Stránka 1 z 1
Kontrola logu
Napsal: 14 srp 2018 12:58
od PacandaMilan
Zdravím mohl by mě někdo zkontrolovat?
Předem děkuji, vážím si toho.
Kód: Vybrat vše
# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-10.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-14-2018
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1270 octets] - [06/05/2018 10:33:43]
AdwCleaner[C00].txt - [1375 octets] - [06/05/2018 10:34:07]
AdwCleaner[S01].txt - [1242 octets] - [06/05/2018 10:52:18]
AdwCleaner[S02].txt - [1932 octets] - [17/06/2018 01:32:52]
AdwCleaner[C02].txt - [2008 octets] - [17/06/2018 01:33:25]
AdwCleaner[S03].txt - [1547 octets] - [28/07/2018 20:39:29]
AdwCleaner[S04].txt - [1608 octets] - [28/07/2018 20:39:57]
AdwCleaner[S05].txt - [1669 octets] - [14/08/2018 12:53:47]
AdwCleaner[S06].txt - [1730 octets] - [14/08/2018 13:41:30]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C06].txt ##########
Re: Kontrola logu
Napsal: 14 srp 2018 12:59
od PacandaMilan
Přikládám
FRST log
Kód: Vybrat vše
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by micha (administrator) on LAPTOP-M9MKBN0R (14-08-2018 13:54:47)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: defaultuser0 & micha)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\HotkeyMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16779768 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [NerveCenterTray] => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [245088 2017-04-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-09] (Valve Corporation)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-01-10] (Apple Inc.)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-01-12] (Disc Soft Ltd)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32973712 2018-07-26] (Epic Games, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{a28d02e1-768d-477c-839c-bac021f19737}: [DhcpNameServer] 10.13.0.1
Tcpip\..\Interfaces\{a7ace2ca-3864-4c0d-a97a-39de4aac515e}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{dfaf2556-5153-4b64-9de0-d7c15f29da3a}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> DefaultScope {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-21] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-31] (Microsoft Corporation)
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> dasdasdasdas
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2018-08-14]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-26]
CHR Extension: (ColorZilla) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2017-05-26]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-26]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-27]
CHR Extension: (AdBlock) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25]
CHR Extension: (Video Recorder) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\janpabomenbggihohponfklipffjhlfb [2017-05-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-31]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6893704 2018-06-23] ()
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-07] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-01-12] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-07-16] (EasyAntiCheat Ltd)
R2 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [392032 2017-04-28] (Lenovo(beijing) Limited)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-29] (Hi-Rez Studios) [File not signed]
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [174200 2016-10-15] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-14] (Intel(R) Corporation)
U3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-02] (Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-02] (Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-15] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-18] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-18] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-11-09] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7987104 2017-04-10] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2158912 2018-03-28] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-28] (Electronic Arts)
R2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [966496 2017-04-28] (Lenovo(beijing) Limited)
S3 SmrtService; C:\ProgramData\SmartGuard\lineage2\smrt3d\release\Data\faa6191f657c21be819151efc04b94e8e2f3a6f3\smrtsvc64.exe [6403424 2018-07-26] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [290904 2017-10-23] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [173432 2016-08-11] (BayHubTech/O2Micro )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-05-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-05-27] (Disc Soft Ltd)
S3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [46576 2017-04-28] (Lenovo(beijing) Limited)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [733448 2016-10-06] (Intel Corporation)
S3 mtkmbim; C:\WINDOWS\System32\drivers\mtkmbim7_x64.sys [282448 2017-01-03] (MBB)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-14] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_ed3ba3fb30d4dd86\nvlddmkm.sys [15607408 2017-10-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3238368 2017-10-23] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-10-23] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [82944 2017-01-03] (MBB) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [38368 2017-08-17] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-14 13:54 - 2018-08-14 13:55 - 000021938 _____ C:\Users\micha\Desktop\FRST.txt
2018-08-14 13:54 - 2018-08-14 13:54 - 000000000 ____D C:\FRST
2018-08-14 13:53 - 2018-08-14 13:53 - 002412544 _____ (Farbar) C:\Users\micha\Downloads\FRST64.exe
2018-08-14 13:53 - 2018-08-14 13:53 - 002412544 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2018-08-14 13:53 - 2018-08-14 13:53 - 001773056 _____ (Farbar) C:\Users\micha\Downloads\FRST.exe
2018-08-14 13:52 - 2018-08-14 13:52 - 000015327 _____ C:\Users\micha\Desktop\LM.bat
2018-08-14 13:51 - 2018-08-14 13:52 - 000029696 _____ C:\Users\micha\AppData\Local\MSGBOX.EXE
2018-08-14 13:51 - 2018-08-14 13:51 - 000112640 _____ (forum.viry.cz) C:\Users\micha\Desktop\FRSTLauncher.exe
2018-08-14 12:51 - 2018-08-14 12:52 - 007417040 _____ (Malwarebytes) C:\Users\micha\Downloads\adwcleaner_7.2.2 (1).exe
2018-08-11 23:58 - 2018-08-11 23:58 - 024062288 _____ C:\Users\micha\Downloads\dro_setup.a05a206ed1cb62abf210dcbfd991f720.exe
2018-08-11 23:58 - 2018-08-11 23:58 - 000002044 _____ C:\Users\micha\Desktop\Drakensang Online.lnk
2018-08-11 23:58 - 2018-08-11 23:58 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2018-08-11 23:58 - 2018-08-11 23:58 - 000000000 ____D C:\Program Files (x86)\Drakensang Online
2018-08-11 22:05 - 2018-08-11 22:05 - 007553647 _____ C:\Users\micha\Downloads\Praeterita-World_Launcher.rar
2018-08-11 21:42 - 2018-08-11 21:43 - 2167714848 _____ C:\Users\micha\Downloads\WoD_2.0_Klient.zip
2018-08-11 17:00 - 2018-08-11 17:01 - 041203627 _____ C:\Users\micha\Downloads\pathCZ (2).rar
2018-08-11 15:09 - 2018-08-11 16:25 - 000000000 ____D C:\Users\micha\AppData\Roaming\Awesomium
2018-08-11 14:02 - 2018-08-11 14:03 - 000759582 _____ C:\Users\micha\Desktop\sadsad.bmp
2018-08-11 13:59 - 2018-08-14 13:55 - 000001927 _____ C:\Users\micha\Desktop\password l2.txt
2018-08-11 13:53 - 2018-08-11 13:53 - 000002324 _____ C:\Users\Public\Desktop\Lineage II.lnk
2018-08-11 13:53 - 2018-08-11 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2018-08-11 13:51 - 2018-08-11 13:51 - 004984744 _____ (NC Interactive, LLC) C:\Users\micha\Downloads\Lineage2Installer.exe
2018-08-11 13:51 - 2018-08-11 13:51 - 004984744 _____ (NC Interactive, LLC) C:\Users\micha\Desktop\Lineage2Installer.exe
2018-08-08 18:13 - 2018-08-08 18:26 - 000187992 _____ C:\Users\micha\Desktop\FileUploader.nast
2018-08-08 18:13 - 2018-08-08 18:13 - 000000031 _____ C:\Users\micha\Desktop\FileUploader.err
2018-08-08 18:08 - 2018-08-08 18:08 - 116922017 _____ C:\Users\micha\Downloads\13_mp3_files (online-audio-converter.com).zip
2018-08-08 17:10 - 2018-08-08 17:10 - 084525502 _____ C:\Users\micha\Downloads\[2018] Supa & Engerer - Biele Noci.zip
2018-08-04 16:26 - 2018-08-04 16:35 - 160957505 _____ C:\Users\micha\Downloads\Kali - Na oko 2018.rar
2018-08-04 14:14 - 2018-08-04 14:14 - 000309708 _____ C:\Users\micha\Downloads\dhc-continus-pil (1).pdf
2018-08-04 13:26 - 2018-08-04 13:26 - 000419328 _____ C:\Users\micha\Desktop\adenky0v1 (1).exe
2018-08-04 09:25 - 2018-08-04 09:25 - 000309708 _____ C:\Users\micha\Downloads\dhc-continus-pil.pdf
2018-08-03 13:02 - 2018-08-03 13:02 - 041203627 _____ C:\Users\micha\Downloads\pathCZ (1).rar
2018-08-01 14:48 - 2018-08-01 14:48 - 000419328 _____ C:\Users\micha\Downloads\adenky0v1.exe
2018-08-01 14:47 - 2018-08-01 14:47 - 000173421 _____ C:\Users\micha\Downloads\Adenky.rar
2018-08-01 03:57 - 2018-08-01 03:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-07-31 13:53 - 2018-07-31 13:54 - 036166301 _____ C:\Users\micha\Downloads\Soulja Boy - No Sleep (2018).zip
2018-07-31 01:11 - 2018-07-31 01:13 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-30 13:16 - 2018-07-30 13:17 - 011743103 _____ C:\Users\micha\Downloads\100KaAmbrosiaSystem.rar
2018-07-30 13:15 - 2018-07-30 13:16 - 041203627 _____ C:\Users\micha\Downloads\pathCZ.rar
2018-07-28 20:33 - 2018-07-28 20:38 - 007417040 _____ (Malwarebytes) C:\Users\micha\Downloads\adwcleaner_7.2.2.exe
2018-07-28 19:09 - 2018-07-28 19:09 - 000001181 _____ C:\Users\micha\Desktop\100ka.lnk
2018-07-28 16:28 - 2011-02-17 17:28 - 000001174 _____ C:\fear2.bmp
2018-07-28 16:28 - 2011-02-17 17:27 - 000001270 _____ C:\fear1.bmp
2018-07-28 16:28 - 2011-02-14 17:46 - 000001270 _____ C:\epic1.bmp
2018-07-28 16:28 - 2011-02-14 17:46 - 000001174 _____ C:\epic2.bmp
2018-07-28 16:26 - 2018-07-28 16:26 - 000018602 _____ C:\Users\micha\Downloads\Cresty-pro-Zabu.rar
2018-07-28 15:02 - 2018-07-28 15:03 - 042913111 _____ C:\Users\micha\Downloads\path.rar
2018-07-27 16:21 - 2018-07-27 16:26 - 094222915 _____ C:\Users\micha\Downloads\Sheen & Jickson - Grál (2018).rar
2018-07-27 11:36 - 2018-07-27 11:36 - 000120108 _____ C:\Users\micha\Downloads\funcaptcha_audio_2135b5ae7afd17af2.7173914805-8118.wav
2018-07-26 14:29 - 2018-07-26 14:34 - 546716797 _____ C:\Users\micha\Downloads\warland.zip
2018-07-26 14:16 - 2018-07-26 14:16 - 026849287 _____ C:\Users\micha\Downloads\systeml2elixirLIVE.rar
2018-07-25 17:51 - 2018-07-25 17:57 - 266606766 _____ C:\Users\micha\Downloads\L2_RELOAD_V1.4.rar
2018-07-25 16:23 - 2018-08-12 21:24 - 000000000 ____D C:\Users\micha\Desktop\Multi Function - SOUND 2017
2018-07-25 16:22 - 2018-07-25 16:23 - 034314491 _____ C:\Users\micha\Downloads\Multi Function - SOUND 2017.rar
2018-07-25 15:31 - 2018-07-25 15:31 - 033144770 _____ C:\Users\micha\Downloads\Denzel Curry - TA13OO Act 1 (2018).zip
2018-07-24 21:20 - 2018-07-24 21:20 - 000015747 _____ C:\Users\micha\Downloads\[CzT]Ztracen_v_dzungli_Jungle_2017_CZ_.torrent
2018-07-24 19:20 - 2018-07-24 19:23 - 000000000 ____D C:\Users\micha\Desktop\Zlá krev
2018-07-24 19:18 - 2018-07-24 19:18 - 000159409 _____ C:\Users\micha\Downloads\[CzT]Zla_krev_1986_CZ_.torrent
2018-07-18 18:25 - 2018-07-18 18:25 - 000015876 _____ C:\Users\micha\Downloads\[CzT]Tomb_Raider_2018_CZ_.torrent
2018-07-17 13:54 - 2018-07-17 13:54 - 000001030 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2018-07-17 13:54 - 2018-07-17 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2018-07-17 13:51 - 2018-07-26 19:39 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2018-07-17 13:51 - 2018-07-17 13:51 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2018-07-17 13:49 - 2018-07-31 14:43 - 000000000 ____D C:\Users\micha\AppData\Local\Battle.net
2018-07-17 13:49 - 2018-07-17 13:51 - 000000000 ____D C:\Users\micha\AppData\Roaming\Battle.net
2018-07-17 13:49 - 2018-07-17 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-07-17 13:48 - 2018-07-31 14:42 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-07-17 13:47 - 2018-07-17 13:47 - 000000000 ____D C:\Users\micha\AppData\Local\Blizzard
2018-07-17 13:46 - 2018-07-17 13:47 - 004702704 _____ (Blizzard Entertainment) C:\Users\micha\Downloads\World-of-Warcraft-Setup.exe
2018-07-17 13:14 - 2018-07-17 13:14 - 000000222 _____ C:\Users\micha\Desktop\Black Desert Online.url
2018-07-17 12:30 - 2018-07-17 12:32 - 214833697 _____ C:\Users\micha\Downloads\Wiz Khalifa - Rolling Papers 2 (2018) (1).zip
2018-07-17 09:28 - 2018-07-17 09:28 - 000022753 _____ C:\Users\micha\Downloads\[CzT]Thor_Ragnarok_2017_CZ_EN_1080pHD_.torrent
2018-07-16 22:14 - 2018-07-16 22:14 - 000072056 _____ C:\Users\micha\Downloads\[CzT]Tomb_Raider_2018_CZ_EN_1080pHD_ (1).torrent
2018-07-16 18:33 - 2018-07-16 18:33 - 000000000 ___HD C:\Users\Public\Shared Files
2018-07-16 18:27 - 2018-07-16 18:27 - 000000000 ____D C:\Users\micha\AppData\Local\FortniteGame
2018-07-16 17:54 - 2018-07-16 17:54 - 000010236 _____ C:\Users\micha\Downloads\[CzT]Jumanji_Vitejte_v_dzungli_Jumanji_Welcome_to_the_Jungle_2017_CZ_.torrent
2018-07-16 17:38 - 2018-07-16 17:38 - 000072056 _____ C:\Users\micha\Downloads\[CzT]Tomb_Raider_2018_CZ_EN_1080pHD_.torrent
2018-07-16 17:20 - 2018-07-16 17:20 - 000000000 ____D C:\Program Files\Epic Games
2018-07-16 17:12 - 2018-07-16 17:12 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngineLauncher
2018-07-16 17:12 - 2018-07-16 17:12 - 000000000 ____D C:\Users\micha\AppData\Local\EpicGamesLauncher
2018-07-16 17:10 - 2018-07-16 17:15 - 000000000 ____D C:\ProgramData\Epic
2018-07-16 17:10 - 2018-07-16 17:10 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-07-16 17:10 - 2018-07-16 17:10 - 000001258 _____ C:\Users\Public\Desktop\FORTNITE.lnk
2018-07-16 17:09 - 2018-07-16 17:09 - 000000000 ____D C:\Program Files (x86)\Epic Games
2018-07-16 17:07 - 2018-07-16 17:08 - 032362496 _____ C:\Users\micha\Downloads\EpicInstaller-7.9.2-fortnite-dcbc36143fca4e51b51272f933f76445.msi
2018-07-16 10:44 - 2018-07-16 10:44 - 053868664 _____ C:\Users\micha\Downloads\torbrowser-install-7.5.6_en-US.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-14 13:54 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-14 13:51 - 2017-05-26 17:07 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-14 13:44 - 2017-05-26 15:55 - 000000000 __SHD C:\Users\micha\IntelGraphicsProfiles
2018-08-14 13:43 - 2018-05-17 01:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-14 13:43 - 2018-01-15 19:04 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-08-14 13:43 - 2017-08-17 03:36 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-14 13:42 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-14 13:34 - 2018-05-17 00:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-12 23:44 - 2018-05-17 01:01 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2098420633-2728263080-367330404-1001
2018-08-12 23:44 - 2018-05-17 00:34 - 000002394 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-12 23:44 - 2017-05-26 15:59 - 000000000 ___RD C:\Users\micha\OneDrive
2018-08-12 01:00 - 2018-05-17 00:49 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-12 01:00 - 2018-04-12 17:50 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2018-08-12 01:00 - 2018-04-12 17:50 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2018-08-12 01:00 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-12 00:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-12 00:52 - 2018-05-17 00:34 - 000000000 ____D C:\Users\micha
2018-08-11 16:23 - 2018-05-30 00:27 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2018-08-11 13:53 - 2017-05-29 13:09 - 000000000 ____D C:\Program Files (x86)\NCSOFT
2018-08-11 13:53 - 2017-03-01 14:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-08-11 13:52 - 2017-05-29 14:49 - 000000000 ____D C:\Program Files (x86)\NCWest
2018-08-11 13:52 - 2017-05-29 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2018-08-10 22:13 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-08 18:14 - 2017-05-27 11:54 - 000000000 ____D C:\Users\micha\AppData\Roaming\AIMP
2018-08-02 17:12 - 2018-07-11 15:02 - 000000000 ____D C:\ProgramData\Packages
2018-08-01 03:57 - 2017-03-01 13:56 - 000002566 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-01 03:57 - 2017-03-01 13:56 - 000002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-01 03:57 - 2017-03-01 13:56 - 000002537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-01 03:57 - 2017-03-01 13:56 - 000002532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-01 03:57 - 2017-03-01 13:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-31 18:11 - 2018-07-03 20:31 - 000000000 ____D C:\Users\micha\AppData\Roaming\Mp3tag
2018-07-31 01:26 - 2017-05-27 10:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\DAEMON Tools Lite
2018-07-31 01:25 - 2018-05-14 17:46 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-31 01:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-31 01:25 - 2017-05-27 13:03 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2018-07-26 14:17 - 2018-05-23 15:52 - 000571824 ____N C:\WINDOWS\system32\Drivers\smrtkrnl.sys
2018-07-24 21:30 - 2017-05-27 00:53 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2018-07-19 09:59 - 2018-06-17 01:06 - 000000000 ____D C:\Program Files\CCleaner
2018-07-18 22:38 - 2017-06-02 00:47 - 000000000 ____D C:\Users\micha\AppData\Roaming\vlc
2018-07-18 00:21 - 2017-05-30 16:41 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2018-07-16 18:33 - 2018-04-12 01:38 - 000000000 __SHD C:\Users\Public\Libraries
2018-07-16 18:33 - 2017-03-01 14:52 - 000000000 ___HD C:\Intel
2018-07-16 18:27 - 2018-03-02 15:57 - 000000000 ____D C:\Users\micha\AppData\Roaming\EasyAntiCheat
2018-07-16 18:27 - 2018-01-22 00:34 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngine
2018-07-16 17:13 - 2017-03-01 14:46 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-16 11:38 - 2018-03-05 09:25 - 000000000 ____D C:\Users\micha\AppData\LocalLow\Mozilla
2018-07-16 10:53 - 2018-05-25 13:55 - 000000917 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
==================== Files in the root of some directories =======
2017-09-17 12:05 - 2017-09-17 12:05 - 000000073 _____ () C:\Users\micha\dlnk.bat
2018-08-14 13:51 - 2018-08-14 13:52 - 000029696 _____ () C:\Users\micha\AppData\Local\MSGBOX.EXE
2017-10-27 10:56 - 2017-10-27 10:56 - 000014288 _____ () C:\Users\micha\AppData\Local\recently-used.xbel
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-17 00:23
==================== End of FRST.txt ============================
Re: Kontrola logu
Napsal: 14 srp 2018 13:00
od PacandaMilan
Addition.txt
Kód: Vybrat vše
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by micha (14-08-2018 13:56:40)
Running from C:\Users\micha\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-16 23:03:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2098420633-2728263080-367330404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2098420633-2728263080-367330404-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2098420633-2728263080-367330404-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2098420633-2728263080-367330404-501 - Limited - Disabled)
micha (S-1-5-21-2098420633-2728263080-367330404-1001 - Administrator - Enabled) => C:\Users\micha
WDAGUtilityAccount (S-1-5-21-2098420633-2728263080-367330404-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1895, 07.05.2017 - AIMP DevTeam)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.54 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703900}) (Version: 3.9.0.0 - Betternet Technologies Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.0.0337 - Disc Soft Ltd)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
iTunes (HKLM\...\{30771861-1BBF-4BE2-8CD2-FB282C58C3ED}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{6FEDADF5-40EC-4E18-A376-0FDBACE65338}) (Version: 4.2.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mp3tag v2.88a (HKLM-x32\...\Mp3tag) (Version: 2.88a - Florian Heidenreich)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA Ovladač 3D Vision 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.54 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.16.49299 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.54 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - Intel Corporation Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-05-27] (AIMP DevTeam)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-05-31] (Florian Heidenreich)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-01-12] (Disc Soft Ltd)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-05-31] (Florian Heidenreich)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-01-12] (Disc Soft Ltd)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-05-27] (AIMP DevTeam)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-05-31] (Florian Heidenreich)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxDTCM.dll [2017-11-21] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-02] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {021459C8-F5C1-47FD-8FAC-9EE50273BED2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {060E840E-652E-406A-9F0E-63A4D58343E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {096C44B3-7F97-4D4C-8F9C-EC7BC948B59D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-14] (Intel(R) Corporation)
Task: {0A38F2AF-53B4-440F-95F1-0871D6B14DD2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {17B606C4-C16B-49EA-BD4B-4D0B1B4F444B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {222AA0C0-EEC8-406C-B45A-2A5E0B1E5139} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {33C15DBA-7D4E-4F4B-ACE9-345F602C9195} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {34AAA9DC-306D-475B-8BED-403B2AD25A0C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {3F895732-BFA7-46FE-B2D3-9E9B59702462} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {52C9A097-442C-4F20-BA67-A7ED814F9DEE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {68351260-DE73-40E1-9801-DD873AAA23A5} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {697243EB-DC7F-4E2F-9024-0E26F3BB17C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {8570AA56-975A-445F-AF9D-9F5DDD834EF2} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {903DF1BB-1889-4CD9-8B85-DE0C547A6C25} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {91887464-37FA-4AF4-83B0-999DD6DDB00B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-31] (Microsoft Corporation)
Task: {A6D29657-41A7-408B-A0FA-86F72FE3378C} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {AC4597FA-D141-4008-AA47-3D29826A286A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {B3BB94D7-9D74-48D6-BC02-FD080487606B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {B5179B98-8D80-403D-818B-875DA519764F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {BF79C079-D05C-4EEF-9164-26371CF74F59} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {D0330CDC-DAB8-418B-A6B0-93C5D8783924} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {DA159048-4467-43C1-A3DE-81821F46E062} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f3d8dacd-0887-45b2-885c-f8d1a0ff584c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {EE6D67E7-6DE1-4BDD-99F0-C9A06C8ABEF8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\17778c4e-d050-488c-9612-7e719defb026 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F479144A-7A0C-4513-B8EF-61FCC6ED2C43} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\119ed1cc-70be-4252-ad72-302191db502e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F551C8D3-0C44-4AF8-9ABC-1438D61642E6} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-31] (Microsoft Corporation)
Task: {F7779867-8658-4D7F-8D31-E364287BBC9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {F920C529-A92F-40FB-BA61-0C579E735345} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [2017-04-28] (Lenovo(beijing) Limited)
Task: {FA032EC7-D116-4169-8D8B-241BDA0185D3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7117b6ed-31b7-4c2a-b92d-5920fe7c1288 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-18 06:00 - 2016-10-18 06:00 - 000107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll
2016-10-18 06:00 - 2016-10-18 06:00 - 000412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-11-02 03:18 - 2016-11-02 03:18 - 000253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll
2018-07-11 15:01 - 2018-07-11 15:01 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-08-10 22:12 - 2018-08-10 22:13 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-10 22:12 - 2018-08-10 22:13 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-10 22:12 - 2018-08-10 22:13 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-10 22:12 - 2018-08-10 22:13 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-05-29 17:07 - 2017-04-28 19:08 - 000755040 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x64\resPic.dll
2016-06-24 02:33 - 2016-06-24 02:33 - 000829632 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2018-07-16 17:12 - 2018-07-16 17:12 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-07-16 17:12 - 2018-07-16 17:12 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-07-16 17:12 - 2018-07-16 17:12 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 14:31 - 2018-07-06 08:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-19 05:02 - 2016-09-19 05:02 - 000163336 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2017-11-16 03:13 - 2017-11-10 11:57 - 002871640 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libglesv2.dll
2017-11-16 03:13 - 2017-11-10 11:57 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libegl.dll
2017-05-29 17:07 - 2017-04-28 19:08 - 001896800 _____ () C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderApi.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-11-09 05:40 - 2016-11-09 05:40 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\jwHbJZA.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "Bloody2"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{E704FD14-8CC6-43D6-8FB6-E8C8425244E3}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [TCP Query User{74746FA3-7E11-4FC3-941E-596C1EA710AE}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [UDP Query User{D14E7823-04B9-4475-B92A-363C04C63EF8}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [TCP Query User{16A64D5D-AF31-45F9-87BB-79673A1EEF29}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe
FirewallRules: [{C96EB0A3-118C-439E-908D-5E6883322610}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C27942F9-F531-40D9-AD2D-1C0FAAB204B2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [{243F4518-E32E-430A-A478-2F6F645E507B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99DB115B-5396-4008-839A-F9D505D668D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12270E1D-4E4F-4790-AA02-A2F01B84D47A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F89D550-1153-4BF9-8CA0-A1A039DF5795}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A13776D-31DC-4ACC-9BEC-8F1EC76E01BB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F04142BA-BC5E-4434-B2A2-99170F963E61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CB3D77A9-39CF-49A8-9A14-611FED22B7A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FFD657E6-070E-42B9-AB43-C28DB913DD02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{B062530A-373D-4B00-9769-CE668D092732}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{ACB4B6A3-56B4-4C5A-A5E0-D84C2133443B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2017\PES2017.exe
FirewallRules: [{BC2910FA-F43B-442D-80A2-9B48D7370F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pro Evolution Soccer 2017\PES2017.exe
FirewallRules: [UDP Query User{12E584B6-E057-4E2C-A598-BD58955FF476}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C99FAA42-8E2E-4526-9971-0DEF72040A17}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4186074D-33F3-4562-9AB6-CC0C7A71F381}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B10CB0A-FF55-44DB-A0F7-1C5A8DC6042C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9C208666-E0DE-470F-86FA-00BE90A3A55A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D67DC3D3-96BA-48B9-B214-0C7E31837161}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC426318-EB86-45C3-883D-ADF3269505DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C9F9E622-038F-4025-9E6A-22C4BD69DC2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{B2D82A4F-D4F7-424F-B219-77C6351FF57D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{33F1DC30-D16E-4858-87E0-A05A96411EAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{EE1D13F5-B4A2-410F-94B7-63E64C29C7D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{7B30B731-EB71-4911-9194-7A2AAD3FBB32}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{92FE1030-B834-44D9-B620-95531EC9B2A9}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{0513D0EB-9189-49AE-B57B-00478EE24FED}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{988969C4-BED2-48E2-8C1F-74B9620B9887}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{1E2B78C3-846D-4066-ADE2-22A42F89BD9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MorphVOX Pro\MorphVOXPro.exe
FirewallRules: [{E8FB5825-8D80-4C5A-82F9-3D70E5698F32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MorphVOX Pro\MorphVOXPro.exe
FirewallRules: [TCP Query User{E6DE67ED-A4B6-492F-8663-ED6451CA7FFC}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{85270FF2-181F-4970-8123-2AF8DBD47728}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{139ED651-3109-4031-856C-BEC4438ED90E}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B9DC369C-E660-4180-958F-B964525846C7}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{83515C7E-A950-41C6-9063-D49DAEF2DDC5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{28C882D3-9345-41A9-83D3-10B8DF4548EB}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{A91DAC19-DFA8-4FEC-9E01-8BF0E92031AB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C2397AFC-647F-47FF-88BC-043D69B4A960}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [{B11FF173-124C-4AE2-B934-D8BD75A3987A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\steam_launcher.exe
FirewallRules: [{56BC3E54-FB78-4E53-B7AE-E34DEF67EB99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\steam_launcher.exe
FirewallRules: [{12EAA0D0-85C5-4F1A-8742-F3FBD5FB57F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\config.exe
FirewallRules: [{37231DC6-3C4F-413E-BF89-585E9CCAF78C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metin2\config.exe
FirewallRules: [TCP Query User{C56EBC5B-BE08-4B8B-B82F-7F3D7E696CC8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{32F88B5A-E11F-42CD-ACE7-B4D9AA36927F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [TCP Query User{68F072B9-718B-41A2-A3F8-3BFDC90F7922}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [UDP Query User{0D3BA90D-5080-4CEA-AEA1-E39A1BE04823}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [TCP Query User{2CD5601E-443D-4FE8-B974-8CF7AC7F3F56}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{173A1D9B-2AE3-41A2-B71D-EF6B9963E455}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
==================== Restore Points =========================
31-07-2018 09:54:36 Naplánovaný kontrolní bod
09-08-2018 21:12:00 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-M9MKBN0R.local already in use; will try LAPTOP-M9MKBN0R-2.local instead
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 LAPTOP-M9MKBN0R.local. Addr 10.0.0.1
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353 16 LAPTOP-M9MKBN0R.local. AAAA 2A00:1028:83A0:439E:4D11:5E12:DEDF:0911
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 LAPTOP-M9MKBN0R.local. AAAA FE80:0000:0000:0000:4D11:5E12:DEDF:0911
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353 16 LAPTOP-M9MKBN0R.local. AAAA 2A00:1028:83A0:439E:4D11:5E12:DEDF:0911
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 LAPTOP-M9MKBN0R.local. Addr 10.0.0.1
Error: (08/14/2018 12:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353 16 LAPTOP-M9MKBN0R.local. AAAA 2A00:1028:83A0:439E:4D11:5E12:DEDF:0911
Error: (08/12/2018 08:16:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program l2.bin verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.
ID procesu: 316c
Čas spuštění: 01d43231cdedaea4
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Hry\Lineage II C6\system\l2.bin
ID hlášení: 18341cd4-bf8e-42cb-b962-c2036232f26c
Úplný název balíčku s chybou:
ID aplikace související s balíčkem s chybou:
System errors:
=============
Error: (08/14/2018 01:53:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (08/14/2018 01:51:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (08/14/2018 01:49:34 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-M9MKBN0R)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-M9MKBN0R\micha (SID: S-1-5-21-2098420633-2728263080-367330404-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (08/14/2018 01:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (08/14/2018 01:47:20 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-M9MKBN0R)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-M9MKBN0R\micha (SID: S-1-5-21-2098420633-2728263080-367330404-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (08/14/2018 01:44:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (08/14/2018 01:44:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby FontCache3.0.0.0 bylo dosaženo časového limitu (30000 ms).
Error: (08/14/2018 01:42:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba GameRecorderSVC byla neočekávaně ukončena. Tento stav nastal již 1krát.
CodeIntegrity:
===================================
Date: 2018-08-07 10:48:40.179
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-08-02 01:29:11.298
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-18 08:00:12.317
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-16 17:17:24.895
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-06 12:15:39.622
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-05 12:13:53.337
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-01 19:45:17.649
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-17 00:53:10.297
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 39%
Total physical RAM: 8067.16 MB
Available physical RAM: 4896.19 MB
Total Virtual: 11139.16 MB
Available Virtual: 7046.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:199.47 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS
\\?\Volume{cd5721fe-09d1-484a-ad12-acaa4840104b}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.55 GB) NTFS
\\?\Volume{811d9115-b361-4b5d-b80f-1cae0ecf1d1b}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E9306BA6)
Partition: GPT.
==================== End of Addition.txt ============================
Re: Kontrola logu
Napsal: 14 srp 2018 15:01
od Rudy
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0A38F2AF-53B4-440F-95F1-0871D6B14DD2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {697243EB-DC7F-4E2F-9024-0E26F3BB17C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {F7779867-8658-4D7F-8D31-E364287BBC9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> DefaultScope {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Re: Kontrola logu
Napsal: 14 srp 2018 15:25
od PacandaMilan
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by micha (14-08-2018 16:20:08) Run:2
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: defaultuser0 & micha)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0A38F2AF-53B4-440F-95F1-0871D6B14DD2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {697243EB-DC7F-4E2F-9024-0E26F3BB17C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
Task: {F7779867-8658-4D7F-8D31-E364287BBC9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-26] (Google Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> DefaultScope {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
SearchScopes: HKU\S-1-5-21-2098420633-2728263080-367330404-1001 -> {B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} URL =
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A38F2AF-53B4-440F-95F1-0871D6B14DD2} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{697243EB-DC7F-4E2F-9024-0E26F3BB17C5} => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7779867-8658-4D7F-8D31-E364287BBC9F} => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-2098420633-2728263080-367330404-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-2098420633-2728263080-367330404-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} => not found
HKLM\Software\Classes\CLSID\{B130CEC8-7EE4-46AA-B3B3-06E28050D6C0} => not found
=========== EmptyTemp: ==========
BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8441974 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -1272 B
Edge => 3584 B
Chrome => 8475998 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
micha => 54622 B
RecycleBin => 0 B
EmptyTemp: => 25.2 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:20:19 ====
Re: Kontrola logu
Napsal: 14 srp 2018 15:55
od Rudy
Smazáno. Log by již měl být OK.
Re: Kontrola logu
Napsal: 14 srp 2018 15:59
od PacandaMilan
Děkuji !
Re: Kontrola logu
Napsal: 14 srp 2018 17:24
od Rudy
Rádo se stalo!
