0C-474E-96F4-0AB99DBC95B6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{628B0641-27BF-41DD-B059-3F15939BD6F9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D6F8C32-2CE9-403E-A15B-7AF5C83D6DC6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB23FEB9-2F12-45EB-B725-BBEDF206EC18}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{38FDF4A1-B608-4BB0-BC39-EDD427B52F1B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6604C3D6-D38E-44CF-A387-F0D7DDA05193}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3268138F-9713-4FAC-8E48-28114642ABA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{335E15BD-5DD2-41C1-8E02-4A220A2F3665}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D3475DD7-3593-423A-BE8F-C1B1A7A1B754}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{37A7D8D9-1FB3-46BC-8011-EF6E3B0FEA53}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{1A559CFB-608C-4667-B49E-DDC8544437B6}] => (Allow) C:\Users\Trifon\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C5A9B363-8667-464F-A45A-FB143980A0E1}] => (Allow) C:\Users\Trifon\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{ED880DD7-8A66-492F-B7C5-CCF7E01BAA1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{43CDDE9C-D21B-486A-9836-87CEE42F20E9}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{6C661CB1-666D-4752-BE00-12F60C5A61AB}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{BBDFF24E-B8F4-40E9-B6EB-F99143D9EC4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ostalgie The Berlin Wall\Ostalgie.exe () [File not signed]
FirewallRules: [{F5C78A0B-DC4E-4DB4-9448-62485ACA2B86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ostalgie The Berlin Wall\Ostalgie.exe () [File not signed]
FirewallRules: [TCP Query User{F8524555-EE4C-4B16-928F-A494450B0D56}E:\steam - games\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) E:\steam - games\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{EA25CB27-0D5D-4383-A650-78A3CC55B5CF}E:\steam - games\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) E:\steam - games\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{70D59706-7C8D-4E30-B778-D948155EA372}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E1996DFF-E069-478B-B3C4-52D31270DA50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{56F07964-A76D-4B20-BBCF-010D9C843F87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CD61633E-31A4-446A-A49D-29B4E7B18757}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{72F21396-012C-4086-8055-527B750E0316}] => (Allow) C:\Users\Trifon\AppData\Local\Programs\Opera\65.0.3467.72\opera.exe No File
FirewallRules: [{60517EAC-793F-4B95-B540-60C57BE15A4C}] => (Allow) C:\Users\Trifon\AppData\Local\Programs\Opera\65.0.3467.78\opera.exe No File
FirewallRules: [{02C1346C-D39A-4444-A4D4-AC5B294AF8B3}] => (Allow) E:\Steam - games\steamapps\common\Elisa the Innkeeper\nw.exe (The NWJS Community) [File not signed]
FirewallRules: [{7CCCFA3E-AE5A-4961-B5C4-75CD6C1D28A8}] => (Allow) E:\Steam - games\steamapps\common\Elisa the Innkeeper\nw.exe (The NWJS Community) [File not signed]
FirewallRules: [{724EEE32-7159-4E7A-A2E0-5099B915E922}] => (Allow) E:\Steam - games\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{4F9EC680-7B33-4326-B4DD-E9896999DB6D}] => (Allow) E:\Steam - games\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{A55D6D06-9F16-44EB-A7C8-C3D5BDEB97DA}] => (Allow) E:\Steam - games\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{2F68E32E-0611-4000-96F2-F1D9E2ECEF89}] => (Allow) E:\Steam - games\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{292AADF6-25A0-49DB-A215-B82D2BB8B124}] => (Allow) E:\Steam - games\steamapps\common\The Pillars of the Earth\pillars.exe (Daedalic Entertainment GmbH) [File not signed]
FirewallRules: [{B501BE5E-868E-4F58-8826-FB29E70FA628}] => (Allow) E:\Steam - games\steamapps\common\The Pillars of the Earth\pillars.exe (Daedalic Entertainment GmbH) [File not signed]
FirewallRules: [{12B7F49E-757A-4A36-B4C3-A57284D069C8}] => (Allow) E:\Steam - games\steamapps\common\Mao's Legacy\China.exe () [File not signed]
FirewallRules: [{A1BB15E7-739D-4F7A-A6D5-02DA2D01C3E6}] => (Allow) E:\Steam - games\steamapps\common\Mao's Legacy\China.exe () [File not signed]
FirewallRules: [{5AE14E6F-F699-428A-A0FF-E3FDC1DC86FF}] => (Allow) E:\Steam - games\steamapps\common\ChineseParent\game.exe () [File not signed]
FirewallRules: [{3F341A01-E6C9-4FBF-A4A8-E6C8F6BBD641}] => (Allow) E:\Steam - games\steamapps\common\ChineseParent\game.exe () [File not signed]
FirewallRules: [{7E4533F2-C0DF-4F76-80B6-A7A9FDE4B873}] => (Allow) E:\Steam - games\steamapps\common\ReignsGoT\ReignsGoT.exe () [File not signed]
FirewallRules: [{26879423-FB08-4640-8EAA-0C9A01F79590}] => (Allow) E:\Steam - games\steamapps\common\ReignsGoT\ReignsGoT.exe () [File not signed]
FirewallRules: [{7EBE49BF-396B-4631-929E-BECABB4F8198}] => (Allow) E:\Steam - games\steamapps\common\Stellaris\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{63A4F74B-245F-499D-BFEA-5024B36AC321}] => (Allow) E:\Steam - games\steamapps\common\Stellaris\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{D1A23B0B-839E-433F-BCA9-05F7DBC6BDBB}] => (Allow) E:\Program Files (x86) instal games\oldrepublic\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{B4E25AA0-A861-461B-A695-2ED9AFB73DDC}] => (Allow) E:\Program Files (x86) instal games\oldrepublic\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{8004E47B-D12C-48B9-9876-0C17679512DD}] => (Allow) E:\Program Files (x86) instal games\oldrepublic\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{28152FA7-5CD7-4693-83CE-FCBDCBEB9824}] => (Allow) E:\Program Files (x86) instal games\oldrepublic\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{A3552F63-501A-4819-B8BA-0CF02EC11EFC}] => (Allow) E:\Steam - games\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{C0787F84-DF55-42B8-BC6B-9CEE10A5168D}] => (Allow) E:\Steam - games\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [TCP Query User{FCE1C27E-9E07-42A4-9BFC-91ABB42478CD}C:\users\trifon\appdata\local\programs\beaker-browser\beaker browser.exe] => (Allow) C:\users\trifon\appdata\local\programs\beaker-browser\beaker browser.exe (Paul Frazee) [File not signed]
FirewallRules: [UDP Query User{54A11C82-7DB0-41B7-AAC5-66D5BDBC0DA1}C:\users\trifon\appdata\local\programs\beaker-browser\beaker browser.exe] => (Allow) C:\users\trifon\appdata\local\programs\beaker-browser\beaker browser.exe (Paul Frazee) [File not signed]
FirewallRules: [TCP Query User{852E2BE0-0D71-4604-89DA-A2DEA9CF9C64}E:\downloads\ironheart\ironheart\ironheart\ironheart.exe] => (Allow) E:\downloads\ironheart\ironheart\ironheart\ironheart.exe No File
FirewallRules: [UDP Query User{1B9951A6-28FD-4B3A-A388-48C096C6373F}E:\downloads\ironheart\ironheart\ironheart\ironheart.exe] => (Allow) E:\downloads\ironheart\ironheart\ironheart\ironheart.exe No File
FirewallRules: [TCP Query User{72E5E25B-1BFD-415E-B842-3DC02CAC4DB3}E:\downloads\choice.of.magics\choice.of.magics\choice of magics\choiceofmagics.exe] => (Allow) E:\downloads\choice.of.magics\choice.of.magics\choice of magics\choiceofmagics.exe No File
FirewallRules: [UDP Query User{BE60D6D5-7D65-4A69-B47D-49A4775AE77E}E:\downloads\choice.of.magics\choice.of.magics\choice of magics\choiceofmagics.exe] => (Allow) E:\downloads\choice.of.magics\choice.of.magics\choice of magics\choiceofmagics.exe No File
FirewallRules: [TCP Query User{90DEC5FA-D98E-444A-ACFB-26FE423C82FE}E:\downloads\fog.knows.your.name\fog.knows.your.name\fog knows your name\fogknowsyourname.exe] => (Allow) E:\downloads\fog.knows.your.name\fog.knows.your.name\fog knows your name\fogknowsyourname.exe No File
FirewallRules: [UDP Query User{8DD79BC9-0CA3-4E17-9188-466BDF8DCAD8}E:\downloads\fog.knows.your.name\fog.knows.your.name\fog knows your name\fogknowsyourname.exe] => (Allow) E:\downloads\fog.knows.your.name\fog.knows.your.name\fog knows your name\fogknowsyourname.exe No File
FirewallRules: [TCP Query User{44AEFE38-7A01-499B-82B3-2DE4017797CE}E:\downloads\the.soul.stone.war\the soul stone war\thesoulstonewar.exe] => (Allow) E:\downloads\the.soul.stone.war\the soul stone war\thesoulstonewar.exe No File
FirewallRules: [UDP Query User{DA1FE145-1B03-4139-B000-88E694654C85}E:\downloads\the.soul.stone.war\the soul stone war\thesoulstonewar.exe] => (Allow) E:\downloads\the.soul.stone.war\the soul stone war\thesoulstonewar.exe No File
FirewallRules: [{73ACD5DA-791C-439A-8277-A68CB2E587A5}] => (Allow) C:\Users\Trifon\AppData\Local\Programs\Opera\67.0.3575.97\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{DD31561C-1BA4-466B-8379-6B6A8363DDEC}E:\downloads\the.magicians.workshop\the.magicians.workshop\the magician's workshop\themagiciansworkshop.exe] => (Allow) E:\downloads\the.magicians.workshop\the.magicians.workshop\the magician's workshop\themagiciansworkshop.exe No File
FirewallRules: [UDP Query User{0023B9E8-A234-49D7-864D-939EF6D2E09B}E:\downloads\the.magicians.workshop\the.magicians.workshop\the magician's workshop\themagiciansworkshop.exe] => (Allow) E:\downloads\the.magicians.workshop\the.magicians.workshop\the magician's workshop\themagiciansworkshop.exe No File
FirewallRules: [{E64593EC-41F8-4612-956B-53F56215687A}] => (Allow) C:\Users\Trifon\AppData\Local\Programs\Opera\67.0.3575.115\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{650049AA-1051-4EF7-8610-1B04C08A7D5C}E:\downloads\magical.diary.wolf.hall.v1.0.12\magical.diary.wolf.hall.v1.0.12\magical diary wolf hall\lib\windows-i686\wolfhall.exe] => (Allow) E:\downloads\magical.diary.wolf.hall.v1.0.12\magical.diary.wolf.hall.v1.0.12\magical diary wolf hall\lib\windows-i686\wolfhall.exe No File
FirewallRules: [UDP Query User{C96CA83B-E194-4B48-A6EC-F2BB00B22120}E:\downloads\magical.diary.wolf.hall.v1.0.12\magical.diary.wolf.hall.v1.0.12\magical diary wolf hall\lib\windows-i686\wolfhall.exe] => (Allow) E:\downloads\magical.diary.wolf.hall.v1.0.12\magical.diary.wolf.hall.v1.0.12\magical diary wolf hall\lib\windows-i686\wolfhall.exe No File
FirewallRules: [TCP Query User{8B6E361B-82E6-4712-98EC-3750EB0D4490}E:\downloads\the.aegis.saga\the.aegis.saga\the aegis saga\aegissaga.exe] => (Allow) E:\downloads\the.aegis.saga\the.aegis.saga\the aegis saga\aegissaga.exe (Choice of Games) [File not signed]
FirewallRules: [UDP Query User{B18E87DA-C905-406C-AF8D-264EEDD6F49D}E:\downloads\the.aegis.saga\the.aegis.saga\the aegis saga\aegissaga.exe] => (Allow) E:\downloads\the.aegis.saga\the.aegis.saga\the aegis saga\aegissaga.exe (Choice of Games) [File not signed]
FirewallRules: [TCP Query User{4123228D-215E-4CC6-87F4-979747D5093E}E:\downloads\blackstone.academy.for.the.magical.arts\blackstone.academy.for.the.magical.arts\blackstone academy for the magical arts\blackstoneacademyforthemagicalarts.exe] => (Allow) E:\downloads\blackstone.academy.for.the.magical.arts\blackstone.academy.for.the.magical.arts\blackstone academy for the magical arts\blackstoneacademyforthemagicalarts.exe (Choice of Games) [File not signed]
FirewallRules: [UDP Query User{E7FAC39D-F753-4E5F-9642-8FB8F72BCFE8}E:\downloads\blackstone.academy.for.the.magical.arts\blackstone.academy.for.the.magical.arts\blackstone academy for the magical arts\blackstoneacademyforthemagicalarts.exe] => (Allow) E:\downloads\blackstone.academy.for.the.magical.arts\blackstone.academy.for.the.magical.arts\blackstone academy for the magical arts\blackstoneacademyforthemagicalarts.exe (Choice of Games) [File not signed]
FirewallRules: [{AF7B1C1B-723B-458A-AE65-6E0E069109F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{244702B0-2E42-46A0-A374-B0EBF3FBAC9A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA8FE966-DCC9-423E-9FF8-083136095934}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D8159068-79D9-4806-9072-6CB00C5A9E47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61BC0613-F48A-43E7-A045-FB51A9E69090}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{15F4A2BA-E8EF-48DA-8EC2-053B0E481C8B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{04D4DC9A-49C9-4FA7-A3D0-C0786D43B300}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C53B80C9-5B40-4E41-8284-3F9D035D0695}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F9C3B751-D285-4AF9-BAD4-B660B4D49D7B}C:\users\trifon\desktop\mask.of.the.plague.doctor\mask.of.the.plague.doctor\mask of the plague doctor\maskoftheplaguedoctor.exe] => (Allow) C:\users\trifon\desktop\mask.of.the.plague.doctor\mask.of.the.plague.doctor\mask of the plague doctor\maskoftheplaguedoctor.exe No File
FirewallRules: [UDP Query User{CFA691FC-F56B-4B4C-AAC3-3E5EFC887C34}C:\users\trifon\desktop\mask.of.the.plague.doctor\mask.of.the.plague.doctor\mask of the plague doctor\maskoftheplaguedoctor.exe] => (Allow) C:\users\trifon\desktop\mask.of.the.plague.doctor\mask.of.the.plague.doctor\mask of the plague doctor\maskoftheplaguedoctor.exe No File
FirewallRules: [{038152CB-9C1A-4F2B-A4C1-8EC25D2B8024}] => (Allow) E:\Steam - games\steamapps\common\Total War SHOGUN 2\Shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{E0F9DA66-F334-4F90-BE7A-3D01053A3162}] => (Allow) E:\Steam - games\steamapps\common\Total War SHOGUN 2\Shogun2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{D62C9DFE-0C1B-4C9C-BCCA-47A5E9371E73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-04-2020 13:28:32 Installed DirectX
02-05-2020 15:17:10 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2020 10:35:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (05/05/2020 10:35:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (05/05/2020 10:09:16 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-05-11T09:28:16Z. Error Code: 0x80070005.

Error: (05/05/2020 09:11:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (05/05/2020 09:11:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (05/04/2020 11:34:14 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-05-11T09:28:14Z. Error Code: 0x80070005.

System errors:
=============
Error: (05/05/2020 03:16:35 PM) (Source: DCOM) (EventID: 10016) (User: Trifon-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Trifon-PC\Trifon SID (S-1-5-21-1601266965-4254244799-107981220-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2020 02:01:29 PM) (Source: DCOM) (EventID: 10016) (User: Trifon-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Trifon-PC\Trifon SID (S-1-5-21-1601266965-4254244799-107981220-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2020 01:58:59 PM) (Source: DCOM) (EventID: 10016) (User: Trifon-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Trifon-PC\Trifon SID (S-1-5-21-1601266965-4254244799-107981220-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2020 10:32:17 AM) (Source: DCOM) (EventID: 10016) (User: Trifon-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Trifon-PC\Trifon SID (S-1-5-21-1601266965-4254244799-107981220-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2020 10:30:43 AM) (Source: DCOM) (EventID: 10016) (User: Trifon-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Trifon-PC\Trifon SID (S-1-5-21-1601266965-4254244799-107981220-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2020 10:30:02 AM) (Source: DCOM) (EventID: 10016) (User: Trifon-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user Trifon-PC\Trifon SID (S-1-5-21-1601266965-4254244799-107981220-1000) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/05/2020 10:29:30 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (05/05/2020 10:29:28 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Windows Defender:
===================================
Date: 2019-12-02 21:10:33.701
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win32/Keygen
ID: 2147593794
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Users\Trifon\Desktop\Loader windows 7.8.10\Loader windows 7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Engine Version: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2019-12-02 21:10:33.391
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Users\Trifon\Desktop\Loader windows 7.8.10\loader windows 10.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Engine Version: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2019-12-02 21:10:22.212
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Users\Trifon\Desktop\Loader windows 7.8.10\Loader windows 8.exe->[SAResource]->[MSILRES:?.?.resources]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Engine Version: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2019-12-02 21:09:58.486
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Users\Trifon\Desktop\Loader windows 7.8.10\Loader windows 8.exe->[SAResource]->[MSILRES:?.?.resources]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Engine Version: AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2019-12-02 21:09:45.837
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:Win32/Keygen
ID: 2147593794
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Users\Trifon\Desktop\Loader windows 7.8.10\Loader windows 7.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.273.933.0, AS: 1.273.933.0, NIS: 1.273.933.0
Engine Version: AM: 1.1.15100.1, NIS: 1.1.15100.1

CodeIntegrity:
===================================

Date: 2020-05-05 15:20:12.302
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 15:20:12.298
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 15:18:46.052
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 15:18:46.049
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 15:18:45.149
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 15:18:45.142
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 15:18:45.126
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 15:18:45.123
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2202 12/08/2014
Motherboard: ASUSTeK COMPUTER INC. B85M-G
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 8129.96 MB
Available physical RAM: 4894.23 MB
Total Virtual: 8129.96 MB
Available Virtual: 3604.85 MB

==================== Drives ================================

Drive c: (Kingston SDD 240GB) (Fixed) (Total:222.66 GB) (Free:107.6 GB) NTFS
Drive e: (Westel digital 1TB) (Fixed) (Total:931.51 GB) (Free:662.63 GB) NTFS
Drive g: (Westel digital 150GB) (Fixed) (Total:149.05 GB) (Free:119.98 GB) NTFS
Drive h: (TARDIS 1TB) (Fixed) (Total:931.28 GB) (Free:230.32 GB) FAT32

\\?\Volume{6ba8e36a-6f74-11e5-9acc-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{c7e0a5a3-0000-0000-0000-50b037000000}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: C7E0A5A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833 MB) - (Type=27)

==========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 6E697373)
No partition Table on disk 1.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 862031D9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CD108301)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)

==================== End of Addition.txt =======================

#6 Příspěvek od **Conder** » 06 kvě 2020 02:54

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start::
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
ExportKey: HKLM\System\CurrentControlSet\Services\idsvc

HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Policies\...\system: [disablecmd] 0
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {01DCDED8-C9F2-4C34-BAD8-231701F4BFCA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {023D8757-E321-4E00-9252-F08E3C07B22F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B0DF744-959A-49F6-AADA-9536D019EB14} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0C5FEEAC-080D-47A8-80FA-76FBD09C4880} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {34753DAA-A3B9-43B8-A514-0C6A3039B7EA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {350EBEBE-38E9-4FED-8301-DC2953EBAAA4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F21BADC-370E-421B-B92E-EADE7CFEB649} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {535A92F8-0858-4349-9CD4-83255709EF84} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5922A78B-4749-4C4D-880B-272E09FE9E8D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {61998629-9A5F-4F13-90BA-88E2745D410A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6EDE8F0A-7492-4F84-91D8-C8336D19C851} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77A4E56F-752B-47DF-91F8-4D6E0CB1BCED} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7EA8453D-26FA-4DDB-925F-5F25A99F0697} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {92178D0F-4367-4AC0-AE55-BFB41917B8EA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {93BFEE50-D622-4CEB-90DA-E2F84C2CB180} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {9F5CB5F7-BEEC-42F1-9E2D-B7A3634C17FD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A80F23FF-BD0D-4602-8781-1C1047A93589} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7793902-4213-45F7-AF9E-19E64FFE4A39} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C2D2CC21-5DF2-4652-B2C3-DDE7974446C0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C4B43DE2-1AE0-483F-9C65-2E44C604DA0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D015A61A-B514-4EE0-87FE-11C0B04E3E4E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBEBFB9C-D300-4E3E-A06E-967187EB508E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E7926B6D-5F50-4F9E-B2E0-B6D3424C4968} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {F3A0B4C1-AD21-4F73-905F-2D2522BDA75F} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
FF Homepage: Mozilla\Firefox\Profiles\rk8vrt1e.default -> hxxps://www.malwarebytes.org/restorebrowser/
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2019-12-03] () [File not signed]
C:\Windows\KMS-R@1n.exe
U3 idsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\DRIVERS\nvstusb.sys [X]
2020-05-04 12:03 - 2020-05-04 12:04 - 000000000 ____D C:\rsit
2020-05-04 12:03 - 2020-05-04 12:03 - 001222144 _____ C:\Users\Trifon\Desktop\RSITx64.exe
2020-05-04 12:03 - 2015-12-10 15:36 - 000000000 ____D C:\Program Files\trend micro
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86) instal games\notepad\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
2019-12-03 10:37 - 2019-12-03 10:37 - 000004096 _____ () [File not signed] C:\WINDOWS\KMS-R@1nHook.dll
FirewallRules: [{43CDDE9C-D21B-486A-9836-87CEE42F20E9}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{6C661CB1-666D-4752-BE00-12F60C5A61AB}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]

Hosts:
EmptyTemp:
End::

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Slovak · #7 Příspěvek od **Slovak** » 06 kvě 2020 08:43

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Trifon (06-05-2020 09:39:25) Run:1
Running from C:\Users\Trifon\Desktop
Loaded Profiles: Trifon (Available Profiles: Trifon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
ExportKey: HKLM\System\CurrentControlSet\Services\idsvc
HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Policies\...\system: [disablecmd] 0
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {01DCDED8-C9F2-4C34-BAD8-231701F4BFCA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {023D8757-E321-4E00-9252-F08E3C07B22F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B0DF744-959A-49F6-AADA-9536D019EB14} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0C5FEEAC-080D-47A8-80FA-76FBD09C4880} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {34753DAA-A3B9-43B8-A514-0C6A3039B7EA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {350EBEBE-38E9-4FED-8301-DC2953EBAAA4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F21BADC-370E-421B-B92E-EADE7CFEB649} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {535A92F8-0858-4349-9CD4-83255709EF84} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5922A78B-4749-4C4D-880B-272E09FE9E8D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {61998629-9A5F-4F13-90BA-88E2745D410A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6EDE8F0A-7492-4F84-91D8-C8336D19C851} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77A4E56F-752B-47DF-91F8-4D6E0CB1BCED} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7EA8453D-26FA-4DDB-925F-5F25A99F0697} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {92178D0F-4367-4AC0-AE55-BFB41917B8EA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {93BFEE50-D622-4CEB-90DA-E2F84C2CB180} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {9F5CB5F7-BEEC-42F1-9E2D-B7A3634C17FD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A80F23FF-BD0D-4602-8781-1C1047A93589} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7793902-4213-45F7-AF9E-19E64FFE4A39} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C2D2CC21-5DF2-4652-B2C3-DDE7974446C0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C4B43DE2-1AE0-483F-9C65-2E44C604DA0A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D015A61A-B514-4EE0-87FE-11C0B04E3E4E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBEBFB9C-D300-4E3E-A06E-967187EB508E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {E7926B6D-5F50-4F9E-B2E0-B6D3424C4968} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate
Task: {F3A0B4C1-AD21-4F73-905F-2D2522BDA75F} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
FF Homepage: Mozilla\Firefox\Profiles\rk8vrt1e.default -> hxxps://www.malwarebytes.org/restorebrowser/
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2019-12-03] () [File not signed]
C:\Windows\KMS-R@1n.exe
U3 idsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\DRIVERS\nvstusb.sys [X]
2020-05-04 12:03 - 2020-05-04 12:04 - 000000000 ____D C:\rsit
2020-05-04 12:03 - 2020-05-04 12:03 - 001222144 _____ C:\Users\Trifon\Desktop\RSITx64.exe
2020-05-04 12:03 - 2015-12-10 15:36 - 000000000 ____D C:\Program Files\trend micro
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86) instal games\notepad\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
2019-12-03 10:37 - 2019-12-03 10:37 - 000004096 _____ () [File not signed] C:\WINDOWS\KMS-R@1nHook.dll
FirewallRules: [{43CDDE9C-D21B-486A-9836-87CEE42F20E9}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{6C661CB1-666D-4752-BE00-12F60C5A61AB}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 58
Average :
Sum : 138754893
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========================= File: C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe ========================

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
File not signed
MD5: 37F7DD839A711B5706B1264F4D8D4BDC
Creation and modification date: 2015-10-10 20:41 - 2014-06-18 07:54
Size: 001360016
Attributes: ---RA
Company Name: ASUSTeK Computer Inc. ->
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/c949a7b ... 588634250/

====== End of File: ======

========================= File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ========================

C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File not signed
MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Creation and modification date: 2005-04-04 00:41 - 2005-04-04 00:41
Size: 000069632
Attributes: ----A
Company Name: Macrovision Corporation
Internal Name: IDriverT
Original Name: IDriverT.exe
Product: InstallShield (R)
Description: IDriverT Module
File Version: 11.00.28844
Product Version: 11.00
Copyright: Copyright (C) 2005 Macrovision Corporation
VirusTotal: https://www.virustotal.com/file/c227850 ... 588592577/

====== End of File: ======

========================= File: C:\Program Files\Intel\iCLS Client\HeciServer.exe ========================

C:\Program Files\Intel\iCLS Client\HeciServer.exe
File not signed
MD5: DAE6C3099D291EED8922A65C29ABCF52
Creation and modification date: 2013-08-27 14:32 - 2013-08-27 14:32
Size: 000747520
Attributes: ----A
Company Name: Intel(R) Corporation
Internal Name: HeciServer
Original Name: HeciServer.exe
Product: Intel(R) Capability Licensing Service Interface
Description: Intel(R) Capability Licensing Service Interface
File Version: 1.31.8.1 sys_sysscbld
Product Version: 1,31,8,1
Copyright: (C) Copyright Intel(R) Corporation
VirusTotal: https://www.virustotal.com/file/ad0a932 ... 588508903/

====== End of File: ======

========================= File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========================

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
File not signed
MD5: E5C796B621F6FBA8616511063D7F0FFE
Creation and modification date: 2009-12-23 23:34 - 2009-12-23 23:34
Size: 000370688
Attributes: ----A
Company Name: StarWind Software
Internal Name: StarWind
Original Name: StarWind
Product: StarWind Alcohol Edition
Description: StarWind iSCSI Target (Alcohol Edition)
File Version: 12.1 Build 20091211
Product Version: 12.1 Build 20091211
Copyright: Copyright (c) StarWind Software 2003-2009. All rights reserved.
VirusTotal: https://www.virustotal.com/file/447fa64 ... 586785924/

====== End of File: ======

========================= File: C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========================

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
File not signed
MD5: E5C796B621F6FBA8616511063D7F0FFE
Creation and modification date: 2009-12-23 23:34 - 2009-12-23 23:34
Size: 000370688
Attributes: ----A
Company Name: StarWind Software
Internal Name: StarWind
Original Name: StarWind
Product: StarWind Alcohol Edition
Description: StarWind iSCSI Target (Alcohol Edition)
File Version: 12.1 Build 20091211
Product Version: 12.1 Build 20091211
Copyright: Copyright (c) StarWind Software 2003-2009. All rights reserved.
VirusTotal: 0

====== End of File: ======

================== ExportKey: ===================

[HKLM\System\CurrentControlSet\Services\idsvc]
"FailureActions"="840300000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
"Start"="3"

=== End of ExportKey ===
"HKU\S-1-5-21-1601266965-4254244799-107981220-1000\Software\Policies\Microsoft\Windows\System\\disablecmd" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSppSvc.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01DCDED8-C9F2-4C34-BAD8-231701F4BFCA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01DCDED8-C9F2-4C34-BAD8-231701F4BFCA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023D8757-E321-4E00-9252-F08E3C07B22F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023D8757-E321-4E00-9252-F08E3C07B22F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B0DF744-959A-49F6-AADA-9536D019EB14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B0DF744-959A-49F6-AADA-9536D019EB14}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C5FEEAC-080D-47A8-80FA-76FBD09C4880}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C5FEEAC-080D-47A8-80FA-76FBD09C4880}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34753DAA-A3B9-43B8-A514-0C6A3039B7EA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34753DAA-A3B9-43B8-A514-0C6A3039B7EA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{350EBEBE-38E9-4FED-8301-DC2953EBAAA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{350EBEBE-38E9-4FED-8301-DC2953EBAAA4}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F21BADC-370E-421B-B92E-EADE7CFEB649}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F21BADC-370E-421B-B92E-EADE7CFEB649}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{535A92F8-0858-4349-9CD4-83255709EF84}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{535A92F8-0858-4349-9CD4-83255709EF84}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5922A78B-4749-4C4D-880B-272E09FE9E8D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5922A78B-4749-4C4D-880B-272E09FE9E8D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61998629-9A5F-4F13-90BA-88E2745D410A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61998629-9A5F-4F13-90BA-88E2745D410A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EDE8F0A-7492-4F84-91D8-C8336D19C851}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EDE8F0A-7492-4F84-91D8-C8336D19C851}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77A4E56F-752B-47DF-91F8-4D6E0CB1BCED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77A4E56F-752B-47DF-91F8-4D6E0CB1BCED}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EA8453D-26FA-4DDB-925F-5F25A99F0697}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EA8453D-26FA-4DDB-925F-5F25A99F0697}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92178D0F-4367-4AC0-AE55-BFB41917B8EA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92178D0F-4367-4AC0-AE55-BFB41917B8EA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{93BFEE50-D622-4CEB-90DA-E2F84C2CB180}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93BFEE50-D622-4CEB-90DA-E2F84C2CB180}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F5CB5F7-BEEC-42F1-9E2D-B7A3634C17FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F5CB5F7-BEEC-42F1-9E2D-B7A3634C17FD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A80F23FF-BD0D-4602-8781-1C1047A93589}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A80F23FF-BD0D-4602-8781-1C1047A93589}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7793902-4213-45F7-AF9E-19E64FFE4A39}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7793902-4213-45F7-AF9E-19E64FFE4A39}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2D2CC21-5DF2-4652-B2C3-DDE7974446C0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2D2CC21-5DF2-4652-B2C3-DDE7974446C0}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4B43DE2-1AE0-483F-9C65-2E44C604DA0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4B43DE2-1AE0-483F-9C65-2E44C604DA0A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D015A61A-B514-4EE0-87FE-11C0B04E3E4E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D015A61A-B514-4EE0-87FE-11C0B04E3E4E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBEBFB9C-D300-4E3E-A06E-967187EB508E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBEBFB9C-D300-4E3E-A06E-967187EB508E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7926B6D-5F50-4F9E-B2E0-B6D3424C4968}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7926B6D-5F50-4F9E-B2E0-B6D3424C4968}" => removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3A0B4C1-AD21-4F73-905F-2D2522BDA75F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A0B4C1-AD21-4F73-905F-2D2522BDA75F}" => removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Office15ProPlus => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office15ProPlus" => removed successfully
"Firefox homepage" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\KMS-R@1n => removed successfully
KMS-R@1n => service removed successfully
C:\Windows\KMS-R@1n.exe => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\NvStUSB => removed successfully
NvStUSB => service removed successfully
C:\rsit => moved successfully
C:\Users\Trifon\Desktop\RSITx64.exe => moved successfully
C:\Program Files\trend micro => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
C:\WINDOWS\KMS-R@1nHook.dll => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43CDDE9C-D21B-486A-9836-87CEE42F20E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C661CB1-666D-4752-BE00-12F60C5A61AB}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1503097035 B
Java, Flash, Steam htmlcache => 598868716 B
Windows/system/drivers => 6311276 B
Edge => 4558354 B
Chrome => 621494533 B
Firefox => 32427392 B
Opera => 14582971 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 154300 B
NetworkService => 155208 B
Trifon => 62323078 B

RecycleBin => 0 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End 1 Fixlog 09:39:57 ====

#8 Příspěvek od **Conder** » 06 kvě 2020 23:55

OK. Ako to vyzera s PC? Su nejake problemy?

Slovak · #9 Příspěvek od **Slovak** » 07 kvě 2020 11:00

Vypadá to byť ok

#10 Příspěvek od **Conder** » 07 kvě 2020 16:45

Tak este upraceme po pouzitych nastrojoch:

Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
Uloz na plochu a spusti
Nechaj oznacenu moznost "Remove disinfection tools"
Klikni na "Run"

Slovak · #11 Příspěvek od **Slovak** » 08 kvě 2020 09:21

Ďakujem za pomoc

#12 Příspěvek od **Conder** » 08 kvě 2020 23:32

Nie je zaco, rad som pomohol

VIRY.CZ

preventívna kontrola logu

preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu

Re: preventívna kontrola logu