Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Windows 7 - cmd.exe nefunguje

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Zpráva
Autor
EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Windows 7 - cmd.exe nefunguje

#1 Příspěvek od EI3ki »

Dobrý den,
začal mi trochu blbnout operační systém Windows 7.
Přestal mi fungovat cmd.exe. Když systém spustím, funguje, ale poté, co spustím Microsoft Outlook 2010, tak jakýkoliv pokud spustit cmd.exe nebo powershell vyhodí chybu:
Aplikace (0xc0000142) se nepodařilo správně spustit. Kliknutím na tlačítko OK aplikaci ukončíte.
cmd.exe nejde spustit ani když ho najdu ve složce C:\Windows.

Možná to má co dočinění s connhost.exe. Windows 7 se updatnul, a poté mi Norton začal hlásit spouštění některých souborů, nikdy jsem tyto názvy neviděl, jedním z nich byl connhost.exe.

Zároveň mi outlook hlásí, že nejde přijímat zprávy, zajímavé je že blbne jen seznam email. Gmail funguje pořád bez problémů. Outlook má nějaký problém se zabezpečením SSL, možná to bude interní průser seznamu, netuším. Ale na nezabezpečených portech (podle návodu seznamu) pošta funguje.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Windows 7 - cmd.exe nefunguje

#2 Příspěvek od Rudy »

Zdravím!
Zkuste obnovu systému k datu, kdy korektně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Re: Windows 7 - cmd.exe nefunguje

#3 Příspěvek od EI3ki »

Bohužel obnovu dat mám tuším vypnutou, už nevím proč se to dělalo.
Tak cmd.exe přestal fungovat i když jsem nespouštěl outlook. Chvíli jsem to zkoušel, pak jsem chvíli byl na chromu a discordu, a cmd. exe už nejde spustit.
Mám ale k dispozici starší zálohu, asi půl roku starou.
Nejde spustit ani jako administrator.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Windows 7 - cmd.exe nefunguje

#4 Příspěvek od Rudy »

To je špatné. Pokud nefunguje CMD, nemůžeme spustit ani kontrolu systémových souborů. Zkuste ještě opravu systému pomocí WindowsRepair: https://www.stahuj.cz/utility_a_ostatni ... 5D=1141382..) .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Re: Windows 7 - cmd.exe nefunguje

#5 Příspěvek od EI3ki »

Spustil jsem systém v safe mode, provedl jsem kontrolu systémových souborů podle tohoto návodu:
https://support.microsoft.com/en-us/hel ... ted-system
nebyly nalezeny žádné chyby.
Další věc, které jsem si všiml je to, že nejde spustit ani reg.exe
Několikrát to na mě bliklo když jsem instaloval ten repair program.
V safe modu funguje cmd bez problémů.
Cmd taky jde spustit i v normálním modu těsně po přihlášení (i když jednou se stalo že už po přihlášení nefungoval). Přestane jít až někdy v průběhu činnosti na PC. Zcela spolehlivě ho "deaktivuje" outlook.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Windows 7 - cmd.exe nefunguje

#6 Příspěvek od Rudy »

OK. Zkuste Office přeinstalovat. Můžeme také provést kontrolu na malware, ale pochbuji, že to má souvislost. Takový virus neznám.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Re: Windows 7 - cmd.exe nefunguje

#7 Příspěvek od EI3ki »

Office jsem odinstaloval, restartoval PC. Cmd opět chvíli fungoval, po spuštění google chrome, steam a discordu opět přestal fungovat.
PC prověřen na viry prostřednictvím Norton 360, na malware prostřednictvím Malwarebytes, žádný výsledek.

EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Re: Windows 7 - cmd.exe nefunguje

#8 Příspěvek od EI3ki »

Problém je, že teď nenainstaluji office zpátky, protože v průběhu mi to nahlásí chybu.
Ani v nouzovém režimu nejde nainstalovat, zobrazí se tato hláška:
https://i.imgur.com/FOHpNMr.png
Pokud to jinak nepůjde, obnovím systém ze zálohy. Jen mě štve, že je ta záloha půl roku stará, takže budu muset asi všechno zaktualizovat a případně něco doinstalovat :(

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Windows 7 - cmd.exe nefunguje

#9 Příspěvek od Rudy »

OK. Ještě se zkusíme podívat na malware. Dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Re: Windows 7 - cmd.exe nefunguje

#10 Příspěvek od EI3ki »

