VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Preventívka

https://forum.viry.cz:443/viewtopic.php?t=157087

Stránka 1 z 1

Preventívka

Napsal: 24 dub 2020 14:52
od To3@s
Ahojky,
prosím pekne o kontrolu :)
Ďakujem. :worship:

Re: Preventívka

Napsal: 28 dub 2020 01:39
od Conder
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Spustit skenovani a pockaj na dokoncenie
  • V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
  • V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
  • Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede

Re: Preventívka

Napsal: 28 dub 2020 14:41
od To3@s
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-28-2020
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [28/04/2020 15:32:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Preventívka

Napsal: 28 dub 2020 23:15
od Conder
OK, poprosim o obidva nove logy z FRST.

Re: Preventívka

Napsal: 29 dub 2020 14:26
od To3@s
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2020
Ran by casyo (29-04-2020 15:25:58)
Running from C:\Users\casyo\OneDrive\Počítač
Windows 10 Pro Version 1909 18363.592 (X64) (2019-12-26 21:28:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1237953686-2037993472-3780050099-500 - Administrator - Disabled)
casyo (S-1-5-21-1237953686-2037993472-3780050099-1001 - Administrator - Enabled) => C:\Users\casyo
DefaultAccount (S-1-5-21-1237953686-2037993472-3780050099-503 - Limited - Disabled)
Guest (S-1-5-21-1237953686-2037993472-3780050099-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1237953686-2037993472-3780050099-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.1021.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.1021.1 - GIGABYTE)
Ascension Launcher 1.23 (HKLM\...\{58D22CF7-EECE-433A-B4B3-A268FF8487B1}_is1) (Version: 1.23 - Project Ascension)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.19.1205.1 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.19.1205.1 - GIGABYTE)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.0.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{B380DBDE-BA95-481B-92E9-52F2E5E84F24}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{adbc3d98-57f2-4d68-b155-138f8fb0f73d}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM\...\{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.00.04 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{26b207d1-1f37-4df9-8b3f-aeebbca6bb85}) (Version: 1.00.04 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EVE Online (HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\{c89a9a4c-3f2a-416b-8562-dc662532bdd5}) (Version: 1.0.4 - CCP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProplusRetail - sk-sk) (Version: 16.0.12624.20466 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation)
NVIDIA Grafický ovládač 445.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 445.75 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.38.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.26 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20466 - Microsoft Corporation) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.04 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{ebb7013c-0b03-497c-bed1-1e48e806a593}) (Version: 1.00.04 - Patriot Memory)
qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.20.0330.2 - GIGABYTE)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.19.0304.1 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.19.0304.1 - GIGABYTE)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sweet Home 3D version 6.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.2 - eTeks)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Wraith Prism Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_SR4) (Version: 1.18 - AMD Wraith)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-27] (Microsoft Corporation) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.15.9.0_x64__8wekyb3d8bbwe [2020-04-28] (Microsoft Studios)
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-12-26] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-12-26] (Realtek Semiconductor Corp)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_469.2003.9001.0_x64__8wekyb3d8bbwe [2020-04-28] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\nvshext.dll [2020-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-04-24 19:55 - 2018-03-11 14:13 - 000082944 _____ () [File not signed] C:\Program Files (x86)\AMD Wraith\Wraith Prism\HidDevice.dll
2019-06-25 16:12 - 2019-06-25 16:12 - 001864192 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2019-08-05 19:50 - 2019-08-05 19:50 - 000009216 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\Phison.dll
2019-10-26 13:04 - 2019-10-26 13:04 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-10-26 13:04 - 2019-10-26 13:04 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-09-09 16:29 - 2019-09-09 16:29 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2019-09-09 16:30 - 2019-09-09 16:30 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2019-09-09 16:30 - 2019-09-09 16:30 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2020-01-15 15:40 - 2020-01-15 15:40 - 000185856 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\yccV2.dll
2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\yccV2.dll
2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\yccV2.DLL
2019-12-09 17:27 - 2019-12-09 17:27 - 000289792 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVBIOSLib.dll
2019-10-29 09:26 - 2019-10-29 09:26 - 000445952 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVDisplay.dll
2018-09-11 19:53 - 2018-09-11 19:53 - 000237056 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvIllumLib.dll
2020-03-13 06:49 - 2020-03-13 06:49 - 002057216 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACPCIeSSD_Lib.dll
2020-03-13 06:49 - 2020-03-13 06:49 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACSSD_Lib.dll
2018-04-03 15:22 - 2018-04-03 15:22 - 000053248 _____ (MS) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\MSIO32.dll
2015-10-14 01:15 - 2015-10-14 01:15 - 002042368 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll
2019-07-04 18:06 - 2019-07-04 18:06 - 001988608 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GbtNvGpuLib.dll
2017-10-05 15:26 - 2017-10-05 15:26 - 002247168 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\CRtive.dll
2018-12-08 08:22 - 2018-12-08 08:22 - 002059264 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GHidApi.dll
2020-01-16 21:13 - 2020-01-16 21:13 - 000441344 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll
2020-01-22 15:11 - 2020-01-22 15:11 - 002107392 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SMBCtrl.dll
2017-07-24 16:36 - 2017-07-24 16:36 - 000481792 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\casyo\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\casyo\ntuser.ini:NTV [10284]
AlternateDataStreams: C:\Users\casyo\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\casyo\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wp3073532-fallout-76-wallpapers.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F4AEA4BD-58C9-4C4B-B029-596A7609D07A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{014A379F-7490-4217-AA67-3135B595BF4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{803A7ACB-3F19-49AD-A1FB-69DB761A7335}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E8A25B59-9A44-4CD9-8D11-ECAF0B625EDA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E0762E3B-CC70-4723-B588-589EBB580370}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C9C8BD6E-AF43-42AF-A880-82929D65CB92}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{3680E4F3-F659-4E53-BC08-3F85BE5D19BE}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{628752D6-2430-41EF-B45B-F1B8CC06F679}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0D59BEAB-58C2-4E0A-A1F3-9B1D641AC339}] => (Allow) C:\Users\casyo\Downloads\bin\BlackDesert32.exe No File
FirewallRules: [{CB7DAD74-CC60-4E53-835A-AD0285850FFA}] => (Allow) C:\Users\casyo\Downloads\bin64\BlackDesert64.exe No File
FirewallRules: [{8A072788-1A5F-46C4-8FDE-F1E5AFE479F1}] => (Allow) C:\Users\casyo\Downloads\BlackDesert_Launcher.exe No File
FirewallRules: [{713FD71F-C538-4341-BAAB-657FCDB50101}] => (Allow) C:\Users\casyo\Downloads\BlackDesert_Downloader.exe No File
FirewallRules: [{5AF61810-08C6-4E6F-BA32-A91EBB6C47FC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{26E2E8C7-90A3-4B92-8CB1-144CD7E0CE24}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{86FC4C71-8E73-450B-9CC4-E0A84EFEAFCA}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{74C5124C-F777-4F23-A1ED-795FE504742C}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{4D884399-1BAC-43DB-884D-02FD43A91B91}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\bpreport.exe () [File not signed]
FirewallRules: [{0288CA71-AE2B-4065-B6D4-9753C8C144D7}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\bpreport.exe () [File not signed]
FirewallRules: [{23BA947E-9311-42F2-87CC-370658A9A814}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\win32\bpreport.exe (Gaijin Network LTD -> )
FirewallRules: [{D6D79668-E08B-4AA5-87F5-05CB6B6B7F67}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\win32\bpreport.exe (Gaijin Network LTD -> )
FirewallRules: [{1683D075-0B92-4541-A81E-6ABA78FE192B}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\gaijin_downloader.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{DBCD4880-192D-499C-8772-552F879FBC06}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\gaijin_downloader.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{F7E87E6A-6632-42E6-AAFD-6EE57702225F}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\win64\cuisine_royale.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{8091E49E-6E7B-449B-96EA-B0DED8B9E4FA}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\win64\cuisine_royale.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{2CB0F4AB-4D51-42E9-871B-E67E711BCCA5}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\win32\cuisine_royale.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{765E98E5-1B54-4E2D-947B-107E10ECCC84}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\win32\cuisine_royale.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{3660A716-A2AB-4A99-979C-A637C87524FD}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{F0B08012-7515-46C5-83AA-CC33E4E5A7BC}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\eac_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{03412F50-8671-470E-9180-DFE73258A59D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CBDBC75D-DFF6-427B-81A1-FA44C15D9EBE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FB160DE6-338B-41B5-A0CB-2CD68C86096A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{B9F6180F-657E-49A6-A5AC-3705E3705574}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{3CA58819-67D9-4FFC-AE10-962D7B2DEA72}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{6F69CF53-97EF-4C4B-9B06-FD52A3C41E19}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{5341C005-4DB2-4EFD-8672-32BFD720A780}C:\users\casyo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\casyo\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [UDP Query User{81FA6E6F-160B-4EBB-BA80-9A63C44AAE8E}C:\users\casyo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\casyo\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{F6884471-8B32-4337-A5FB-3757E16E30E4}D:\program files\epic games\subnauticabelowzero\subnauticazero.exe] => (Allow) D:\program files\epic games\subnauticabelowzero\subnauticazero.exe No File
FirewallRules: [UDP Query User{A42A317D-5CAC-4F6B-BC60-AC35F95F15EF}D:\program files\epic games\subnauticabelowzero\subnauticazero.exe] => (Allow) D:\program files\epic games\subnauticabelowzero\subnauticazero.exe No File
FirewallRules: [TCP Query User{4DE79272-DC0A-4AF9-B311-400C9CDAACFC}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe] => (Block) D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe No File
FirewallRules: [UDP Query User{93D2B798-3D30-4904-B7AF-2EFE329FF1D3}D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe] => (Block) D:\program files\epic games\dauntless\archon\binaries\win64\dauntless-win64-shipping.exe No File
FirewallRules: [TCP Query User{88698CDD-6AF0-4C6D-9AF8-8AB4BFCE9F0D}D:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe] => (Allow) D:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe No File
FirewallRules: [UDP Query User{3645765D-C03F-4E4D-8FC8-10B19A3C6AA1}D:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe] => (Allow) D:\games\state of decay 2 - juggernaut edition\stateofdecay2\binaries\win64\stateofdecay2-win64-shipping.exe No File
FirewallRules: [TCP Query User{1D5E9EE6-A76D-498C-840E-D9882489B45A}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [UDP Query User{0010D4FB-2F0B-4C04-85FE-671AC3F65D06}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File
FirewallRules: [{3C8D85CF-75AA-4545-96EF-6DC3125A5D7B}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\eacsteamlauncher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{3B591279-2C19-4A52-A25A-78393896D72B}] => (Allow) D:\SteamLibrary\steamapps\common\Cuisine Royale\eacsteamlauncher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{0A0D48B9-3F1A-4DE3-8796-C032B6C3A9F3}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{EE165868-D957-4A86-AB41-48289CD252CB}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{99FAF58D-1714-4137-ACB5-C86933E81EC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{039ADC5E-B043-4634-92C7-65172B19B87E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{080A72CE-687D-4AC1-9085-B25F812BB5C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B2BD09DD-1FB3-4C2B-B716-400A68E18280}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{21F5ADB4-AF83-46F1-90E5-1F783F34C2B6}D:\program files\ascension launcher\ascension launcher.exe] => (Allow) D:\program files\ascension launcher\ascension launcher.exe (Project Ascension) [File not signed]
FirewallRules: [UDP Query User{0BD302ED-0D31-4BDA-BB7F-0598A5C3A8DD}D:\program files\ascension launcher\ascension launcher.exe] => (Allow) D:\program files\ascension launcher\ascension launcher.exe (Project Ascension) [File not signed]
FirewallRules: [{FB6C8FCB-8CB2-497B-BB3F-F649716979A7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{43B7B895-6BBB-442E-9F39-4E4CADCD862B}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{005628B1-6F77-4422-8D18-CD3D85514548}] => (Allow) LPort=9009
FirewallRules: [{F0045EAA-6707-4F20-95B9-0E51415AEA2B}] => (Allow) LPort=9009
FirewallRules: [{7CB4D3AD-5969-4377-99A1-17BD264A7608}] => (Allow) LPort=9009
FirewallRules: [{41DEC968-98A3-4F0C-96AD-5BFEC8D3CA75}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

14-04-2020 12:32:29 Windows Update
16-04-2020 16:21:21 Installed Microsoft PowerPoint Viewer
19-04-2020 16:14:17 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127
19-04-2020 16:14:25 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127
23-04-2020 18:10:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
24-04-2020 19:54:53 Installed RGB Fusion.
28-04-2020 19:35:02 Installed Minecraft Launcher

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/27/2020 07:53:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x16d0
Čas spustenia chybujúcej aplikácie: 0x01d61cbc5ac15465
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 3beef3b1-868e-4d38-8c8c-8e6de749f810
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (04/25/2020 10:25:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x2dcc
Čas spustenia chybujúcej aplikácie: 0x01d61adaaf87ee53
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 7dc6ffbb-9951-4b07-bcda-5dfab2bec484
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (04/21/2020 08:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x1b9c
Čas spustenia chybujúcej aplikácie: 0x01d6180a3f384487
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 74748123-c952-471b-ab34-b4964d08d49f
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (04/19/2020 03:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x1540
Čas spustenia chybujúcej aplikácie: 0x01d6164ee68c5d74
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: d36d5cfd-10a7-45be-abe2-3859519332e5
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (04/18/2020 12:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x148c
Čas spustenia chybujúcej aplikácie: 0x01d61569b585f434
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 2a8d8975-e448-457a-ab6a-9246bcfde08c
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (04/16/2020 07:00:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: Fallout76.exe, verzia: 1.3.0.23, časová značka: 0x5e8bc121
Názov chybujúceho modulu: Fallout76.exe, verzia: 1.3.0.23, časová značka: 0x5e8bc121
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000009f3073
Identifikácia chybujúceho procesu: 0x3220
Čas spustenia chybujúcej aplikácie: 0x01d6140dc40f25e0
Cesta chybujúcej aplikácie: D:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe
Cesta chybujúceho modulu: D:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe
Identifikácia hlásenia: 49a3d24a-2747-4b62-9220-5b32ecff2fb7
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (04/15/2020 04:39:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x3344
Čas spustenia chybujúcej aplikácie: 0x01d613332f1c2594
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 36098356-0969-463a-ad4b-d9c2bae23639
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (04/14/2020 11:08:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x3a00
Čas spustenia chybujúcej aplikácie: 0x01d61248033ff27c
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 3aab113a-f78e-4316-9665-503a91bbfbe5
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Modules Installer sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 6000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EasyTune Engine sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Gservice sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba LGHUB Updater Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 5000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (04/28/2020 03:32:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 6000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


Windows Defender:
===================================
Date: 2020-04-18 14:10:15.534
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FB76A88E-4CDE-4F89-A1C8-B92859D21DD5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-13 22:00:50.182
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7E525F4A-B04D-41A0-AE05-08B30FE09815}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-05 00:39:38.951
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {77DE40D9-536D-4224-B871-68703846E46A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-27 11:02:27.175
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A890B781-88CB-4132-8769-7CF01FCDD84D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2020-04-03 11:44:36.499
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 11:44:36.286
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 11:44:35.151
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 11:44:31.948
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 11:44:31.178
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 11:44:29.332
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 11:44:27.666
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 10:16:49.023
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Webzen\Mu\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F2 08/08/2018
Motherboard: Gigabyte Technology Co., Ltd. B450 AORUS PRO-CF
Processor: AMD Ryzen 7 2700X Eight-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 16332.23 MB
Available physical RAM: 12057.81 MB
Total Virtual: 20172.23 MB
Available Virtual: 13197.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.5 GB) (Free:377.48 GB) NTFS
Drive d: () (Fixed) (Total:1863 GB) (Free:1266.49 GB) NTFS

\\?\Volume{d1fc455a-1f56-45f3-b20a-0e7d52d3ef3d}\ (Obnovenie) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{6a00fe6b-6c1f-4c54-a157-cf3e7c5375dd}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Re: Preventívka

Napsal: 29 dub 2020 14:27
od To3@s
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2020
Ran by casyo (administrator) on DESKTOP-FOMQ4FQ (Gigabyte Technology Co., Ltd. B450 AORUS PRO) (29-04-2020 15:25:14)
Running from C:\Users\casyo\OneDrive\Počítač
Loaded Profiles: casyo (Available Profiles: casyo)
Platform: Windows 10 Pro Version 1909 18363.592 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Cooler Master) [File not signed] C:\Program Files (x86)\AMD Wraith\Wraith Prism\Wraith Prism HID.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\Check_Kill.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\RGBFusion.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <2>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM-x32\...\Run: [Wraith Prism] => C:\Program Files (x86)\AMD Wraith\Wraith Prism\Wraith Prism HID.exe [1899520 2019-05-03] (Cooler Master) [File not signed]
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM-x32\...\RunOnce: [SelLed] => C:\Program Files (x86)\GIGABYTE\RGBFusion\RunLed.exe [50096 2019-04-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3371296 2020-04-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31740816 2020-04-15] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [25294848 2019-12-18] () [File not signed]
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [71464072 2020-04-19] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\MountPoints2: {9cd64be0-5c58-11ea-b623-e0d55eaeb3a8} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-29] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {043D8736-8543-4451-B7B5-311D5223350E} - System32\Tasks\SIV-VGA => C:\Program Files (x86)\GIGABYTE\SIV\sensord.exe [253872 2019-02-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {09A75FA6-FBB5-478C-8644-D476DFB1C523} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0A2E2CB8-B66E-4C2D-BFA2-679394DFAB08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {136C7C5B-2DBA-4058-8418-43805F48FCAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-26] (Google LLC -> Google LLC)
Task: {1F5A794D-9A07-4832-B113-F602808A9032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-26] (Google LLC -> Google LLC)
Task: {25183294-28B0-4687-9EF2-CF79EDBFCB07} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {545B138B-FAAB-4B3E-9A01-AFA028914BD0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5687C941-8B13-46F7-A48F-0C214AC1AB74} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F8190C8-2C3A-462D-9EBD-3B31CE6AFA0C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6147496 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {61F37D05-DC30-4D1E-8AAB-9758C9196800} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {681A631F-1F4F-4CB0-B193-59A0A643A0BD} - System32\Tasks\SIV => C:\Program Files (x86)\GIGABYTE\SIV\thermald.exe [426416 2019-02-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {7097F11C-4959-4746-81A9-00359888257D} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {70B0A23F-AC0C-4E0C-8FB3-679D4BFB6E5D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {746AF089-DE51-40F8-B02B-802E1536F63D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85784B9A-11DD-42BB-A87E-C892E2C830A6} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {90BC28E4-49DE-492C-9237-8E13BE30EB33} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngineStarter.exe [227328 2019-11-21] (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed]
Task: {9221D25D-7BD5-43A3-9EB8-BB847370FD3F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9394CC59-19A2-4B0A-99AB-9983FBF2140A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {99636600-2E11-45AE-A900-8D8281F33F84} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {A85B68DC-574A-4019-89D5-56A97447B9AE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3293168 2020-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AD0F4056-924E-48F7-B5CB-911405A07A2D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C26B901B-E152-4C22-9C50-8C66BB3EF4D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7FAE392-6E17-46EC-9E31-8271729EBB5F} - System32\Tasks\LiquidSensord => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\LiquidSensord.exe [245760 2019-11-21] (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed]
Task: {D1CE6666-47DB-4FAE-9D47-AFE77734F24E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DD440347-BD02-4E1A-BADC-F6516030FB5F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E264876D-DBF9-402B-9DD0-9DE0617445FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {E55F9284-1C40-4E74-BFE4-00B56176E060} - System32\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {EA2DA249-CB78-4CC5-B0A5-A4B80B4362A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6147496 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA548544-050E-41AA-9D76-17CF45D1231F} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0A49708-A188-4C83-879D-EF86D12F54F0} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 178.18.67.3 8.8.8.8
Tcpip\..\Interfaces\{5e9dd8cc-a698-4852-962d-1f9159a71ca7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5e9dd8cc-a698-4852-962d-1f9159a71ca7}: [DhcpNameServer] 192.168.88.1 178.18.67.3 8.8.8.8

Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1237953686-2037993472-3780050099-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-10] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default [2020-04-29]
CHR Notifications: Default -> hxxps://chat.g2g.com
CHR Extension: (Prezentácie) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-26]
CHR Extension: (Dokumenty) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-26]
CHR Extension: (Disk Google) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-26]
CHR Extension: (YouTube) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-26]
CHR Extension: (Tabuľky) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-26]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-20]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-14]
CHR Extension: (Search AliExpress by Image) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocnlahnjacckbiffghcopjfbifdjocj [2020-03-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-26]
CHR Extension: (Gmail) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-04-15] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-03-28] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [143072 2019-12-05] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [128944 2019-02-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB/lghub_updater.exe [10131080 2020-04-19] (Logitech Inc -> Logitech, Inc.)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2020-01-11] (Mail.Ru LLC -> LLC Mail.Ru)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8102192 2019-05-12] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [119808 2019-11-21] (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed]
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [46040 2019-10-30] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24528 2019-04-18] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [32520 2019-09-17] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [138064 2019-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriver; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\AMD\Ryzen\AMDRyzenMasterDriver.sys [70432 2019-06-04] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 dump_wmimmc; D:\Program Files (x86)\Webzen\Mu\GameGuard\dump_wmimmc.sys [2471096 2020-04-03] (INCA Internet Co.,Ltd. -> )
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [19968 2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-04-24] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [18432 2019-12-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\47127\driver_cpu_temperature\logi_core_temp.sys [25448 2020-04-19] (Logitech Inc. -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2019-12-31] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [20624 2019-12-31] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2019-12-31] (Logitech Inc -> Logitech)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2020-01-11] (Mail.Ru LLC -> LLC Mail.Ru)
R3 MSIO; C:\Program Files (x86)\GIGABYTE\RGBFusion\msio64.sys [25616 2018-02-12] (MICSYS Technology Co., Ltd. -> )
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\nvlddmkm.sys [23439288 2020-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2020-04-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 UcmCxUcsiNvppc; C:\Windows\System32\drivers\UcmCxUcsiNvppc.sys [715680 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2719256 2020-03-01] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-28 20:43 - 2020-04-28 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2020-04-28 19:35 - 2020-04-28 20:44 - 000000000 ____D C:\Users\casyo\AppData\Roaming\.minecraft
2020-04-28 19:21 - 2020-04-28 19:21 - 000000000 ____D C:\Users\casyo\AppData\Local\ElevatedDiagnostics
2020-04-28 15:31 - 2020-04-28 15:32 - 000000000 ____D C:\AdwCleaner
2020-04-25 08:16 - 2020-04-28 20:47 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2020-04-25 08:11 - 2020-04-25 08:40 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-04-25 08:11 - 2020-04-25 08:14 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2020-04-25 08:11 - 2020-04-25 08:11 - 000000000 ____D C:\Windows\SysWOW64\directx
2020-04-25 08:11 - 2020-04-25 08:11 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2020-04-25 08:11 - 2020-04-25 08:11 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2020-04-24 20:13 - 2020-04-24 20:13 - 000003384 _____ C:\Windows\system32\Tasks\SIV-VGA
2020-04-24 20:13 - 2020-04-24 20:13 - 000003378 _____ C:\Windows\system32\Tasks\SIV
2020-04-24 20:12 - 2020-04-24 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2020-04-24 20:12 - 2020-04-24 20:13 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2020-04-24 20:12 - 2020-04-24 20:12 - 000003478 _____ C:\Windows\system32\Tasks\GraphicsCardEngine
2020-04-24 20:12 - 2020-04-24 20:12 - 000003442 _____ C:\Windows\system32\Tasks\LiquidSensord
2020-04-24 20:12 - 2015-06-02 10:50 - 000005120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\acpimof_ocpanel.dll
2020-04-24 20:05 - 2020-04-24 20:08 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-04-24 20:05 - 2020-04-24 20:05 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2020-04-24 19:55 - 2020-04-24 20:13 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2020-04-24 19:55 - 2020-04-24 19:55 - 000081172 _____ C:\Windows\uninsWraith Prism.dat
2020-04-24 19:55 - 2020-04-24 19:55 - 000032600 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv2.sys
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\Users\casyo\OneDrive\Documents\temp
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\Users\casyo\AppData\Roaming\AMD Wraith
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AORUS
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Wraith
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\Program Files\Patriot
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\Program Files\ENE
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\Program Files (x86)\ENE
2020-04-24 19:55 - 2020-04-24 19:55 - 000000000 ____D C:\Program Files (x86)\AMD Wraith
2020-04-24 19:55 - 2019-10-17 11:36 - 000019968 _____ C:\Windows\system32\Drivers\ene.sys
2020-04-24 19:55 - 2018-07-27 08:57 - 006177792 _____ (AMD Wraith) C:\Windows\uninsWraith Prism.exe
2020-04-24 19:54 - 2020-04-24 20:12 - 000000000 ____D C:\Users\casyo\AppData\Local\Downloaded Installations
2020-04-24 15:49 - 2020-04-29 15:25 - 000000000 ____D C:\FRST
2020-04-24 15:48 - 2020-04-29 15:24 - 000000000 ____D C:\Program Files\trend micro
2020-04-24 15:48 - 2020-04-24 15:48 - 000000000 ____D C:\rsit
2020-04-23 18:11 - 2020-04-23 18:16 - 000000000 ____D C:\Users\casyo\AppData\Roaming\projectascension
2020-04-23 18:10 - 2020-04-23 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascension Launcher
2020-04-23 18:10 - 2020-04-23 18:10 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Ascension Launcher
2020-04-20 12:34 - 2020-04-20 15:10 - 1728899190 _____ C:\Users\casyo\Downloads\SuperStar VI (10. díl) - (19.4.2020).avi
2020-04-19 18:46 - 2020-04-19 18:47 - 000000000 ____D C:\ProgramData\LogiShrd
2020-04-19 16:15 - 2020-04-29 15:19 - 000000000 ____D C:\Users\casyo\AppData\Local\LGHUB
2020-04-19 16:15 - 2020-04-19 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2020-04-19 16:15 - 2020-04-19 16:15 - 000000000 ____D C:\ProgramData\LGHUB
2020-04-19 16:15 - 2020-04-19 16:15 - 000000000 ____D C:\Program Files\LGHUB
2020-04-16 16:21 - 2020-04-16 16:21 - 000002559 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2020-04-16 16:21 - 2020-04-16 16:21 - 000000000 ____D C:\Program Files (x86)\MSECache
2020-04-15 16:36 - 2020-03-17 05:57 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-04-15 16:36 - 2020-03-17 05:56 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-04-15 14:58 - 2020-04-15 14:58 - 000000000 ____D C:\Windows\system32\Tasks\S-1-5-21-1237953686-2037993472-3780050099-1001
2020-04-15 08:52 - 2020-04-15 08:52 - 000000000 ____D C:\Users\casyo\AppData\Local\Fallout76
2020-04-03 11:54 - 2020-04-03 11:54 - 000000000 ____D C:\Users\casyo\OneDrive\Documents\EVE
2020-04-03 11:38 - 2020-04-03 11:38 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE Launcher
2020-04-03 11:38 - 2020-04-03 11:38 - 000000000 ____D C:\Users\casyo\AppData\Local\LauncherCrashes
2020-04-03 11:38 - 2020-04-03 11:38 - 000000000 ____D C:\Users\casyo\AppData\Local\CCP
2020-04-01 19:07 - 2020-04-01 19:07 - 000000000 ____D C:\Users\casyo\AppData\Roaming\com.wurmonline.client.launcherfx.WurmMain

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-29 15:22 - 2019-12-26 23:39 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-29 15:20 - 2019-12-27 11:39 - 000000000 ____D C:\Users\casyo\AppData\Roaming\qBittorrent
2020-04-29 15:19 - 2019-12-31 17:00 - 000000000 ____D C:\Users\casyo\AppData\Roaming\LGHUB
2020-04-29 15:19 - 2019-12-26 23:36 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-28 20:44 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-28 20:32 - 2019-12-26 23:35 - 000000000 ____D C:\Users\casyo\AppData\Local\PlaceholderTileLogoFolder
2020-04-28 20:32 - 2019-12-26 23:32 - 000000000 ____D C:\Users\casyo\AppData\Local\Packages
2020-04-28 20:32 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-28 20:32 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\AppReadiness
2020-04-28 20:16 - 2019-12-26 23:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-28 19:29 - 2019-12-26 23:40 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-28 18:57 - 2019-12-26 23:33 - 000795992 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-28 18:57 - 2019-03-19 06:50 - 000000000 ____D C:\Windows\INF
2020-04-28 18:51 - 2019-12-26 23:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-28 18:50 - 2019-12-26 23:33 - 000051501 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-04-28 18:50 - 2019-12-26 23:33 - 000020258 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-04-28 18:50 - 2019-12-26 23:33 - 000014325 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-04-28 18:50 - 2019-03-19 06:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-28 17:13 - 2019-12-26 23:35 - 000011798 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-04-28 15:33 - 2019-12-26 23:43 - 000001209 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-04-28 15:33 - 2019-12-26 23:27 - 000450544 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-27 20:09 - 2019-12-27 17:43 - 000000000 ____D C:\Users\casyo\AppData\Roaming\vlc
2020-04-27 19:54 - 2019-03-19 06:37 - 000000000 ____D C:\Windows\CbsTemp
2020-04-25 08:14 - 2019-12-27 00:01 - 000000000 ____D C:\Users\casyo\AppData\Local\D3DSCache
2020-04-24 20:13 - 2019-12-27 15:35 - 000014005 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1
2020-04-24 20:12 - 2019-12-26 23:39 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-23 19:33 - 2019-12-26 23:30 - 000000000 ____D C:\Users\casyo
2020-04-23 08:51 - 2019-12-27 20:49 - 000010433 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1
2020-04-21 22:08 - 2019-12-27 19:52 - 000011440 _____ C:\ProgramData\DisplaySessionContainer4.log_backup1
2020-04-20 18:15 - 2019-12-26 23:35 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1237953686-2037993472-3780050099-1001
2020-04-20 18:15 - 2019-12-26 23:35 - 000000000 ___RD C:\Users\casyo\OneDrive
2020-04-20 18:15 - 2019-12-26 23:30 - 000002355 _____ C:\Users\casyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-19 23:11 - 2019-12-28 03:25 - 000013022 _____ C:\ProgramData\DisplaySessionContainer6.log_backup1
2020-04-19 15:35 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-04-19 15:34 - 2020-01-26 18:32 - 000000000 ____D C:\Program Files\Microsoft Office
2020-04-16 19:00 - 2020-01-30 18:40 - 000000000 ____D C:\Users\casyo\AppData\Local\CrashDumps
2020-04-16 16:21 - 2020-01-26 18:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-04-16 13:43 - 2019-12-29 02:50 - 000011801 _____ C:\ProgramData\DisplaySessionContainer7.log_backup1
2020-04-15 08:53 - 2019-12-28 19:27 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-28 19:27 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-28 19:27 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-28 19:27 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-26 23:39 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-26 23:39 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-26 23:39 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-26 23:39 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-26 23:39 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-26 23:39 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-15 08:53 - 2019-12-26 23:39 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-04-15 08:53 - 2019-12-26 23:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-04-15 08:53 - 2019-12-26 23:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-04-15 08:52 - 2019-12-27 00:51 - 000000000 ____D C:\Users\casyo\OneDrive\Documents\My Games
2020-04-12 21:54 - 2020-01-04 02:24 - 000013006 _____ C:\ProgramData\DisplaySessionContainer17.log_backup1
2020-04-11 19:43 - 2020-01-02 16:50 - 000014326 _____ C:\ProgramData\DisplaySessionContainer14.log_backup1
2020-04-10 19:37 - 2019-12-31 03:34 - 000014006 _____ C:\ProgramData\DisplaySessionContainer11.log_backup1
2020-04-09 18:12 - 2020-03-23 23:14 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-04-07 19:58 - 2019-12-26 23:39 - 002799416 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-04-07 19:58 - 2019-12-26 23:39 - 002159592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-04-07 19:58 - 2019-12-26 23:39 - 001314792 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-04-07 19:52 - 2019-12-29 15:58 - 000011448 _____ C:\ProgramData\DisplaySessionContainer8.log_backup1
2020-04-02 09:48 - 2019-12-27 00:31 - 000744808 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-04-02 01:58 - 2020-01-04 12:55 - 000011430 _____ C:\ProgramData\DisplaySessionContainer18.log_backup1
2020-03-31 22:29 - 2020-01-03 19:04 - 000013989 _____ C:\ProgramData\DisplaySessionContainer16.log_backup1
2020-03-31 18:50 - 2020-01-03 02:06 - 000009642 _____ C:\ProgramData\DisplaySessionContainer15.log_backup1
2020-03-30 16:10 - 2020-01-02 02:45 - 000006623 _____ C:\ProgramData\DisplaySessionContainer13.log_backup1
2020-03-30 01:13 - 2019-12-31 17:40 - 000013987 _____ C:\ProgramData\DisplaySessionContainer12.log_backup1

==================== Files in the root of some directories ========

2019-12-27 15:59 - 2019-12-27 15:59 - 000000003 _____ () C:\Users\casyo\AppData\Local\updater.log
2019-12-27 15:59 - 2019-12-27 15:59 - 000000424 _____ () C:\Users\casyo\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Preventívka

Napsal: 29 dub 2020 22:11
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
File: C:\Program Files\qBittorrent\qbittorrent.exe

Toolbar: HKU\S-1-5-21-1237953686-2037993472-3780050099-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  No File
AlternateDataStreams: C:\Users\casyo\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\casyo\ntuser.ini:NTV [10284]
AlternateDataStreams: C:\Users\casyo\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
FirewallRules: [{0D59BEAB-58C2-4E0A-A1F3-9B1D641AC339}] => (Allow) C:\Users\casyo\Downloads\bin\BlackDesert32.exe No File
FirewallRules: [{CB7DAD74-CC60-4E53-835A-AD0285850FFA}] => (Allow) C:\Users\casyo\Downloads\bin64\BlackDesert64.exe No File
FirewallRules: [{8A072788-1A5F-46C4-8FDE-F1E5AFE479F1}] => (Allow) C:\Users\casyo\Downloads\BlackDesert_Launcher.exe No File
FirewallRules: [{713FD71F-C538-4341-BAAB-657FCDB50101}] => (Allow) C:\Users\casyo\Downloads\BlackDesert_Downloader.exe No File

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Preventívka

Napsal: 30 dub 2020 13:31
od To3@s
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2020
Ran by casyo (30-04-2020 14:29:03) Run:1
Running from C:\Users\casyo\OneDrive\Počítač
Loaded Profiles: casyo (Available Profiles: casyo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
File: C:\Program Files\qBittorrent\qbittorrent.exe

Toolbar: HKU\S-1-5-21-1237953686-2037993472-3780050099-1001 -> No Name - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - No File
AlternateDataStreams: C:\Users\casyo\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\casyo\ntuser.ini:NTV [10284]
AlternateDataStreams: C:\Users\casyo\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
FirewallRules: [{0D59BEAB-58C2-4E0A-A1F3-9B1D641AC339}] => (Allow) C:\Users\casyo\Downloads\bin\BlackDesert32.exe No File
FirewallRules: [{CB7DAD74-CC60-4E53-835A-AD0285850FFA}] => (Allow) C:\Users\casyo\Downloads\bin64\BlackDesert64.exe No File
FirewallRules: [{8A072788-1A5F-46C4-8FDE-F1E5AFE479F1}] => (Allow) C:\Users\casyo\Downloads\BlackDesert_Launcher.exe No File
FirewallRules: [{713FD71F-C538-4341-BAAB-657FCDB50101}] => (Allow) C:\Users\casyo\Downloads\BlackDesert_Downloader.exe No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Get-ChildItem : Access to the path 'C:\Users\casyo\AppData\Local\History' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\AppData\Local\History:String) [Get-ChildItem], Unautho
rizedAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\...che\Content.IE5:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\AppData\Local\Microsoft\Windows\Temporary Internet Files' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\... Internet Files:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\AppData\Local\Temporary Internet Files' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\... Internet Files:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Application Data' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Application Data:String) [Get-ChildItem], Unauthorized
AccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Cookies' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Cookies:String) [Get-ChildItem], UnauthorizedAccessExc
eption
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Documents\My Music' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Documents\My Music:String) [Get-ChildItem], Unauthoriz
edAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Documents\My Pictures' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Documents\My Pictures:String) [Get-ChildItem], Unautho
rizedAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Documents\My Videos' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Documents\My Videos:String) [Get-ChildItem], Unauthori
zedAccessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Local Settings' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Local Settings:String) [Get-ChildItem], UnauthorizedAc
cessException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\My Documents' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\My Documents:String) [Get-ChildItem], UnauthorizedAcce
ssException
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\NetHood' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\NetHood:String) [Get-ChildItem], UnauthorizedAccessExc
eption
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\PrintHood' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\PrintHood:String) [Get-ChildItem], UnauthorizedAccessE
xception
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Recent' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Recent:String) [Get-ChildItem], UnauthorizedAccessExce
ption
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\SendTo' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\SendTo:String) [Get-ChildItem], UnauthorizedAccessExce
ption
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Start Menu' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Start Menu:String) [Get-ChildItem], UnauthorizedAccess
Exception
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Get-ChildItem : Access to the path 'C:\Users\casyo\Templates' is denied.
At C:\FRST\tmp.ps1:1 char:1
+ Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Meas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\casyo\Templates:String) [Get-ChildItem], UnauthorizedAccessE
xception
+ FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Measure-Object : The property "Length" cannot be found in the input for any objects.
At C:\FRST\tmp.ps1:1 char:66
+ ... OFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Measure-Object], PSArgumentException
+ FullyQualifiedErrorId : GenericMeasurePropertyNotFound,Microsoft.PowerShell.Commands.MeasureObjectCommand

========= End of Powershell: =========


========================= File: C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe ========================

C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
File not signed
MD5: 9777CE1847281E82CD4B03EAB528803B
Creation and modification date: 2015-06-25 09:45 - 2015-06-25 09:45
Size: 000017920
Attributes: ----A
Company Name:
Internal Name: AdjustService.exe
Original Name: AdjustService.exe
Product: AdjustService
Description: AdjustService
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright: Copyright © 2014
VirusTotal: https://www.virustotal.com/file/eddf98a ... 587541930/

====== End of File: ======


========================= File: C:\Program Files\qBittorrent\qbittorrent.exe ========================

C:\Program Files\qBittorrent\qbittorrent.exe
File not signed
MD5: F75C9997727F378126E58071D584396E
Creation and modification date: 2019-12-18 01:28 - 2019-12-18 01:28
Size: 025294848
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/8e04258 ... 587754011/

====== End of File: ======

"HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF293C5A-9F37-49FD-91C4-2B867063FC54}" => removed successfully
C:\Users\casyo\Application Data => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
C:\Users\casyo\ntuser.ini => ":NTV" ADS removed successfully
"C:\Users\casyo\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D59BEAB-58C2-4E0A-A1F3-9B1D641AC339}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB7DAD74-CC60-4E53-835A-AD0285850FFA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A072788-1A5F-46C4-8FDE-F1E5AFE479F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{713FD71F-C538-4341-BAAB-657FCDB50101}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8937472 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 214029046 B
Java, Flash, Steam htmlcache => 170977264 B
Windows/system/drivers => 10124004 B
Edge => 1332205 B
Chrome => 508179908 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 20788 B
LocalService => 82228 B
NetworkService => 200244 B
casyo => 159516838 B

RecycleBin => 8140256 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:30:05 ====

Re: Preventívka

Napsal: 01 kvě 2020 22:41
od Conder
Vyzera to OK. Su s PC nejake problemy?

Re: Preventívka

Napsal: 02 kvě 2020 17:34
od To3@s
Nie, PC ide ako stroj.
Ďakujem, môžte /lock.

Re: Preventívka

Napsal: 02 kvě 2020 21:50
od Conder
:arrow: Tak este upraceme po pouzitych nastrojoch:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz