Notebook 100% vyuzitie disku

[Edon]

Dobry den. Uz dlhsiu dobu mam problem s notebookom kedy po zapnuti vzdy bezi disk na 100% (notebook sa prvych 20 min takmer neda pouzivat) potom klesne a potom nahodne znova vyskakuje usage na 100%. Skusal som rozne navody z internetu ale nikdy nic nepomohlo. Teraz som niekde precital ze by to mohol byt malware tak skusam vas. Notebook som teraz nepouzival cca pol roka mozno aj viac. Dakujem a pripajam log z FRST (addition ako prilohu je to moc velke)

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by Michal (administrator) on DESKTOP-1BA5OSI (Dell Inc. Inspiron 7559) (07-12-2020 18:26:28)
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal
Platform: Windows 10 Home Version 2004 19041.630 (X64) Language: Czech (Czech Republic)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
() [File not signed] C:\Users\Michal\AppData\Local\svchostc\svchostc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberGhost SRL -> CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc. -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9278152 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515208 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515208 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3278288 2019-11-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1398352 2018-06-11] (CyberGhost SRL -> CyberGhost S.A.)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Spotify] => C:\Users\Michal\AppData\Roaming\Spotify\Spotify.exe [21144992 2019-12-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Discord] => C:\Users\Michal\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb] -> GOG.com Heroes of Might and Magic 3
HKLM\Software\...\AppCompatFlags\InstalledSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb [2012-11-28]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-12-04] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0048A278-C270-49A7-9B40-AB05F1E7664C} - System32\Tasks\Java Update Manager => wscript "C:\Users\Michal\AppData\Local\javawe.vbs"
Task: {04C45A6A-7033-4481-803C-EBDD23AFADF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {1115F3B5-BD4E-480F-ADA2-51086ED9EDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {15FC4370-4D14-442A-AE74-875B3782B4CC} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {19C90E9D-FA93-455C-B4EB-6ADC72C7646D} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [32448 2018-12-04] (Rivet Networks LLC -> DELL)
Task: {1FE57094-0BD8-44BA-B92B-050F408A3527} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20F3BBE5-DD46-40E4-A56D-C96E69EA9662} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2AEE2FB4-ABFA-4EC7-A4EB-C810F63CD7FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D3C7A7B-4E6D-44DB-AE6C-9E9F1F0F940A} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515208 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {2DB43BD0-0977-404B-8A97-2CAFF2055BFE} - System32\Tasks\Update Service => C:\Users\Michal\AppData\Local\svc10.17134\winupdate.exe [910848 2018-09-11] () [File not signed]
Task: {320E7434-4D97-44D6-9CC3-DEDD499D7414} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D806B96-1C8E-4DD6-9E2C-1E3714C769EB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3DE5EEFD-DB70-4776-A5D5-0D480B3E65E7} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {4209FC27-9A43-4DF0-B251-63D7E5684332} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4B88DAFD-8AF5-4C9B-AE5B-9029CE8ADD29} - System32\Tasks\svchostc => C:\Users\Michal\AppData\Local\svchostc\svchostc.exe [20261255 2018-06-25] () [File not signed] <==== ATTENTION
Task: {4ECEBF83-3987-4187-91CD-A9C46EC96CFE} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {4F8C6914-FADC-4B97-8FBA-C470D95F8AA6} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FBCD3E9-4F48-4761-AA72-C14F42943F8D} - System32\Tasks\WinDef Update Service => wscript "C:\Users\Michal\AppData\Local\WindowsDefenderTemp\update.vbs"
Task: {760BFEB5-5FAE-4A99-9ED3-EB5D9B5FF50D} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-20] (Intel(R) Software -> Intel Corporation)
Task: {7679E250-0793-4689-AE23-A2B7D41DC91B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {91723717-422C-4223-8E1B-FB5730AB61EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A47CEAB2-6112-4F3D-A56D-EF61EE2E1333} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8FA8894-9F5B-460C-BA28-9678CFEB7BA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ACC5BA06-7A3B-46FF-83D8-418ACBD46406} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {B1673EF2-B0F6-4E37-81D5-8819B0F08F8C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6814FC0-1226-4379-A59D-39A500B268C8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B92D273D-CD44-4C72-9FF2-E7C0BAFD8E35} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CA33C75C-C220-404B-A31F-AF6A320CCCFD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CA3BF1D2-6DAD-4B4A-93E0-188AC4E117E9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143712 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D31EF5FD-8205-400C-A03B-986200A98951} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D3CDB412-0D5B-4455-B4A7-E12B84D0EA2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5249B67-F8A5-4BBE-9807-7CC970B1559C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {DE8B44E2-77A5-4710-BAA7-D88A238C7418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E167E09F-10D9-4FC9-A18B-5462A1E0680D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E7FAA7BE-0072-4D81-927A-9BD726247F22} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {F282BE66-7FDB-4463-A3BB-78104C54E2BE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143712 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FAB968B4-A639-4114-8665-F358E1EEB4BB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1cf47efa-4ae2-467c-904e-f10ce0b760b5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{23656834-7cf4-49d1-9a30-14b08d54cf17}: [NameServer] 195.146.128.62 195.146.132.58
Tcpip\..\Interfaces\{88348d74-5411-43af-9244-7537f035bdfc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b15b6629-5050-49b5-ba14-0b45c74698aa}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e5d23508-4e25-4ceb-9475-68a8eceb2afb}: [NameServer] 195.146.128.62 195.146.132.58

Edge:
======
Edge Profile: C:\Users\Michal\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-07]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-12-04] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-07-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-07-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2020-12-07]
CHR StartupUrls: Default -> "hxxp://www.google.sk/"
CHR Extension: (Slides) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-04]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-31]
CHR Extension: (Slinky Elegant) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2020-09-10]
CHR Extension: (uBlock Origin) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-12-04]
CHR Extension: (Sheets) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-04]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [204880 2018-06-11] (CyberGhost SRL -> CyberGhost S.A.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-11-23] (Microsoft Corporation -> Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [955656 2020-12-04] (McAfee, LLC -> McAfee, LLC)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1059792 2017-07-11] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft Corporation)
S3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-07 18:26 - 2020-12-07 18:28 - 000028612 _____ C:\Users\Michal\Downloads\FRST.txt
2020-12-07 18:25 - 2020-12-07 18:25 - 002288640 _____ (Farbar) C:\Users\Michal\Downloads\FRST64.exe
2020-12-07 18:08 - 2020-12-07 18:08 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-12-04 20:32 - 2020-12-04 20:32 - 000000000 ____D C:\WINDOWS\{EA176DF9-3029-4699-8273-4E9C4DABDFF2}
2020-12-04 18:42 - 2020-12-04 18:42 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:42 - 2020-12-04 18:42 - 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe
2020-12-04 18:42 - 2020-12-04 18:42 - 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-04 18:41 - 2020-12-04 18:41 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:41 - 2020-12-04 18:41 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2020-12-04 13:22 - 2020-12-04 13:22 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-12-04 13:11 - 2020-12-04 13:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-04 13:11 - 2020-12-04 13:11 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2020-12-04 13:10 - 2020-12-04 13:10 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-04 13:10 - 2020-12-04 13:10 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-04 13:10 - 2020-12-04 13:10 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 000455168 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2020-12-04 13:09 - 2020-12-04 13:09 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2020-12-04 13:08 - 2020-12-04 13:08 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-12-04 13:08 - 2020-12-04 13:08 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-12-04 13:08 - 2020-12-04 13:08 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-04 13:07 - 2020-12-04 13:07 - 001822256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-04 13:07 - 2020-12-04 13:07 - 001393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-04 13:07 - 2020-12-04 13:07 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2020-12-04 13:07 - 2020-12-04 13:07 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-04 13:07 - 2020-12-04 13:07 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000645120 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-12-04 13:05 - 2020-12-04 13:05 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-04 13:05 - 2020-12-04 13:05 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-04 12:05 - 2020-12-04 12:05 - 000000000 ____D C:\Users\Michal\AppData\Local\JxBrowser
2020-12-04 12:04 - 2020-12-04 12:04 - 000000000 ____D C:\Users\Michal\AppData\Local\BrowserLock
2020-12-04 12:02 - 2020-12-04 13:40 - 000000000 ____D C:\Users\Michal\AppData\Roaming\OnVUE
2020-12-04 12:00 - 2020-12-04 12:01 - 067218448 _____ (Pearson VUE) C:\Users\Michal\Downloads\OnVUE-3.49.13.exe
2020-12-04 11:58 - 2020-12-04 12:08 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-12-04 11:58 - 2020-12-04 12:08 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-07 18:28 - 2017-06-05 16:53 - 000000000 ____D C:\FRST
2020-12-07 18:22 - 2020-08-27 22:17 - 001693346 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-07 18:22 - 2019-12-07 15:41 - 000725026 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-07 18:22 - 2019-12-07 15:41 - 000149964 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-07 18:22 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-07 18:21 - 2016-11-13 22:13 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-07 18:20 - 2016-10-31 21:06 - 000000000 ____D C:\Program Files\CCleaner
2020-12-07 18:19 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-07 18:15 - 2019-12-30 14:57 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-07 18:15 - 2016-10-31 13:09 - 000000000 __SHD C:\Users\Michal\IntelGraphicsProfiles
2020-12-07 18:14 - 2020-08-27 22:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-07 18:14 - 2020-08-27 22:01 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-07 18:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-12-07 18:13 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-07 18:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-07 18:10 - 2018-01-07 21:03 - 000000000 ____D C:\Users\Michal\AppData\Local\Packages
2020-12-07 18:10 - 2016-10-31 13:13 - 000000000 ___RD C:\Users\Michal\OneDrive
2020-12-07 18:09 - 2020-06-12 08:18 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-07 18:09 - 2020-06-12 08:18 - 000002263 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-07 18:09 - 2020-06-12 08:18 - 000002263 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-07 18:09 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-07 17:58 - 2020-08-27 22:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-06 19:51 - 2020-08-27 22:07 - 000000000 ____D C:\Users\Michal
2020-12-06 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-12-06 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-12-04 20:32 - 2019-02-21 20:27 - 000000000 ____D C:\ProgramData\Temp
2020-12-04 20:32 - 2016-11-02 20:05 - 000000000 ____D C:\Program Files (x86)\Dell
2020-12-04 20:32 - 2016-03-31 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-12-04 18:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2020-12-04 18:54 - 2020-08-27 22:01 - 000437744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-04 18:49 - 2020-08-27 22:24 - 000000000 ____D C:\WINDOWS\en-GB
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-04 18:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-04 18:41 - 2020-08-27 22:06 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-12-04 18:15 - 2016-10-31 23:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-04 18:12 - 2016-10-31 23:04 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-04 18:10 - 2020-08-27 22:35 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-04 18:10 - 2020-08-27 22:35 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-04 14:43 - 2018-02-19 00:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-04 14:29 - 2020-08-27 22:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2020-12-04 14:29 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2020-12-04 12:39 - 2020-04-21 23:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2020-12-04 12:15 - 2016-10-31 17:24 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-04 12:15 - 2016-10-31 17:24 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-04 12:15 - 2016-10-31 17:24 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-04 12:10 - 2018-06-04 15:55 - 000000000 ____D C:\Users\Michal\AppData\Local\PlaceholderTileLogoFolder
2020-12-04 12:08 - 2020-06-11 15:47 - 004265528 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2020-12-04 12:00 - 2016-12-11 20:07 - 000007621 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2020-12-04 11:56 - 2020-08-27 22:35 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-04 11:56 - 2020-08-27 22:35 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-04 11:50 - 2019-11-17 17:42 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2018-09-11 17:38 - 2018-08-14 10:19 - 000001333 _____ () C:\Users\Michal\AppData\Local\javawe.vbs
2017-01-03 14:05 - 2017-01-03 14:05 - 000000000 ___SH () C:\Users\Michal\AppData\Local\LumaEmu
2016-12-11 20:07 - 2020-12-04 12:00 - 000007621 _____ () C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2018-09-11 17:38 - 2018-08-10 17:38 - 015536128 _____ () C:\Users\Michal\AppData\Local\vm-file2.iso

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Edon]

pripajam log. Notebook znova 100% disk usage po restarte

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2020
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 31
# Failed: 5


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\OSTotoFolder
Deleted C:\Program Files (x86)\DriverToolkit
Deleted C:\Program Files (x86)\OSTotoSoft
Deleted C:\ProgramData\DRIVERTALENT
Deleted C:\Users\Michal\AppData\Local\DriverToolkit

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN
Deleted C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.JOB

***** [ Registry ] *****

Deleted HKCU\Software\DriverToolkit
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE5EEFD-DB70-4776-A5D5-0D480B3E65E7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellDigitalDelivery Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}
Deleted Preinstalled.DellQuickset Folder C:\Program Files\DELL\QUICKSET
Deleted Preinstalled.DellQuickset Folder C:\Windows\DELL\QUICKSET
Deleted Preinstalled.DellQuickset Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87CF757E-C1F1-4D22-865C-00C6950B5258}
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files (x86)\DELL\SUPPORTASSISTAGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\UPDATE
Deleted Preinstalled.SmartByte Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIVET NETWORKS
Deleted Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C90E9D-FA93-455C-B4EB-6ADC72C7646D}
Deleted Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Deleted Preinstalled.SmartByte Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{01F01829-4C5A-41B0-8198-0BDD02B34C47}
Deleted Preinstalled.SmartByte Task C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY
Not Deleted Preinstalled.DellDigitalDelivery Folder C:\Program Files (x86)\DELL DIGITAL DELIVERY
Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Not Deleted Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4979 octets] - [07/12/2020 19:11:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Dejte nové logy FRST+Addition.

[Edon]

Prikladam FRST a addition do prilohy
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by Michal (administrator) on DESKTOP-1BA5OSI (Dell Inc. Inspiron 7559) (07-12-2020 19:50:50)
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal
Platform: Windows 10 Home Version 2004 19041.630 (X64) Language: Czech (Czech Republic)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\Michal\AppData\Local\svchostc\svchostc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberGhost SRL -> CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc. -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132538.inf_amd64_a34b1de6c28c3534\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Michal\Downloads\adwcleaner_8.0.8.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\Windscribe.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\wsappcontrol.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9278152 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515208 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515208 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3278288 2019-11-06] (Valve -> Valve Corporation)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1398352 2018-06-11] (CyberGhost SRL -> CyberGhost S.A.)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Spotify] => C:\Users\Michal\AppData\Roaming\Spotify\Spotify.exe [21144992 2019-12-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Discord] => C:\Users\Michal\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb] -> GOG.com Heroes of Might and Magic 3
HKLM\Software\...\AppCompatFlags\InstalledSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb [2012-11-28]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-12-04] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0048A278-C270-49A7-9B40-AB05F1E7664C} - System32\Tasks\Java Update Manager => wscript "C:\Users\Michal\AppData\Local\javawe.vbs"
Task: {04C45A6A-7033-4481-803C-EBDD23AFADF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {1115F3B5-BD4E-480F-ADA2-51086ED9EDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {15FC4370-4D14-442A-AE74-875B3782B4CC} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {1FE57094-0BD8-44BA-B92B-050F408A3527} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20F3BBE5-DD46-40E4-A56D-C96E69EA9662} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2AEE2FB4-ABFA-4EC7-A4EB-C810F63CD7FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D3C7A7B-4E6D-44DB-AE6C-9E9F1F0F940A} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1515208 2018-11-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {2DB43BD0-0977-404B-8A97-2CAFF2055BFE} - System32\Tasks\Update Service => C:\Users\Michal\AppData\Local\svc10.17134\winupdate.exe [910848 2018-09-11] () [File not signed]
Task: {320E7434-4D97-44D6-9CC3-DEDD499D7414} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D806B96-1C8E-4DD6-9E2C-1E3714C769EB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {4209FC27-9A43-4DF0-B251-63D7E5684332} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4B88DAFD-8AF5-4C9B-AE5B-9029CE8ADD29} - System32\Tasks\svchostc => C:\Users\Michal\AppData\Local\svchostc\svchostc.exe [20261255 2018-06-25] () [File not signed] <==== ATTENTION
Task: {4ECEBF83-3987-4187-91CD-A9C46EC96CFE} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {4F8C6914-FADC-4B97-8FBA-C470D95F8AA6} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FBCD3E9-4F48-4761-AA72-C14F42943F8D} - System32\Tasks\WinDef Update Service => wscript "C:\Users\Michal\AppData\Local\WindowsDefenderTemp\update.vbs"
Task: {760BFEB5-5FAE-4A99-9ED3-EB5D9B5FF50D} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-20] (Intel(R) Software -> Intel Corporation)
Task: {7679E250-0793-4689-AE23-A2B7D41DC91B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {91723717-422C-4223-8E1B-FB5730AB61EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A47CEAB2-6112-4F3D-A56D-EF61EE2E1333} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8FA8894-9F5B-460C-BA28-9678CFEB7BA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ACC5BA06-7A3B-46FF-83D8-418ACBD46406} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {B1673EF2-B0F6-4E37-81D5-8819B0F08F8C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6814FC0-1226-4379-A59D-39A500B268C8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B92D273D-CD44-4C72-9FF2-E7C0BAFD8E35} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CA33C75C-C220-404B-A31F-AF6A320CCCFD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CA3BF1D2-6DAD-4B4A-93E0-188AC4E117E9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143712 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D31EF5FD-8205-400C-A03B-986200A98951} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D3CDB412-0D5B-4455-B4A7-E12B84D0EA2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5249B67-F8A5-4BBE-9807-7CC970B1559C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {DE8B44E2-77A5-4710-BAA7-D88A238C7418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E167E09F-10D9-4FC9-A18B-5462A1E0680D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E7FAA7BE-0072-4D81-927A-9BD726247F22} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {F282BE66-7FDB-4463-A3BB-78104C54E2BE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143712 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FAB968B4-A639-4114-8665-F358E1EEB4BB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1cf47efa-4ae2-467c-904e-f10ce0b760b5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{23656834-7cf4-49d1-9a30-14b08d54cf17}: [NameServer] 195.146.128.62 195.146.132.58
Tcpip\..\Interfaces\{88348d74-5411-43af-9244-7537f035bdfc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b15b6629-5050-49b5-ba14-0b45c74698aa}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e5d23508-4e25-4ceb-9475-68a8eceb2afb}: [NameServer] 195.146.128.62 195.146.132.58

Edge:
======
Edge Profile: C:\Users\Michal\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-07]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-12-04] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-07-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-07-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-28] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2020-12-07]
CHR StartupUrls: Default -> "hxxp://www.google.sk/"
CHR Extension: (Slides) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-04]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-31]
CHR Extension: (Slinky Elegant) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2020-09-10]
CHR Extension: (uBlock Origin) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-12-04]
CHR Extension: (Sheets) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-04]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-04]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [204880 2018-06-11] (CyberGhost SRL -> CyberGhost S.A.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-11-23] (Microsoft Corporation -> Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-06-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-12-07] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [955656 2020-12-04] (McAfee, LLC -> McAfee, LLC)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell Inc -> Dell)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-05] (Disc Soft Ltd -> Disc Soft Ltd)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1059792 2017-07-11] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft Corporation)
S3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-07] (Malwarebytes Inc -> Malwarebytes)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-07 19:50 - 2020-12-07 19:52 - 000029221 _____ C:\Users\Michal\Downloads\FRST.txt
2020-12-07 19:15 - 2020-12-07 19:15 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-07 19:09 - 2020-12-07 19:09 - 008447152 _____ (Malwarebytes) C:\Users\Michal\Downloads\adwcleaner_8.0.8.exe
2020-12-07 19:08 - 2020-12-07 19:08 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-07 19:08 - 2020-12-07 19:08 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-07 19:08 - 2020-12-07 19:08 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-07 19:08 - 2020-12-07 19:08 - 000002031 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-07 19:08 - 2020-12-07 19:08 - 000000000 ____D C:\Users\Michal\AppData\Local\mbam
2020-12-07 19:08 - 2020-12-07 19:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-07 19:08 - 2020-12-07 19:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-12-07 19:08 - 2020-12-07 19:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-07 19:07 - 2020-12-07 19:07 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-07 19:06 - 2020-12-07 19:06 - 002077136 _____ (Malwarebytes) C:\Users\Michal\Downloads\MBSetup.exe
2020-12-07 18:25 - 2020-12-07 18:25 - 002288640 _____ (Farbar) C:\Users\Michal\Downloads\FRST64.exe
2020-12-07 18:08 - 2020-12-07 18:08 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-12-04 20:32 - 2020-12-04 20:32 - 000000000 ____D C:\WINDOWS\{EA176DF9-3029-4699-8273-4E9C4DABDFF2}
2020-12-04 18:42 - 2020-12-04 18:42 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:42 - 2020-12-04 18:42 - 000152576 _____ C:\WINDOWS\system32\EoAExperiences.exe
2020-12-04 18:42 - 2020-12-04 18:42 - 000009265 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-04 18:41 - 2020-12-04 18:41 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-04 18:41 - 2020-12-04 18:41 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2020-12-04 13:22 - 2020-12-04 13:22 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-12-04 13:11 - 2020-12-04 13:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-04 13:11 - 2020-12-04 13:11 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2020-12-04 13:10 - 2020-12-04 13:10 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-04 13:10 - 2020-12-04 13:10 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-04 13:10 - 2020-12-04 13:10 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 000455168 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2020-12-04 13:09 - 2020-12-04 13:09 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2020-12-04 13:09 - 2020-12-04 13:09 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2020-12-04 13:08 - 2020-12-04 13:08 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-12-04 13:08 - 2020-12-04 13:08 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-12-04 13:08 - 2020-12-04 13:08 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-04 13:07 - 2020-12-04 13:07 - 001822256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-04 13:07 - 2020-12-04 13:07 - 001393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-04 13:07 - 2020-12-04 13:07 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2020-12-04 13:07 - 2020-12-04 13:07 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-04 13:07 - 2020-12-04 13:07 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000645120 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2020-12-04 13:06 - 2020-12-04 13:06 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-12-04 13:05 - 2020-12-04 13:05 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-04 13:05 - 2020-12-04 13:05 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2020-12-04 13:05 - 2020-12-04 13:05 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-04 12:05 - 2020-12-04 12:05 - 000000000 ____D C:\Users\Michal\AppData\Local\JxBrowser
2020-12-04 12:04 - 2020-12-04 12:04 - 000000000 ____D C:\Users\Michal\AppData\Local\BrowserLock
2020-12-04 12:02 - 2020-12-04 13:40 - 000000000 ____D C:\Users\Michal\AppData\Roaming\OnVUE
2020-12-04 12:00 - 2020-12-04 12:01 - 067218448 _____ (Pearson VUE) C:\Users\Michal\Downloads\OnVUE-3.49.13.exe
2020-12-04 11:58 - 2020-12-04 12:08 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-12-04 11:58 - 2020-12-04 12:08 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-07 19:52 - 2017-06-05 16:53 - 000000000 ____D C:\FRST
2020-12-07 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-07 19:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-07 19:22 - 2020-08-27 22:17 - 001693346 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-07 19:22 - 2019-12-07 15:41 - 000725026 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-07 19:22 - 2019-12-07 15:41 - 000149964 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-07 19:22 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-07 19:20 - 2016-11-13 22:13 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-07 19:19 - 2016-10-31 21:06 - 000000000 ____D C:\Program Files\CCleaner
2020-12-07 19:15 - 2016-10-31 13:09 - 000000000 __SHD C:\Users\Michal\IntelGraphicsProfiles
2020-12-07 19:14 - 2020-08-27 22:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-07 19:14 - 2020-08-27 22:01 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-07 19:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-12-07 19:14 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-07 19:13 - 2016-11-02 20:05 - 000000000 ____D C:\Program Files (x86)\Dell
2020-12-07 19:13 - 2016-03-31 15:23 - 000000000 ____D C:\WINDOWS\Dell
2020-12-07 19:13 - 2016-03-31 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-12-07 19:13 - 2016-03-31 15:19 - 000000000 ____D C:\Program Files\Dell
2020-12-07 19:11 - 2017-06-05 16:14 - 000000000 ____D C:\AdwCleaner
2020-12-07 19:10 - 2016-12-11 20:07 - 000007621 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2020-12-07 19:08 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-07 18:15 - 2019-12-30 14:57 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-07 18:10 - 2018-01-07 21:03 - 000000000 ____D C:\Users\Michal\AppData\Local\Packages
2020-12-07 18:10 - 2016-10-31 13:13 - 000000000 ___RD C:\Users\Michal\OneDrive
2020-12-07 18:09 - 2020-06-12 08:18 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-07 18:09 - 2020-06-12 08:18 - 000002263 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-07 18:09 - 2020-06-12 08:18 - 000002263 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-07 18:09 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-07 17:58 - 2020-08-27 22:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-06 19:51 - 2020-08-27 22:07 - 000000000 ____D C:\Users\Michal
2020-12-06 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-12-06 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-12-04 20:32 - 2019-02-21 20:27 - 000000000 ____D C:\ProgramData\Temp
2020-12-04 18:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2020-12-04 18:54 - 2020-08-27 22:01 - 000437744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-04 18:49 - 2020-08-27 22:24 - 000000000 ____D C:\WINDOWS\en-GB
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-04 18:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-04 18:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-04 18:41 - 2020-08-27 22:06 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-12-04 18:15 - 2016-10-31 23:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-12-04 18:12 - 2016-10-31 23:04 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-12-04 18:10 - 2020-08-27 22:35 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-04 18:10 - 2020-08-27 22:35 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-04 14:43 - 2018-02-19 00:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-04 14:29 - 2020-08-27 22:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-12-04 14:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2020-12-04 14:29 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2020-12-04 12:39 - 2020-04-21 23:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 001562560 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000170424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000158136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000154032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2020-12-04 12:39 - 2020-04-03 09:56 - 000033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2020-12-04 12:15 - 2016-10-31 17:24 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-04 12:15 - 2016-10-31 17:24 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-04 12:15 - 2016-10-31 17:24 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-04 12:10 - 2018-06-04 15:55 - 000000000 ____D C:\Users\Michal\AppData\Local\PlaceholderTileLogoFolder
2020-12-04 12:08 - 2020-06-11 15:47 - 004265528 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2020-12-04 11:56 - 2020-08-27 22:35 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-04 11:56 - 2020-08-27 22:35 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-04 11:50 - 2019-11-17 17:42 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2018-09-11 17:38 - 2018-08-14 10:19 - 000001333 _____ () C:\Users\Michal\AppData\Local\javawe.vbs
2017-01-03 14:05 - 2017-01-03 14:05 - 000000000 ___SH () C:\Users\Michal\AppData\Local\LumaEmu
2016-12-11 20:07 - 2020-12-07 19:10 - 000007621 _____ () C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2018-09-11 17:38 - 2018-08-10 17:38 - 015536128 _____ () C:\Users\Michal\AppData\Local\vm-file2.iso

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
C:\Program Files\Bonjour
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
Task: {04C45A6A-7033-4481-803C-EBDD23AFADF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {4B88DAFD-8AF5-4C9B-AE5B-9029CE8ADD29} - System32\Tasks\svchostc => C:\Users\Michal\AppData\Local\svchostc\svchostc.exe [20261255 2018-06-25] () [File not signed] <==== ATTENTION
Task: {4FBCD3E9-4F48-4761-AA72-C14F42943F8D} - System32\Tasks\WinDef Update Service => wscript "C:\Users\Michal\AppData\Local\WindowsDefenderTemp\update.vbs"
Task: {D5249B67-F8A5-4BBE-9807-7CC970B1559C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {E167E09F-10D9-4FC9-A18B-5462A1E0680D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Michal\AppData\Local\javawe.vbs
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ggvaxvwk.sys:changelist [304]
SearchScopes: HKU\S-1-5-21-1555137797-3367380239-3172831846-1001 -> {AB16F4D9-B37A-40BD-8AEE-CC249310C2C1} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FirewallRules: [{98B0D78C-CBF5-43E8-B943-4E6900ABB665}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{D634F83B-A98F-4AB3-ACF8-FBC95168316D}] => (Allow) C:\Program Files (x86)\Mr DJ\Crysis 3\Bin32\Crysis3.exe => No File
FirewallRules: [{EC9CD53D-D8D2-4F6C-A1E9-6C029D1D3292}] => (Allow) C:\Program Files (x86)\Mr DJ\Crysis 3\Bin32\Crysis3.exe => No File

EmptyTemp:
End

Uložte do C:\Users\Michal\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Edon]

Pripajam fixlog. PC znova 100% este aj v tomto momente :/ Tak to asi nebude virus

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2020
Ran by Michal (07-12-2020 21:13:23) Run:1
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\Program Files\Bonjour
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
Task: {04C45A6A-7033-4481-803C-EBDD23AFADF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {4B88DAFD-8AF5-4C9B-AE5B-9029CE8ADD29} - System32\Tasks\svchostc => C:\Users\Michal\AppData\Local\svchostc\svchostc.exe [20261255 2018-06-25] () [File not signed] <==== ATTENTION
Task: {4FBCD3E9-4F48-4761-AA72-C14F42943F8D} - System32\Tasks\WinDef Update Service => wscript "C:\Users\Michal\AppData\Local\WindowsDefenderTemp\update.vbs"
Task: {D5249B67-F8A5-4BBE-9807-7CC970B1559C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-31] (Google Inc -> Google Inc.)
Task: {E167E09F-10D9-4FC9-A18B-5462A1E0680D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Michal\AppData\Local\javawe.vbs
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ggvaxvwk.sys:changelist [304]
SearchScopes: HKU\S-1-5-21-1555137797-3367380239-3172831846-1001 -> {AB16F4D9-B37A-40BD-8AEE-CC249310C2C1} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FirewallRules: [{98B0D78C-CBF5-43E8-B943-4E6900ABB665}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{D634F83B-A98F-4AB3-ACF8-FBC95168316D}] => (Allow) C:\Program Files (x86)\Mr DJ\Crysis 3\Bin32\Crysis3.exe => No File
FirewallRules: [{EC9CD53D-D8D2-4F6C-A1E9-6C029D1D3292}] => (Allow) C:\Program Files (x86)\Mr DJ\Crysis 3\Bin32\Crysis3.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
C:\Program Files\Bonjour => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04C45A6A-7033-4481-803C-EBDD23AFADF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04C45A6A-7033-4481-803C-EBDD23AFADF2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4B88DAFD-8AF5-4C9B-AE5B-9029CE8ADD29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B88DAFD-8AF5-4C9B-AE5B-9029CE8ADD29}" => removed successfully
C:\WINDOWS\System32\Tasks\svchostc => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svchostc" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4FBCD3E9-4F48-4761-AA72-C14F42943F8D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FBCD3E9-4F48-4761-AA72-C14F42943F8D}" => removed successfully
C:\WINDOWS\System32\Tasks\WinDef Update Service => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinDef Update Service" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5249B67-F8A5-4BBE-9807-7CC970B1559C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5249B67-F8A5-4BBE-9807-7CC970B1559C}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E167E09F-10D9-4FC9-A18B-5462A1E0680D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E167E09F-10D9-4FC9-A18B-5462A1E0680D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\Michal\AppData\Local\javawe.vbs => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\WINDOWS\system32\Drivers\ggvaxvwk.sys => ":changelist" ADS removed successfully
HKU\S-1-5-21-1555137797-3367380239-3172831846-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB16F4D9-B37A-40BD-8AEE-CC249310C2C1} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98B0D78C-CBF5-43E8-B943-4E6900ABB665}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D634F83B-A98F-4AB3-ACF8-FBC95168316D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC9CD53D-D8D2-4F6C-A1E9-6C029D1D3292}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54585703 B
Java, Flash, Steam htmlcache => 376026711 B
Windows/system/drivers => 22972273 B
Edge => 1334578 B
Chrome => 224788891 B
Firefox => 0 B
Opera => 143756 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 252317 B
systemprofile32 => 252317 B
LocalService => 252317 B
NetworkService => 68548661 B
Michal => 70702920 B

RecycleBin => 0 B
EmptyTemp: => 791.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:14:40 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[Edon]

Bohuzial nie, pisem aj na zaciatku fixlist logu ze hned ako sa PC restartoval disk znova 100%

[Rudy]

Který proces nejvíce zatěžuje systém? Zjistíte ve správci úloh.