Zdravím,
takže, během spouštění mi asi jednou vyběhlo okno s cmd.exe, potom asi 3x během scanu. Nevím jak moc to mohlo ovlivnit scan, každopádně zde jsou logy:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2020
Ran by UZIVATEL (16-01-2020 15:55:07)
Running from D:\STAHOVÁNÍ
Windows 7 Professional Service Pack 1 (X64) (2012-12-09 17:45:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2256836906-727358072-4034569923-500 - Administrator - Disabled)
UZIVATEL (S-1-5-21-2256836906-727358072-4034569923-1000 - Administrator - Enabled) => C:\Users\UZIVATEL
Guest (S-1-5-21-2256836906-727358072-4034569923-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden
Acronis True Image (HKLM-x32\...\{7731CFE5-70AE-4EFD-9989-0B97986B6FA9}) (Version: 24.5.22510 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{7731CFE5-70AE-4EFD-9989-0B97986B6FA9}Visible) (Version: 24.5.22510 - Acronis)
Aktualizace NVIDIA 38.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.1.0 - NVIDIA Corporation) Hidden
Ashampoo Burning Studio 15 v.15.0.0 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.0 - Ashampoo GmbH & Co. KG)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.2 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.2 - ASUSTek COMPUTER INC.)
AURA(GRAPHICS CARD) (HKLM-x32\...\{DC4B1162-71C9-4F98-BC54-A3B205B046E7}) (Version: 0.0.4.1 - )
Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Discord (HKU\S-1-5-21-2256836906-727358072-4034569923-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
Do It Again (HKLM-x32\...\{85BF0E64-6ABB-4EA1-A026-A3DEA6554A60}) (Version: 1.6.0 - spacetornado software)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GOG.com The Settlers 4 GOLD (HKLM\...\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune Pro 5.00 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP FWUpdateEDO3 (HKLM-x32\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP LaserJet 100 color MFP M175 (HKLM-x32\...\{965D0289-10E1-45ec-B11F-A60AC9AE8D4D}) (Version: - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (HKLM-x32\...\{9767CBB5-2A81-427D-8F05-497737D56AA0}) (Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM175DSService (HKLM-x32\...\{A5949B71-46FB-43F3-8852-4E74D9FC7564}) (Version: 001.001.05133 - Hewlett-Packard) Hidden
HPLaserJet100ColorMFPM175_HelpLearnCenter_SI (HKLM-x32\...\{19542156-285B-458C-994D-2A21889001DF}) (Version: 1.00.0000 - Hewlett-Packard)
hppLaserJetService (HKLM-x32\...\{621F8F71-4D04-4862-A258-D4895DE676D6}) (Version: 002.015.00602 - Hewlett-Packard) Hidden
hppM175LaserJetService (HKLM-x32\...\{020B8383-8F4E-4ADD-8D61-5ADEB1EBBC70}) (Version: 001.014.00480 - Hewlett-Packard) Hidden
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
KeyDominator2 (HKLM-x32\...\BloodyKeyboard) (Version: 17.12.0002 - Bloody)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Matrix-ks (HKLM-x32\...\{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}) (Version: 3.6 - KellySoftware)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - )
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: - )
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.19.9.63 - Symantec Corporation)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 2.7.0.630 - Symantec Corporation) Hidden
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 436.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.48 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{AC5FFE7C-7101-4639-8559-92F3139F3FDC}) (Version: 16.0.183 - O&O Software GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.47.29954 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 436.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 436.48 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
qBittorrent 4.2.0 (HKLM-x32\...\qBittorrent) (Version: 4.2.0 - The qBittorrent project)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.06 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
The Settlers IV GOLD (HKLM-x32\...\GOGPACKSETTLERS4GOLD_is1) (Version: 2.0.0.4 - GOG.com)
Total Commander PowerPack 2.0 beta (HKLM-x32\...\TC PowerPack 2) (Version: 2.0 beta - bukox.net Adam Bukowiński)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Zero Hour Reborn The Last Stand (HKLM-x32\...\{24AEE00B-90C1-4254-8D1E-53CDBAE2187C}) (Version: 1.0.0 - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2256836906-727358072-4034569923-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2256836906-727358072-4034569923-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2256836906-727358072-4034569923-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2256836906-727358072-4034569923-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2256836906-727358072-4034569923-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2256836906-727358072-4034569923-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_5_22510.dll [2019-11-18] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_5_22510.dll [2019-11-18] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_5_22510.dll [2019-11-18] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_5_22510.dll [2019-11-18] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Data Eraser] -> {78DCE6B2-1046-11DC-ADD4-574956D89593} => -> No File
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed]
ContextMenuHandlers1: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2012-11-01] (O and O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers1-x32: [PDFArchitectExtension] -> {DBDB3433-0E01-40CE-A026-D9F54FAC3CA9} => C:\Program Files (x86)\PDF Architect\ContextMenuExt.dll [2013-04-08] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.19.9.63\NavShExt.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2012-11-01] (O and O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.19.9.63\NavShExt.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Data Eraser] -> {78DCE6B2-1046-11DC-ADD4-574956D89593} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.19.9.63\buShell.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [OODefrag] -> {48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => C:\Program Files\OO Software\Defrag\oodsh.dll [2012-11-01] (O and O Software GmbH -> O&O Software GmbH)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.19.9.63\NavShExt.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-10] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.XFR1] => xfcodec64.dll
HKLM\...\Drivers32: [VIDC.WMV3] => C:\Windows\SysWOW64\wmv9vcm.dll [1415680 2003-06-23] (Microsoft Corporation) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\UZIVATEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2017-09-21 20:27 - 2016-07-05 20:18 - 001744384 _____ () [File not signed] C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\Vender.dll
2013-02-23 10:47 - 2013-02-23 10:47 - 000166400 _____ (Brice Lambson) [File not signed] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2013-04-08 17:03 - 2013-04-08 17:03 - 000299008 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\PDF Architect\libcurl.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll
2018-08-09 20:06 - 2019-06-11 07:21 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2018-08-09 20:06 - 2019-06-11 07:22 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2013-04-08 17:03 - 2013-04-08 17:03 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\PDF Architect\LIBEAY32.dll
2013-04-08 17:03 - 2013-04-08 17:03 - 000274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\PDF Architect\SSLEAY32.dll
2018-04-06 19:29 - 2018-04-06 19:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll
2018-04-06 19:29 - 2018-04-06 19:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll
2018-08-09 20:06 - 2019-07-12 08:23 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2018-08-09 20:06 - 2019-07-12 08:23 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2018-08-09 20:06 - 2019-07-12 08:23 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2018-08-09 20:06 - 2019-07-12 08:23 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2018-08-09 20:06 - 2019-07-12 08:23 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2018-08-09 20:06 - 2019-07-12 08:23 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\Qt\labs\settings\qmlsettingsplugin.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000044032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000015872 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\QtQml\Models.2\modelsplugin.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000101376 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\QtQuick\Extras\qtquickextrasplugin.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000071680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000259072 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2018-11-28 17:40 - 2018-11-28 17:40 - 000015872 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Norton Secure VPN\client\QtQuick\Window.2\windowplugin.dll
2017-09-21 20:27 - 2016-07-01 09:31 - 001624576 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\VGA_Extra.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\UZIVATEL:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [136]
AlternateDataStreams: C:\ProgramData\TEMP:635FFD7D [157]
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [338]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28335517.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30888861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28335517.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30888861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2256836906-727358072-4034569923-1000\...\4game.com -> hxxps://4game.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-12-09 23:57 - 000001461 ____N C:\Windows\system32\drivers\etc\hosts
127.0.0.1 license.superantispyware.com127.0.0.1 host42.hrwebservices.net
127.0.0.1 rdr2ps3.ms4.gamespy.com
127.0.0.1 match.gta4ps3.gamespy.com
127.0.0.1 *.ms4.gamespy.com
127.0.0.1 207.38.11.34
127.0.0.1 Owner-PC.gateway.2wire.net
127.0.0.1 host42.hrwebservices.net
127.0.0.1 rdr2ps3.ms4.gamespy.com
127.0.0.1 match.gta4ps3.gamespy.com
127.0.0.1 *.ms4.gamespy.com
127.0.0.1 207.38.11.34
127.0.0.1 Owner-PC.gateway.2wire.net
127.0.0.1 host42.hrwebservices.net
127.0.0.1 rdr2ps3.ms4.gamespy.com
127.0.0.1 match.gta4ps3.gamespy.com
127.0.0.1 *.ms4.gamespy.com
127.0.0.1 207.38.11.34
127.0.0.1 Owner-PC.gateway.2wire.net

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> ;C:\Windows\system32;C:\Windows;C:\Windows\system32\Wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-2256836906-727358072-4034569923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\UZIVATEL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: ekrn => 2
MSCONFIG\startupfolder: C:^Users^UZIVATEL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^StartUp^DesktopVideoPlayer.lnk => C:\Windows\pss\DesktopVideoPlayer.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Registry Repair Wizard Scheduler => "C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{644305FB-2D13-465D-9E8C-F21F9FD4DA9A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{54E8933A-5D69-4D89-9335-384237478B5F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{31F1BFC4-4D15-4BA8-8A4F-15C46DBA3E36}] => (Allow) LPort=6500
FirewallRules: [{68765F5B-CD1F-4323-B26B-C5A91AF903D1}] => (Allow) LPort=13139
FirewallRules: [{DC26A6F5-B6C3-4EB1-BC20-AC0EEDF67372}] => (Allow) K:\SteamLibrary\SteamApps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe No File
FirewallRules: [{F99CAC7D-2F42-47FF-BEBA-8A765B19F824}] => (Allow) K:\SteamLibrary\SteamApps\common\Zeno Clash 2\Binaries\Win32\ZC2.exe No File
FirewallRules: [{9DE59C81-D5F2-4E86-9522-7D40A1C407D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E0B1E870-7D07-431A-86FB-02D58B8BA5E3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2F1D6878-D863-4573-90F9-E527F86E1B6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.)
FirewallRules: [{964C2402-0B74-497C-B804-669BC5E76868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.)
FirewallRules: [{0CC9687F-A6FD-44B3-944A-586D644A6139}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{5C597EF6-3A2D-4722-A1DD-7DB8CFB12B92}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{17F794ED-6346-4796-A130-F5FD160641A9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{5CC8E5CB-D627-4007-8B72-CEC67B2686F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{EEEA4A94-9CFF-4BE6-A6D3-E73EC72BE8C1}] => (Allow) D:\HRY\steamapps\common\Saints Row IV\SaintsRowIV.exe (Koch Media GmbH) [File not signed]
FirewallRules: [{26F553D5-8FF7-43E1-8B88-36B977E93B4C}] => (Allow) D:\HRY\steamapps\common\Saints Row IV\SaintsRowIV.exe (Koch Media GmbH) [File not signed]
FirewallRules: [{2DF202D5-E889-44BC-8EAF-5ED21B4C178F}] => (Allow) D:\HRY\steamapps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{9EA2CD02-60DB-4FBA-97A6-D897B65EF47B}] => (Allow) D:\HRY\steamapps\common\Command and Conquer 3 - Kane's Wrath\CNC3EP1.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{C7A3CE6C-6B41-415D-A353-66A7CCEEFB85}] => (Allow) D:\HRY\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe (GSC Game World -> )
FirewallRules: [{28B52EC9-5441-401F-8FEC-1AB44A2DAEF1}] => (Allow) D:\HRY\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe (GSC Game World -> )
FirewallRules: [{2FAE8FB4-C47E-4C5F-8194-908602048608}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Duodian Online Technology Co. Ltd. -> )
FirewallRules: [{11E113B2-1259-4DF7-9125-1BBA0A8A3D6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe (Cryptic Studios Inc. -> )
FirewallRules: [{7BF5C492-C67E-494C-AB13-C8EE89A3D2FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe (Cryptic Studios Inc. -> )
FirewallRules: [{9BF28365-87B3-4321-A9BC-DF28D5C15B77}] => (Allow) D:\HRY\steamapps\common\Quake 3 Arena\quake3.exe () [File not signed]
FirewallRules: [{E4C603EE-9402-420B-B79E-52BE598A030F}] => (Allow) D:\HRY\steamapps\common\Quake 3 Arena\quake3.exe () [File not signed]
FirewallRules: [{F3B781DC-DB98-4A33-ADD1-351FA70B2D9E}] => (Allow) C:\Users\UZIVATEL\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) [File not signed]
FirewallRules: [{DF00BB4C-238C-42DF-A367-5C47BFEAC233}] => (Allow) C:\Users\UZIVATEL\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) [File not signed]
FirewallRules: [{00EE79AA-840B-4554-9C66-A46BCB18B436}] => (Allow) D:\HRY\steamapps\common\Star Wars Empire at War\runme.exe () [File not signed]
FirewallRules: [{2794059E-78B2-41FC-B75A-1152DA2F6CDD}] => (Allow) D:\HRY\steamapps\common\Star Wars Empire at War\runme.exe () [File not signed]
FirewallRules: [{B4ADE25E-1C35-4F7E-BD29-18CA858747E6}] => (Allow) D:\HRY\steamapps\common\Star Wars Empire at War\runme2.exe () [File not signed]
FirewallRules: [{E7EF996F-5BE4-4E63-BB4C-3502822602E5}] => (Allow) D:\HRY\steamapps\common\Star Wars Empire at War\runme2.exe () [File not signed]
FirewallRules: [{04D0C204-2B34-41EF-89B7-4361D47D79F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2CCA3EFD-C154-438F-B242-1D5784522A75}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{60FF8E2A-3B26-48A4-9FE7-9F0F57589D46}] => (Allow) D:\HRY\steamapps\common\Saints Row the Third\game_launcher.exe (THQ Inc.) [File not signed]
FirewallRules: [{C1757317-09A9-4280-BA8E-F6BABF5426E9}] => (Allow) D:\HRY\steamapps\common\Saints Row the Third\game_launcher.exe (THQ Inc.) [File not signed]
FirewallRules: [{49D51C07-AD83-4342-B671-7182817A356D}] => (Allow) D:\HRY\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (Valve Corp. -> THQ Inc.) [File not signed]
FirewallRules: [{B243F948-40BA-458E-A86B-59FBADDB1502}] => (Allow) D:\HRY\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe (Valve Corp. -> THQ Inc.) [File not signed]
FirewallRules: [{AA2902CC-FCBA-4229-A323-1D673BABFBC3}] => (Allow) D:\HRY\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (Valve Corp. -> THQ Inc.) [File not signed]
FirewallRules: [{00D44D10-2C56-46B0-A56C-B33ED02FFF3F}] => (Allow) D:\HRY\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe (Valve Corp. -> THQ Inc.) [File not signed]
FirewallRules: [{2F82D352-46C8-4DEA-9ED0-FDD6CC342B77}] => (Allow) D:\HRY\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe (Robot Entertainment) [File not signed]
FirewallRules: [{69F3FE05-F673-43D7-8AB8-A2F4E63CD879}] => (Allow) D:\HRY\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe (Robot Entertainment) [File not signed]
FirewallRules: [{8898ABC8-7456-49C2-B015-6098DBD04BFA}] => (Allow) D:\HRY\steamapps\common\Command and Conquer 3 - Kane's Wrath\RetailExe\1.2\cnc3ep1.dat (Electronic Arts Inc.) [File not signed]
FirewallRules: [{809992E4-88F1-4BEA-B9F0-94DB487C8EBB}] => (Allow) D:\HRY\Command and Conquer Generals Zero Hour\Generals.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{EA5E99DC-64BB-40FC-9AD1-8141676FF493}] => (Allow) D:\HRY\Command and Conquer Generals Zero Hour\Generals.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{A79C77AA-0360-4F4B-A57D-542CC9B6FB3F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9432BE69-3AD6-4D57-875A-A86ABE10935D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BFA56697-6F7A-458A-8D9A-DDCBBB76B9C6}] => (Allow) D:\HRY\steamapps\common\Saints Row 2\SR2_pc.exe () [File not signed]
FirewallRules: [{D7C1BE44-FA19-4FC3-AB00-1843730886C7}] => (Allow) D:\HRY\steamapps\common\Saints Row 2\SR2_pc.exe () [File not signed]
FirewallRules: [{3D19D3A9-DBAC-4468-B14C-AFECA1B24C73}] => (Allow) D:\HRY\steamapps\common\Cold Waters\ColdWaters.exe () [File not signed]
FirewallRules: [{5C954189-308B-4B39-9FDC-C7AB82D6B2E4}] => (Allow) D:\HRY\steamapps\common\Cold Waters\ColdWaters.exe () [File not signed]
FirewallRules: [{D30AB1A8-FB8D-42F5-B1CA-781AA751A52A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B7E15778-B5B1-4437-89C2-5401D8659196}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{14296721-9FD1-4EF9-94CB-E891C7221B47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{30FCB741-979C-4A0A-A19F-8404F2BB989A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DA8B050E-38BB-4FC6-B9CA-2141D4A9914A}] => (Allow) D:\HRY\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{A60CAF2F-4A53-4157-A42C-FE8D786BB47E}] => (Allow) D:\HRY\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{E3CB2697-FA1F-4375-9611-493E70AD9E9D}] => (Allow) D:\HRY\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [{011E547E-E0DB-480A-A7C4-076C9D65850A}] => (Allow) D:\HRY\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [{EB1B876C-C770-4AA4-86B2-8C77837E8255}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{5E8299F3-6091-468E-9EFB-1606B23F05B7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{7F39B699-BDA0-4127-96CC-6416856FDAB7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{33D6E6EE-2F29-4246-BDE8-85F758677343}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{0118BA5D-D380-4D3E-B063-A4997BCDEBB6}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{CE005323-C758-48F8-8825-DD581E007A80}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{9C534DDE-4776-4828-AB1E-F38996378846}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{50AF5C79-174C-4D7C-A4F0-28D26C3AB401}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{3980CE3E-FA16-4A0A-96AB-DF69EAD57962}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{D8D786E5-FE25-4843-8BF8-F45EAB7F420A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{DF7593E4-287F-4659-9931-8DCA52809ED1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{07E2F5B3-4F0E-4062-BE23-39899365158A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{8C781B50-6301-4222-B1BF-8CC1E40B8145}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{7024ACC5-CC9C-462F-BFA8-E389F154C5DE}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{09E39962-22EA-4F6F-8052-C780BAF63B48}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{2B85A9A9-3CC4-4A7E-A880-2D6275422AA1}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{505EA097-06EE-49BB-B4B5-99487077F678}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{EEBC81DA-BFF2-4253-A8FE-CCA1A3F8EABA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{44F04193-2377-453A-B51A-0CD654CC23AB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{4AEB021D-50D1-4631-B49F-FCF6D9F4D099}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{EA69104A-ED7A-455B-8714-60C17065EDB4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )
FirewallRules: [{FA5AF73C-65D0-4FA3-BE50-493EC64754CD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> )

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:167.68 GB) (Free:46.72 GB) (28%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2020 11:18:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 11:16:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba

Error: (01/15/2020 11:13:56 PM) (Source: MsiInstaller) (EventID: 11920) (User: POCITAC)
Description: Produkt: Microsoft Office Professional Plus 2010 – Chyba 1920Službu Office Software Protection Platform (osppsvc) nelze spustit. Přesvědčte se, zda máte dostatečná oprávnění ke spouštění systémových služeb.

Error: (01/15/2020 11:13:12 PM) (Source: MsiInstaller) (EventID: 11920) (User: POCITAC)
Description: Produkt: Microsoft Office Professional Plus 2010 – Chyba 1920Službu Office Software Protection Platform (osppsvc) nelze spustit. Přesvědčte se, zda máte dostatečná oprávnění ke spouštění systémových služeb.

Error: (01/15/2020 11:10:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 11:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2020 11:01:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst soubor registru tříd.
PODROBNOSTI – Nespecifikovaná chyba

Error: (01/15/2020 10:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/15/2020 11:16:30 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (01/15/2020 11:13:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby stisvc s argumenty za účelem spuštění serveru:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/15/2020 11:12:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (01/15/2020 11:08:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/15/2020 11:08:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby WSearch s argumenty za účelem spuštění serveru:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/15/2020 11:08:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby EventSystem s argumenty za účelem spuštění serveru:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/15/2020 11:08:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění POCITACe nebo systému se nezdařilo:
BHDrvx64
ccSet_NGC
discache
eeCtrl
IDSVia64
snapman
spldr
SRTSPX
SymIRON
SymNetS
VBoxUSBMon
Wanarpv6
wpCtrlDrv_NGC
XQHDrv

Error: (01/15/2020 11:08:04 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F15 08/22/2012
Motherboard: Gigabyte Technology Co., Ltd. Z77X-D3H
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 39%
Total physical RAM: 16344.04 MB
Available physical RAM: 9855.43 MB
Total Virtual: 16342.18 MB
Available Virtual: 8830.44 MB

==================== Drives ================================

Drive c: (DISK - HLAVNÍ) (Fixed) (Total:167.68 GB) (Free:46.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DISK - DATOVÝ) (Fixed) (Total:1863.01 GB) (Free:1405.45 GB) NTFS
Drive g: (ACRONIS) (Removable) (Total:7.31 GB) (Free:6.86 GB) FAT32


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 167.7 GB) (Disk ID: 82DB8BD8)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=167.7 GB) - (Type=42)
Partition 3: (Not Active) - (Size=24 KB) - (Type=42)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E2FDD4AB)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=1863 GB) - (Type=42)
Partition 3: (Not Active) - (Size=1024 KB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 7.3 GB) (Disk ID: 7D307545)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0B)

==================== End of Addition.txt =======================



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2020
Ran by UZIVATEL (administrator) on POCITAC (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (16-01-2020 15:54:23)
Running from D:\STAHOVÁNÍ
Loaded Profiles: UZIVATEL (Available Profiles: UZIVATEL)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(O and O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Stardock Corporation -> Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe
(Stardock Corporation) [File not signed] C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\Norton Secure VPN.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Secure VPN\client\VPNService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.19.9.63\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.19.9.63\NortonSecurity.exe
(TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA Technologies Inc. -> VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2000-01-01] (VIA Technologies Inc. -> VIA)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [824240 2019-09-23] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2000-01-01] (VIA Technologies Inc. -> VIA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5048456 2019-11-19] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2019-08-18] (Acronis International GmbH -> Acronis International GmbH)
HKU\S-1-5-21-2256836906-727358072-4034569923-1000\...\Run: [SurfEasy] => C:\Program Files (x86)\Norton Secure VPN\client\Norton Secure VPN.exe [12645912 2019-08-16] (Symantec Corporation -> Symantec Corporation)
HKU\S-1-5-21-2256836906-727358072-4034569923-1000\...\MountPoints2: {43ebf8b5-fa23-11e5-bac8-902b3457a26f} - J:\Lenovo_Suite.exe
HKU\S-1-5-21-2256836906-727358072-4034569923-1000\...\MountPoints2: {5e66acac-bb57-11e5-bf79-902b3457a26f} - J:\Lenovo_Suite.exe
HKU\S-1-5-21-2256836906-727358072-4034569923-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\MATRIX~1.SCR [3013120 2009-02-09] (KellySoftware) [File not signed]
HKLM\Software\...\AppCompatFlags\Custom\S4Editor.exe: [{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb] -> GOG.com The Settlers 4 GOLD
HKLM\Software\...\AppCompatFlags\Custom\S4_Main.exe: [{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb] -> GOG.com The Settlers 4 GOLD
HKLM\Software\...\AppCompatFlags\InstalledSDB\{ff2cad6c-eb68-4e98-88d7-49887440affb}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb [2013-07-16]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BootExecute: autocheck autochk * OODBS

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019A6E17-8DBF-4111-91C2-E3E0284A8404} - System32\Tasks\Core Temp Autostart UZIVATEL => C:\Program Files (x86)\CoreTemp64\Core Temp.exe
Task: {075D3228-1CC2-4B74-B23A-A24B58FE45C0} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {152C35F3-F403-462C-BC10-F170CCE28208} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd -> Piriform Ltd)
Task: {1F4CF79F-68AE-43A4-85EB-51156BA93B91} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28A6B923-DD83-49E8-BE3A-098C25B3BBA2} - \AutoKMS -> No File <==== ATTENTION
Task: {3C27908B-EAB1-42ED-83E5-CE31ABD37945} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4BDF68E3-8DEA-45C5-BE72-7D0777F091ED} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4D6CB823-7B7B-4F01-A13F-4978731410B4} - System32\Tasks\{E296ADF9-21A6-4CBD-A446-7DC7435EF168} => C:\Windows\system32\pcalua.exe -a D:\STAHOVÁNÍ\pbsetup\pbsetup.exe -d D:\STAHOVÁNÍ\pbsetup
Task: {5552BD62-3BF6-44FD-9617-ED89396C0F56} - System32\Tasks\Monitor => C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe [2688976 2016-07-22] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {5B885529-A489-4A02-9F97-650EB153988E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [1929344 2019-11-16] (Symantec Corporation -> Symantec Corporation)
Task: {6900B5CB-9AA6-49F1-ACDC-9D9E5FA0D5D9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F759563-7C22-48B0-8F20-09FDEAB02A79} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {748DBC43-5ECE-4F5F-A3D7-CEE5536A0B68} - System32\Tasks\{5A3DCA3D-DB69-4BD0-BC55-FF75A176EF50} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Task: {7FEA1564-3987-4137-A669-5F80EB3B8FD9} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2107904 2016-07-12] (TODO: <Company name>) [File not signed]
Task: {90F48346-A2C0-47FC-8900-5C203B088923} - System32\Tasks\{21B258D7-A021-4F9B-8033-5D01D5279A08} => C:\Windows\system32\pcalua.exe -a "D:\STAHOVÁNÍ\Smart Technology 7_0_27_13 32bit.exe" -d D:\STAHOVÁNÍ
Task: {A3469726-7E21-48F6-8C2E-E1EDBC3A7D2A} - System32\Tasks\{37DF938E-593B-4498-AF1A-4612E13CA34B} => C:\Windows\system32\pcalua.exe -a D:\STAHOVÁNÍ\RJ126309_trial\MinaGameTrial20140402\oalinst.exe -d D:\STAHOVÁNÍ\RJ126309_trial\MinaGameTrial20140402
Task: {A8CA95C8-8E19-411F-BCD2-8451E3A96326} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.19.9.63\SymErr.exe [116392 2019-11-16] (Symantec Corporation -> Symantec Corporation)
Task: {AA115E23-9C05-4CB6-8C8D-9C40FBE88D3F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B19FA1A8-D16A-4A82-AB2E-B97B670EF5CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-05] (Google Inc -> Google Inc.)
Task: {B84722C7-88C4-4010-914E-41BF52751B74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-05] (Google Inc -> Google Inc.)
Task: {BB88A6B8-FB40-40B4-94A8-04E3D72D5CD4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1D72E45-B6EA-42CE-9C2F-EE6FFBA1D229} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.19.9.63\WSCStub.exe [570768 2019-11-16] (Symantec Corporation -> Symantec Corporation)
Task: {C3DC9EFD-C5C8-4EF8-8C8D-ACDE92BBA446} - System32\Tasks\GoogleUpdateTaskMachineUA1cef1d67cf17eca => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-05] (Google Inc -> Google Inc.)
Task: {C5901215-450E-45AF-8DDE-861184C10A29} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C9D093B8-4E04-4904-9AC0-3808891805CC} - System32\Tasks\{0A2F1D2E-79AB-408E-BCF0-90093B705E93} => D:\STAHOVÁNÍ\WinDlg_v1_29\setup.exe [590248 2015-06-15] (Western Digital Corporation ) [File not signed]
Task: {DA4EB1CF-DD8C-4C3A-A1FC-231D935BA51B} - System32\Tasks\{21131132-754C-4012-BCEC-2D307FDA2A66} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d "D:\HRY\steamapps\common\Zeno Clash 2" -c /quiet /norestart /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WISA7E07C2B2220441587E3784D5814BC93_8_09_04.MSI" WISE_SETUP_EXE_PATH="D:\HRY\steamapps\common\Zeno Clash 2\_CommonRedist\PhysX\8.09.04\Ph (the data entry has 31 more characters).
Task: {DF7566F8-EE1E-4C61-B139-CC88BB8E9299} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.19.9.63\SymErr.exe [116392 2019-11-16] (Symantec Corporation -> Symantec Corporation)
Task: {E4F9A5E0-5F05-462B-962F-030381810366} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1BD3CD6-F846-4433-AF3A-7AE85615363B} - System32\Tasks\{141A2F04-440E-47A1-AC5C-FEBE6BAF07C2} => C:\Program Files (x86)\Western Digital Corporation\Data Lifeguard Diagnostic for Windows\WinDlg.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{E9F285FC-67D9-4C0E-BFB8-E9038963DC48}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2256836906-727358072-4034569923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.19.9.63\coIEPlg.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH -> pdfforge GmbH)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.19.9.63\coIEPlg.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.19.9.63\coIEPlg.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH -> pdfforge GmbH)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.19.9.63\coIEPlg.dll [2019-11-16] (Symantec Corporation -> Symantec Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\UZIVATEL\AppData\Roaming\Mozilla\Firefox\Profiles\ppa0te1i.default-1451487046360 [2020-01-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-10-12] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @4game.com/plugin -> C:\Program Files (x86)\4game\3.2.0.214\npplugin4game.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default [2020-01-16]
CHR DownloadDir: D:\STAHOVÁNÍ
CHR Extension: (Norton Password Manager) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2020-01-02]
CHR Extension: (Disk Google) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-13]
CHR Extension: (Dark Theme for Google™) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apiabgjfojnkcepfmbdechlhfocpeenc [2020-01-05]
CHR Extension: (YouTube) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-13]
CHR Extension: (Tampermonkey) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-12-12]
CHR Extension: (Norton Safe Web) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2020-01-05]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-27]
CHR Extension: (Morpheon Dark) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2019-12-02]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2019-12-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-17]
CHR Profile: C:\Users\UZIVATEL\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10316304 2019-08-18] (Acronis International GmbH -> )
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1916824 2019-11-18] (Acronis International GmbH -> )
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.19.9.63\NortonSecurity.exe [227296 2019-11-16] (Symantec Corporation -> Symantec Corporation)
R2 NortonWiFiPrivacy; C:\Program Files (x86)\Norton Secure VPN\client\VPNService.exe [6471192 2019-08-16] (Symantec Corporation -> Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2555760 2012-11-01] (O and O Software GmbH -> O&O Software GmbH)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2347824 2019-09-04] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3222320 2019-09-04] (Electronic Arts, Inc. -> Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH -> pdfforge GmbH)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-10-28] (Even Balance, Inc. -> )
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7095824 2019-08-18] (Acronis International GmbH -> Acronis International GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2000-01-01] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.19.9.63\Definitions\BASHDefs\20200107.003\BHDrvx64.sys [1952136 2019-12-10] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1613090.03F\ccSetx64.sys [193392 2019-11-16] (Symantec Corporation -> Symantec Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-15] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-15] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-10-08] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154288 2020-01-12] (Symantec Corporation -> Symantec Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2018-07-01] (Echobit, LLC -> Echobit, LLC)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [687768 2020-01-15] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [390592 2020-01-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 gdrv; no ImagePath
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppdbulkio.sys [22040 2011-10-10] (Hewlett-Packard Company -> Hewlett Packard)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.19.9.63\Definitions\IPSDefs\20200115.061\IDSvia64.sys [1451016 2019-12-17] (Symantec Corporation -> Symantec Corporation)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows (R) Codename Longhorn DDK provider)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech -> Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech -> Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2020-01-15] (Malwarebytes Corporation -> Malwarebytes)
U5 NortonSecureVPN; C:\Program Files (x86)\Norton Secure VPN\client\VPNService.exe [6471192 2019-08-16] (Symantec Corporation -> Symantec Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 pmserenum; C:\Windows\System32\DRIVERS\pmserenum.sys [35328 2012-12-09] (Microsoft Windows Hardware Compatibility Publisher -> PenMount Touch Solutions)
S3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Mad Catz Inc -> Saitek)
S3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Mad Catz Inc -> Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Madcatz Europe Ltd -> Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Madcatz Europe Ltd -> Saitek)
S3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Mad Catz Inc -> Saitek)
S3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Mad Catz Inc -> Saitek)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2013-01-27] (Synaptics Incorporated -> Synaptics Incorporated)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1613090.03F\SRTSP64.SYS [889008 2019-11-16] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1613090.03F\SRTSPX64.SYS [50864 2019-11-16] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1613090.03F\SYMEFASI64.SYS [1963400 2019-11-16] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-12-17] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.19.9.63\SymPlatform\SymEvnt.sys [712368 2020-01-15] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1613090.03F\Ironx64.SYS [316656 2019-11-16] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1613090.03F\symnets.sys [573448 2019-11-16] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\Windows\System32\DRIVERS\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
S3 tib; C:\Windows\System32\DRIVERS\tib.sys [883256 2020-01-15] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [171968 2020-01-15] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [693768 2020-01-15] (Acronis International GmbH -> Acronis International GmbH)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2016-11-14] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
S3 VGPU; no ImagePath
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2206864 2000-01-01] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [330176 2020-01-15] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2020-01-15] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1613090.03F\wpCtrlDrv.sys [1012120 2019-11-16] (Symantec Corporation -> Symantec Corporation)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [253384 2016-11-14] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
S3 ALSysIO; \??\C:\Users\FILIPS~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\SDSDefs\20161217.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.1.14\Definitions\SDSDefs\20161217.001\EX64.SYS [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-16 15:54 - 2020-01-16 15:54 - 000000000 ____D C:\FRST
2020-01-16 15:51 - 2020-01-16 15:51 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2020-01-15 23:08 - 2020-01-15 23:08 - 000092948 _____ C:\Windows\ntbtlog.txt
2020-01-15 22:50 - 2020-01-15 22:50 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-01-15 21:18 - 2020-01-15 21:18 - 000000207 _____ C:\Windows\tweaking.com-regbackup-POCITAC-Windows-7-Professional-(64-bit).dat
2020-01-15 21:18 - 2020-01-15 21:18 - 000000000 ____D C:\RegBackup
2020-01-15 20:40 - 2020-01-15 20:40 - 000687768 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_protector.sys
2020-01-15 20:40 - 2020-01-15 20:40 - 000371144 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2020-01-15 20:40 - 2020-01-15 20:40 - 000330176 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\virtual_file.sys
2020-01-15 20:40 - 2020-01-15 20:40 - 000171968 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2020-01-15 20:40 - 2020-01-15 20:40 - 000001218 _____ C:\Users\Public\Desktop\Acronis True Image.lnk
2020-01-15 20:40 - 2020-01-15 20:40 - 000001218 _____ C:\ProgramData\Desktop\Acronis True Image.lnk
2020-01-15 16:06 - 2020-01-03 04:42 - 004061624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2020-01-15 16:06 - 2020-01-03 04:42 - 003967416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2020-01-15 16:06 - 2020-01-03 04:41 - 001320248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2020-01-15 16:06 - 2020-01-03 04:38 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 005553888 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-15 16:06 - 2020-01-03 04:37 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-01-15 16:06 - 2020-01-03 04:37 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-01-15 16:06 - 2020-01-03 04:37 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2020-01-15 16:06 - 2020-01-03 04:37 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:37 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:36 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-01-15 16:06 - 2020-01-03 04:35 - 001671296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 001010688 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:33 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:10 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2020-01-15 16:06 - 2020-01-03 04:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2020-01-15 16:06 - 2020-01-03 04:05 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2020-01-15 16:06 - 2020-01-03 04:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2020-01-15 16:06 - 2020-01-03 04:05 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2020-01-15 16:06 - 2020-01-03 04:04 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2020-01-15 16:06 - 2020-01-03 04:04 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2020-01-15 16:06 - 2020-01-03 04:04 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2020-01-15 16:06 - 2020-01-03 04:04 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2020-01-15 16:06 - 2020-01-03 04:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2020-01-15 16:06 - 2020-01-03 04:02 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2020-01-15 16:06 - 2020-01-03 04:02 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:02 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:02 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:02 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2020-01-15 16:06 - 2020-01-03 04:01 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2020-01-15 16:06 - 2020-01-03 04:01 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2020-01-15 16:06 - 2020-01-03 04:00 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2020-01-15 16:06 - 2020-01-03 03:57 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2020-01-15 16:06 - 2020-01-03 03:57 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-01-15 16:06 - 2020-01-03 03:57 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2020-01-15 16:06 - 2020-01-03 03:57 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2020-01-15 16:06 - 2020-01-03 03:57 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-01-15 16:06 - 2020-01-03 03:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2020-01-15 16:06 - 2020-01-03 03:55 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-01-15 16:06 - 2020-01-03 03:55 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2020-01-15 16:06 - 2020-01-03 03:55 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2020-01-15 16:06 - 2020-01-03 03:55 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2020-01-15 16:06 - 2020-01-03 03:55 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2020-01-15 16:06 - 2020-01-03 03:55 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2020-01-15 16:06 - 2020-01-03 03:55 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2020-01-15 16:06 - 2019-12-31 04:04 - 000492032 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2020-01-15 16:06 - 2019-12-12 04:35 - 000271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-01-15 16:06 - 2019-12-12 04:34 - 000253952 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2020-01-15 16:06 - 2019-12-12 04:28 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-01-15 16:06 - 2019-12-12 04:28 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll
2020-01-15 16:06 - 2019-12-12 04:27 - 000284160 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2020-01-15 16:06 - 2019-12-12 04:07 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2020-01-15 16:06 - 2019-12-12 04:07 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2020-01-15 16:06 - 2019-12-10 10:36 - 000375008 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2020-01-15 16:06 - 2019-12-10 09:38 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2020-01-15 16:06 - 2019-12-10 09:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 002319360 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000583168 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000295424 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000191488 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\wiatrace.dll
2020-01-15 16:06 - 2019-12-10 09:32 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2020-01-15 16:06 - 2019-12-10 09:23 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2020-01-15 16:06 - 2019-12-10 09:22 - 000428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-01-15 16:06 - 2019-12-10 09:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2020-01-15 16:06 - 2019-12-10 09:22 - 000093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2020-01-15 16:06 - 2019-12-10 09:22 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2020-01-15 16:06 - 2019-12-10 09:22 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2020-01-15 16:06 - 2019-12-10 09:22 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiatrace.dll
2020-01-15 16:06 - 2019-12-10 09:22 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2020-01-15 16:06 - 2019-12-10 09:17 - 006136320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-01-15 16:06 - 2019-12-10 09:17 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-01-15 16:06 - 2019-12-10 09:16 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2020-01-15 16:06 - 2019-12-10 09:16 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-01-15 16:06 - 2019-12-10 09:16 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2020-01-15 16:06 - 2019-12-10 09:16 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2020-01-15 16:06 - 2019-12-10 09:16 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2020-01-15 16:06 - 2019-12-10 09:15 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-01-15 16:06 - 2019-12-10 09:15 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2020-01-15 16:06 - 2019-12-10 09:14 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2020-01-15 16:06 - 2019-12-10 09:01 - 003233280 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-01-15 16:06 - 2019-12-10 08:56 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2020-01-15 16:06 - 2019-12-10 07:17 - 007084032 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-01-15 16:05 - 2019-12-31 03:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-01-15 16:05 - 2019-12-31 03:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-01-12 20:31 - 2020-01-13 18:26 - 000015627 _____ C:\Users\UZIVATEL\Desktop\PC2.xlsx
2020-01-06 17:44 - 2020-01-06 17:44 - 000001009 _____ C:\Users\UZIVATEL\Desktop\HEROINE.lnk
2020-01-06 17:43 - 2020-01-06 17:43 - 000001185 _____ C:\Users\UZIVATEL\Desktop\HEROINE BOX.lnk
2020-01-05 19:42 - 2020-01-05 19:42 - 000002996 _____ C:\Windows\system32\Tasks\{5A3DCA3D-DB69-4BD0-BC55-FF75A176EF50}
2020-01-05 19:41 - 2020-01-05 19:55 - 000000000 ____D C:\Users\UZIVATEL\AppData\LocalLow\Mozilla
2020-01-05 19:41 - 2020-01-05 19:41 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\Thunderbird
2020-01-05 19:41 - 2020-01-05 19:41 - 000000000 ____D C:\Users\UZIVATEL\AppData\Local\Thunderbird
2019-12-27 16:03 - 2019-12-27 16:03 - 000000847 _____ C:\Users\UZIVATEL\AppData\Local\recently-used.xbel
2019-12-17 20:03 - 2019-12-17 20:03 - 000000000 ____D C:\Users\UZIVATEL\AppData\Local\cache
2019-12-17 20:02 - 2019-12-17 20:02 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2019-12-17 20:01 - 2020-01-16 15:47 - 000000000 ____D C:\Users\UZIVATEL\AppData\Local\Norton Secure VPN
2019-12-17 20:01 - 2020-01-15 23:16 - 000000000 ____D C:\ProgramData\VPNService
2019-12-17 20:01 - 2019-12-17 20:01 - 000000000 ____D C:\ProgramData\Norton Secure VPN
2019-12-17 20:01 - 2019-12-17 20:01 - 000000000 ____D C:\Program Files (x86)\Norton Secure VPN
2019-12-17 20:00 - 2020-01-02 19:00 - 000002332 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-12-17 20:00 - 2020-01-02 19:00 - 000002332 _____ C:\ProgramData\Desktop\Norton Security.lnk
2019-12-17 20:00 - 2020-01-02 19:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-12-17 20:00 - 2019-12-17 20:00 - 000099848 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2019-12-17 20:00 - 2019-12-17 20:00 - 000008616 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2019-12-17 20:00 - 2019-12-17 20:00 - 000003206 _____ C:\Windows\system32\Tasks\Norton WSC Integration
2019-12-17 20:00 - 2019-12-17 20:00 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2019-12-17 20:00 - 2019-12-17 20:00 - 000000000 ____D C:\Program Files\Norton Security
2019-12-17 20:00 - 2019-12-17 20:00 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-16 15:50 - 2010-11-21 10:27 - 000684312 _____ C:\Windows\system32\perfh005.dat
2020-01-16 15:50 - 2010-11-21 10:27 - 000146726 _____ C:\Windows\system32\perfc005.dat
2020-01-16 15:50 - 2009-07-14 06:13 - 001617992 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-16 15:50 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2020-01-16 15:48 - 2017-09-21 20:26 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-16 15:47 - 2009-07-14 05:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-16 15:47 - 2009-07-14 05:45 - 000028336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-15 23:17 - 2012-12-09 19:33 - 000108192 _____ C:\Users\UZIVATEL\AppData\Local\GDIPFONTCACHEV1.DAT
2020-01-15 23:16 - 2012-12-10 06:52 - 001189232 _____ C:\Windows\system32\oodbs.lor
2020-01-15 23:16 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-15 23:16 - 2009-07-14 05:45 - 000408648 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-15 23:14 - 2010-11-21 10:38 - 000000000 ____D C:\Windows\ShellNew
2020-01-15 23:14 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-01-15 23:14 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2020-01-15 23:14 - 2009-07-14 03:34 - 000000764 _____ C:\Windows\win.ini
2020-01-15 23:09 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\System
2020-01-15 23:00 - 2017-10-17 00:25 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\discord
2020-01-15 23:00 - 2015-02-26 21:25 - 000000000 ____D C:\Program Files (x86)\Steam
2020-01-15 22:47 - 2012-12-09 20:04 - 000000000 ____D C:\ProgramData\TEMP
2020-01-15 22:39 - 2013-12-27 19:25 - 000000000 ____D C:\Users\UZIVATEL\Documents\Soubory aplikace Outlook
2020-01-15 21:32 - 2014-06-02 10:10 - 000000000 ____D C:\Users\UZIVATEL\AppData\Local\CrashDumps
2020-01-15 21:32 - 2014-01-09 13:38 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\MPC-HC
2020-01-15 20:40 - 2018-02-09 23:37 - 000883256 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2020-01-15 20:40 - 2018-02-09 23:37 - 000693768 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tnd.sys
2020-01-15 20:40 - 2018-02-09 23:37 - 000390592 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2020-01-15 20:40 - 2018-02-09 23:37 - 000243472 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\volume_tracker.sys
2020-01-15 20:40 - 2018-02-09 23:36 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
2020-01-15 17:01 - 2013-08-06 16:02 - 000000000 ____D C:\Windows\system32\MRT
2020-01-15 16:57 - 2012-12-09 20:09 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-15 16:56 - 2013-05-02 16:16 - 001592706 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-01-13 18:34 - 2019-06-27 00:29 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\HeroineRumble
2020-01-11 10:59 - 2015-04-15 00:36 - 000000000 ____D C:\Users\UZIVATEL\AppData\Local\ElevatedDiagnostics
2020-01-08 22:42 - 2015-03-05 21:27 - 000002237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-07 18:12 - 2019-05-18 23:35 - 000000000 ____D C:\dumps
2020-01-05 19:41 - 2014-03-17 18:57 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\Mozilla
2020-01-05 19:40 - 2019-12-07 14:30 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\qBittorrent
2020-01-01 01:23 - 2014-06-09 01:07 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\GHISLER
2019-12-28 00:49 - 2019-11-30 19:33 - 000030246 _____ C:\Users\UZIVATEL\Desktop\Fleet mail chain.txt
2019-12-27 16:03 - 2013-06-26 02:28 - 000000000 ____D C:\Users\UZIVATEL\.gimp-2.8
2019-12-17 20:30 - 2015-12-10 14:56 - 000000000 ____D C:\Program Files\Common Files\AV
2019-12-17 20:02 - 2014-01-09 11:42 - 000000000 ____D C:\Users\UZIVATEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2019-12-17 20:02 - 2014-01-09 11:42 - 000000000 ____D C:\ProgramData\Norton
2019-12-17 20:01 - 2014-01-09 11:44 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-12-17 19:58 - 2016-12-18 01:21 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2019-12-17 19:57 - 2014-01-09 11:42 - 000000000 ____D C:\Users\Public\Downloads\Norton

==================== Files in the root of some directories ========

2013-02-19 17:08 - 2012-12-21 17:08 - 000000032 ____R () C:\ProgramData\hash.dat
2018-05-16 21:01 - 2018-05-20 00:17 - 000000134 _____ () C:\Users\UZIVATEL\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2018-05-16 20:43 - 2018-05-20 00:17 - 000000443 _____ () C:\Users\UZIVATEL\AppData\Roaming\CSharpAnalytics-MeasurementSession
2013-07-07 16:30 - 2013-07-07 16:31 - 000000000 _____ () C:\Users\UZIVATEL\AppData\Roaming\FileIn.cns
2013-07-07 16:30 - 2013-07-07 16:31 - 000000000 _____ () C:\Users\UZIVATEL\AppData\Roaming\FileOut.cns
2013-05-02 16:22 - 2013-05-08 11:10 - 000063488 _____ () C:\Users\UZIVATEL\AppData\Roaming\RZR_0060711b4abaa431293eaf8f3a52.db
2013-08-08 16:17 - 2013-08-08 16:17 - 000001205 _____ () C:\Users\UZIVATEL\AppData\Local\CleanupUninstall.txt
2019-12-27 16:03 - 2019-12-27 16:03 - 000000847 _____ () C:\Users\UZIVATEL\AppData\Local\recently-used.xbel
2013-01-16 01:27 - 2016-02-18 00:05 - 000007609 _____ () C:\Users\UZIVATEL\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD. -> 0

LastRegBack: 2020-01-11 14:09
==================== End of FRST.txt ========================
Naposledy upravil(a) EI3ki dne 16 led 2020 18:14, celkem upraveno 1 x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Windows 7 - cmd.exe nefunguje

#11 Příspěvek od Rudy »

Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Re: Windows 7 - cmd.exe nefunguje

#12 Příspěvek od EI3ki »

Zde je log:
Jinak, cmd.exe pořád nejde. Nemohlo by to být tím connhost.exe ? Norton ten soubor myslím detekoval jako podezřelý a smazal ho. Nevěděl jsem jestli to má spojitost.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2020-01-15.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-16-2020
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 16
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\UŽIVATEL\AppData\Roaming\download Manager
Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SlimWare Utilities Inc
Deleted HKCU\Software\Sunisoft
Deleted HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RCHelper.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RCleaner.exe
Deleted HKLM\Software\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Deleted HKLM\Software\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Deleted HKLM\Software\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Deleted HKLM\Software\Wow6432Node\Sunisoft
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\SMBarBroker.EXE
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{9254C72A-294B-BFDF-ACFA-A7E8A56FF865}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\RCHelper.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\RCleaner.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2765 octets] - [16/01/2020 16:19:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Windows 7 - cmd.exe nefunguje

#13 Příspěvek od Rudy »

Pokud byl soubor antivirem smazán, nemůže již nijak škodit. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

EI3ki
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 15 říj 2014 20:24

Re: Windows 7 - cmd.exe nefunguje

#14 Příspěvek od EI3ki »

ten soubor byl smazán na začátku tohoto všeho (asi jsem to mohl zmínit na začátku thread). A myslím si že tím to odstartovalo tento problém s cmd.
Potřebujete i tak nový log?
Norton ho tuším nesmazal protože by byl infikovaný, ale protože byl prostě podezřelý. Nebo jsem to asi smazal já když jsem vybíral co se souborem, už přesně nevím. Tento connhost na mě vyběhnul hned po poslední aktualizaci win 7, nikdy jsem ho neviděl, nevěděl jsem že by mohl tohle způsobit.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Windows 7 - cmd.exe nefunguje

#15 Příspěvek od Rudy »

Potřebuji, rád bych PC dočistil. Pokud ten soubor poškodil systém, pak je možné, že byl opravdu infikovaný. Také nyní vidím poprvé, že by tento infikovaný soubor poškodil cmd.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět