Chrome jsem vyčistil cache a cookies
LOGY Z FrSt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2018 02
Ran by MoonP (administrator) on LAPTOP-1C2633HD (11-02-2018 13:09:16)
Running from C:\Users\MoonP\Downloads
Loaded Profiles: MoonP (Available Profiles: MoonP)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHDCPSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe
(Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxEM.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_7\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.7.371.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => DEFENDER\MSASCUIL.EXE
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16779768 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-23] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3100456 2018-02-03] (Electronic Arts)
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\...\Policies\Explorer: []
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{caddd320-331b-473d-ba1d-b34d8572e02a}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{ed17c27f-4d6c-4c15-8ee8-3715c105e83e}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{fc385d9e-f380-4bfa-8522-0d589b30783f}: [DhcpNameServer] 192.168.179.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-07] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://encrypted.google.com"
CHR Profile: C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default [2018-02-11]
CHR Extension: (Slides) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-11]
CHR Extension: (Docs) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-11]
CHR Extension: (Google Drive) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-11]
CHR Extension: (YouTube) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-11]
CHR Extension: (Adblock Plus) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-11]
CHR Extension: (Sheets) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-11]
CHR Extension: (Angel Alliance) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhndggkkbanohpfnphfjccgblpgibjcg [2018-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-11]
CHR Extension: (Gmail) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\MoonP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-11]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-13] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968432 2018-01-30] (Microsoft Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] ()
S3 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [392032 2017-04-29] (Lenovo(beijing) Limited)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515752 2017-03-05] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-13] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-14] (Intel(R) Corporation)
R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-02] (Intel Corporation)
S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-02] (Intel Corporation)
S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-15] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-18] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-18] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-11-09] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728808 2017-12-20] (McAfee, Inc.)
U2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-29] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-29] (McAfee LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-29] (McAfee LLC)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2154816 2018-02-03] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3024712 2018-02-03] (Electronic Arts)
R2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [966496 2017-04-29] (Lenovo(beijing) Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [290904 2017-10-22] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-02-03] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-02-03] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BHTPCRDR; C:\WINDOWS\System32\drivers\bhtpcrdr.sys [173432 2016-08-11] (BayHubTech/O2Micro )
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77280 2017-10-19] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [46576 2017-04-29] (Lenovo(beijing) Limited)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [127480 2017-03-05] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [492512 2017-10-19] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355808 2017-10-19] (McAfee LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84016 2017-10-19] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [506336 2017-10-19] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [938464 2017-10-19] (McAfee LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115168 2017-10-19] (McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252896 2017-10-19] (McAfee LLC)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [7728136 2017-10-18] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_ed3ba3fb30d4dd86\nvlddmkm.sys [15607408 2017-10-20] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58680 2018-01-10] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-10-22] (Synaptics Incorporated)
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snp2uvcW10.sys [1709632 2016-10-05] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-02-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-02-03] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-02-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-11] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-11 13:09 - 2018-02-11 13:10 - 000021487 _____ C:\Users\MoonP\Downloads\FRST.txt
2018-02-11 13:09 - 2018-02-11 13:09 - 000000000 ____D C:\FRST
2018-02-11 13:08 - 2018-02-11 13:08 - 002404864 _____ (Farbar) C:\Users\MoonP\Downloads\FRST64.exe
2018-02-11 13:05 - 2018-02-11 13:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-11 12:00 - 2018-02-11 12:00 - 004492924 _____ C:\Users\MoonP\Downloads\texturepack___deep_down___by_silverdust_by_marevasart-db9a662.zip
2018-02-11 11:59 - 2018-02-11 11:59 - 000977204 _____ C:\Users\MoonP\Downloads\texturepack_019_silverdust_by_marevasart-dagbz1n.zip
2018-02-11 11:59 - 2018-02-11 11:59 - 000941223 _____ C:\Users\MoonP\Downloads\texturepack_020_silverdust_by_marevasart-dagwnvp.zip
2018-02-11 11:56 - 2018-02-11 11:56 - 012342652 _____ C:\Users\MoonP\Downloads\pack__texturas__recopilacin__by_porcelain_by_itsporcelain-d9bt01g.rar
2018-02-11 09:54 - 2018-02-11 09:52 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-02-11 09:38 - 2018-02-11 09:52 - 000245278 _____ C:\WINDOWS\ntbtlog.txt
2018-02-11 09:38 - 2018-02-11 09:38 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-11 09:11 - 2018-02-11 13:10 - 000077724 _____ C:\WINDOWS\ZAM.krnl.trace
2018-02-11 09:11 - 2018-02-11 13:10 - 000044069 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-02-11 09:11 - 2018-02-11 09:11 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-02-11 09:11 - 2018-02-11 09:11 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-02-11 09:11 - 2018-02-11 09:11 - 000000000 ____D C:\Users\MoonP\AppData\Local\Zemana
2018-02-11 09:11 - 2018-02-11 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-11 09:11 - 2018-02-11 09:11 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-11 09:10 - 2018-02-11 09:10 - 006625600 _____ (Zemana Ltd. ) C:\Users\MoonP\Downloads\Zemana.AntiMalware.Setup.exe
2018-02-10 13:02 - 2018-02-10 13:02 - 001314304 _____ C:\Users\MoonP\Downloads\zoek.exe
2018-02-10 13:02 - 2018-02-10 13:02 - 000000000 ____D C:\zoek_backup
2018-02-10 10:31 - 2018-02-11 12:14 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-02-10 10:30 - 2018-02-10 11:21 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-10 10:28 - 2018-02-10 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-02-10 10:28 - 2018-02-10 10:28 - 000000000 ____D C:\Program Files\RogueKiller
2018-02-09 20:20 - 2018-02-09 20:20 - 000000000 ____D C:\ProgramData\Sophos
2018-02-09 20:19 - 2018-02-09 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-02-09 20:19 - 2018-02-09 20:19 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-02-09 20:15 - 2018-02-09 20:17 - 191012744 _____ (Sophos Limited) C:\Users\MoonP\Downloads\Sophos Virus Removal Tool.exe
2018-02-08 20:05 - 2018-02-08 20:05 - 000000000 ____H C:\Users\MoonP\Documents\Default.rdp
2018-02-08 16:41 - 2018-02-08 16:41 - 001790024 _____ (Malwarebytes) C:\Users\MoonP\Downloads\JRT.exe
2018-02-07 21:13 - 2018-02-07 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-07 21:13 - 2018-02-07 21:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-07 21:13 - 2018-02-07 21:13 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-07 21:13 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-07 21:08 - 2018-02-11 12:11 - 000000000 ____D C:\AdwCleaner
2018-02-07 20:37 - 2018-02-07 20:48 - 008206624 _____ (Malwarebytes) C:\Users\MoonP\Downloads\AdwCleaner.exe
2018-02-07 19:51 - 2018-02-07 19:51 - 000448512 _____ (OldTimer Tools) C:\Users\MoonP\Downloads\TFC.exe
2018-02-07 16:21 - 2018-02-07 16:21 - 000000000 ____D C:\Users\MoonP\AppData\Local\Apple
2018-02-06 15:31 - 2018-02-06 15:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-02-06 15:31 - 2018-02-06 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-02-06 15:30 - 2018-02-06 15:30 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-02-06 15:29 - 2018-02-06 15:29 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-02-06 15:25 - 2018-02-06 15:26 - 000000000 ____D C:\WINDOWS\SHELLNEW
2018-02-06 15:25 - 2018-02-06 15:25 - 000000000 ____D C:\Users\MoonP\AppData\Local\Microsoft Help
2018-02-06 15:25 - 2018-02-06 15:25 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2018-02-06 15:25 - 2018-02-06 15:25 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-02-06 15:24 - 2018-02-06 15:29 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-06 15:24 - 2018-02-06 15:24 - 000000000 __RHD C:\MSOCache
2018-02-06 15:08 - 2018-02-06 15:08 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\Apple Computer
2018-02-06 15:05 - 2018-02-07 16:30 - 000000000 ____D C:\Users\MoonP\AppData\Local\VirtualStore
2018-02-04 09:21 - 2018-02-04 09:21 - 000000000 ____D C:\Users\MoonP\AppData\Local\ESET
2018-02-04 09:17 - 2018-02-04 09:17 - 004260984 _____ (ESET) C:\Users\MoonP\Downloads\eset_smart_security_premium_live_installer.exe
2018-02-03 17:26 - 2018-02-03 17:26 - 000000000 ____D C:\Users\MoonP\Documents\Electronic Arts
2018-02-03 17:08 - 2018-02-03 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2018-02-03 17:08 - 2018-02-03 17:08 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-02-03 17:08 - 2014-09-16 18:45 - 000447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2018-02-03 16:41 - 2018-02-11 13:08 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\Origin
2018-02-03 16:41 - 2018-02-03 16:47 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-02-03 16:41 - 2018-02-03 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-02-03 16:40 - 2018-02-03 16:40 - 000000000 ____D C:\Program Files (x86)\Origin
2018-02-03 16:39 - 2018-02-11 13:09 - 000000000 ____D C:\ProgramData\Origin
2018-02-03 16:39 - 2018-02-03 16:45 - 000000000 ____D C:\Users\MoonP\AppData\Local\Origin
2018-02-03 16:39 - 2018-02-03 16:39 - 000000000 ____D C:\Users\MoonP\.QtWebEngineProcess
2018-02-03 16:39 - 2018-02-03 16:39 - 000000000 ____D C:\Users\MoonP\.Origin
2018-02-03 16:29 - 2018-02-03 16:29 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-03 16:29 - 2018-02-03 16:29 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\Google
2018-02-03 16:28 - 2018-02-03 16:28 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 16:28 - 2018-02-03 16:28 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-03 16:12 - 2018-02-03 16:11 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-02-03 15:50 - 2018-02-03 15:52 - 000000000 ____D C:\Games
2018-02-03 13:35 - 2018-02-03 13:35 - 000000000 ____D C:\Users\MoonP\Documents\SimCity
2018-02-02 19:00 - 2018-02-02 19:21 - 484000295 _____ C:\Users\MoonP\Documents\GAME 3.mp4
2018-02-02 18:55 - 2018-02-02 18:56 - 018263344 _____ C:\Users\MoonP\Documents\Untitled.mp4
2018-02-02 18:14 - 2018-02-02 18:35 - 483172223 _____ C:\Users\MoonP\Documents\GUESS TWO.mp4
2018-02-02 16:35 - 2018-02-02 16:55 - 487438500 _____ C:\Users\MoonP\Documents\GUESSTHESONG.mp4
2018-02-02 15:04 - 2018-02-02 15:04 - 041959314 _____ C:\Users\MoonP\Downloads\Ma city live.mp4
2018-02-02 10:20 - 2018-02-02 10:31 - 000289118 _____ C:\Users\MoonP\Documents\yg.aep
2018-02-02 09:15 - 2018-02-02 09:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2018-02-02 09:15 - 2018-02-02 09:15 - 000000000 ____D C:\ProgramData\Apple Computer
2018-02-02 09:15 - 2018-02-02 09:15 - 000000000 ____D C:\Program Files (x86)\QuickTime
2018-02-02 09:11 - 2018-02-02 09:11 - 000000000 ____D C:\ProgramData\Apple
2018-02-02 09:10 - 2018-02-02 09:10 - 000000000 ____D C:\Users\MoonP\AppData\LocalLow\Apple Computer
2018-02-01 22:36 - 2018-02-01 22:36 - 000000000 ____D C:\Users\MoonP\Documents\Adobe
2018-02-01 22:15 - 2018-02-01 22:15 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-02-01 22:14 - 2018-02-01 22:14 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
2018-02-01 22:13 - 2018-02-01 22:13 - 000001607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2018-02-01 22:13 - 2018-02-01 22:13 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
2018-02-01 22:13 - 2018-02-01 22:13 - 000001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2018-02-01 22:13 - 2018-02-01 22:13 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-01 22:12 - 2018-02-01 22:14 - 000000000 ____D C:\Program Files\Adobe
2018-02-01 22:10 - 2018-02-01 22:13 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-02-01 22:06 - 2018-02-01 22:36 - 000000000 ____D C:\Users\MoonP\AppData\Local\Adobe
2018-02-01 22:06 - 2018-02-01 22:15 - 000000000 ____D C:\ProgramData\Adobe
2018-02-01 16:41 - 2018-02-01 16:41 - 000000000 ____D C:\Program Files (x86)\RouterKeygen
2018-01-30 17:25 - 2018-01-30 17:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2564185752-1118092260-3013568569-1001
2018-01-30 15:23 - 2018-01-30 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2018-01-30 15:23 - 2018-01-30 15:23 - 000000000 ____D C:\Program Files\Sweet Home 3D
2018-01-29 19:53 - 2018-02-02 18:35 - 000349936 _____ C:\Users\MoonP\Documents\Untitled.veg
2018-01-29 19:53 - 2018-02-02 18:14 - 000349936 _____ C:\Users\MoonP\Documents\Untitled.veg.bak
2018-01-28 16:03 - 2018-01-28 16:03 - 000000000 ____D C:\ProgramData\TopPlayList.NET
2018-01-28 14:58 - 2018-02-04 17:23 - 000114396 _____ C:\Users\MoonP\Documents\280118.sh3d
2018-01-27 12:14 - 2018-01-27 12:24 - 000000000 ____D C:\Program Files (x86)\R.G. Mechanics
2018-01-27 11:15 - 2018-02-03 15:59 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\uTorrent
2018-01-27 11:15 - 2018-01-27 11:16 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2018-01-27 09:41 - 2018-01-27 10:13 - 000000000 ____D C:\Program Files (x86)\Mr DJ
2018-01-27 09:40 - 2018-01-27 13:30 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-01-26 19:36 - 2018-01-26 19:36 - 000000000 ____D C:\Users\Public\Documents\Steam
2018-01-26 19:36 - 2018-01-26 19:36 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\.mono
2018-01-26 19:36 - 2018-01-26 19:36 - 000000000 ____D C:\ProgramData\.mono
2018-01-20 10:06 - 2018-02-02 13:24 - 000145792 _____ C:\Users\MoonP\Documents\bts.veg
2018-01-20 10:06 - 2018-02-02 13:20 - 000131296 _____ C:\Users\MoonP\Documents\bts.veg.bak
2018-01-19 18:02 - 2018-01-19 18:02 - 000026296 _____ C:\Users\MoonP\Documents\NexaBoldddd.otf
2018-01-19 17:53 - 2018-02-01 20:55 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\FontForge
2018-01-19 17:52 - 2018-01-19 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge
2018-01-19 17:52 - 2018-01-19 17:52 - 000000000 ____D C:\Program Files (x86)\FontForgeBuilds
2018-01-19 17:36 - 2012-07-20 19:20 - 000030388 _____ C:\Users\MoonP\Documents\Nexa Bold.otf
2018-01-18 17:11 - 2018-01-18 17:11 - 000000000 ____D C:\Users\MoonP\ansel
2018-01-17 16:56 - 2018-01-17 16:56 - 000040306 _____ C:\Users\MoonP\Documents\Příloha6.bak
2018-01-17 16:54 - 2018-01-17 16:59 - 000048918 _____ C:\Users\MoonP\Documents\Příloha6.dwg
2018-01-16 19:45 - 2018-01-16 19:45 - 000000000 ____D C:\Users\MoonP\Documents\My Games
2018-01-15 17:44 - 2018-01-15 17:44 - 000000000 ____D C:\BIOS
2018-01-14 09:44 - 2018-02-06 03:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-14 09:44 - 2018-02-06 03:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-13 15:28 - 2018-01-13 15:31 - 010795775 _____ C:\Users\MoonP\Documents\sugakookie zkouska.mp4
2018-01-13 13:21 - 2018-01-14 14:08 - 000564520 _____ C:\Users\MoonP\Documents\sugakookie.veg
2018-01-13 13:21 - 2018-01-14 13:43 - 000564232 _____ C:\Users\MoonP\Documents\sugakookie.veg.bak
2018-01-12 16:49 - 2018-01-11 21:47 - 000000241 ___SH C:\Users\Public\Libraries.ini
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-11 13:07 - 2017-12-24 19:56 - 000081904 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-02-11 13:06 - 2017-12-24 20:05 - 000000000 __SHD C:\Users\MoonP\IntelGraphicsProfiles
2018-02-11 13:05 - 2017-12-30 01:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-11 13:05 - 2017-08-25 05:34 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-11 13:04 - 2017-09-29 09:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-02-11 12:57 - 2017-12-30 00:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-11 12:14 - 2017-12-27 21:59 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\Adobe
2018-02-11 10:02 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-11 08:59 - 2017-12-30 01:12 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1976014-2984-468E-98B2-E9659A2E550F}
2018-02-10 18:24 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-10 12:10 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-10 12:02 - 2017-09-29 14:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-02-10 12:02 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-10 11:56 - 2017-08-25 05:08 - 000000000 ____D C:\Program Files\mcafee
2018-02-10 11:56 - 2017-08-25 05:07 - 000000000 ____D C:\ProgramData\McAfee
2018-02-10 11:56 - 2017-08-25 05:07 - 000000000 ____D C:\Program Files\Common Files\mcafee
2018-02-10 11:56 - 2017-08-25 05:07 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-02-10 11:16 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-02-09 21:16 - 2017-12-30 01:12 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-02-09 21:15 - 2017-12-29 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-02-09 20:18 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-08 19:16 - 2018-01-01 20:32 - 000000000 ____D C:\Users\MoonP\AppData\Local\ElevatedDiagnostics
2018-02-08 17:11 - 2017-12-25 16:13 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2018-02-08 16:30 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-08 16:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-02-08 13:37 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-08 13:36 - 2017-08-25 04:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-07 20:01 - 2017-12-30 00:31 - 005174816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-07 19:59 - 2017-12-30 00:49 - 000000000 ____D C:\Users\MoonP
2018-02-06 15:30 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-03 17:08 - 2017-08-25 05:27 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-03 16:29 - 2017-12-24 22:53 - 000000000 ____D C:\Users\MoonP\AppData\Local\Google
2018-02-03 16:28 - 2017-12-24 22:53 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 16:10 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-03 13:38 - 2017-12-30 01:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-02-03 11:41 - 2017-12-24 23:20 - 000000000 ____D C:\Users\MoonP\AppData\Local\CrashDumps
2018-02-01 22:37 - 2017-12-24 23:43 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-01 21:09 - 2018-01-11 17:14 - 000000132 _____ C:\Users\MoonP\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2018-01-30 20:34 - 2018-01-04 20:18 - 000000000 ____D C:\Users\MoonP\Documents\Jazyky
2018-01-30 19:55 - 2018-01-05 18:03 - 000000000 ____D C:\Users\MoonP\Documents\New folder
2018-01-24 20:39 - 2017-12-24 23:11 - 000000000 ____D C:\Users\MoonP\AppData\Roaming\.minecraft
2018-01-21 09:53 - 2017-12-25 13:51 - 000000000 ____D C:\ProgramData\Oracle
2018-01-21 09:46 - 2017-12-25 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-21 09:46 - 2017-12-25 14:17 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-21 09:43 - 2017-12-25 14:17 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-21 09:42 - 2017-12-30 08:49 - 000858312 _____ C:\WINDOWS\system32\perfh005.dat
2018-01-21 09:42 - 2017-12-30 08:49 - 000181926 _____ C:\WINDOWS\system32\perfc005.dat
2018-01-21 09:42 - 2017-12-30 01:10 - 002052842 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-21 09:26 - 2017-08-25 05:34 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-18 17:10 - 2017-12-30 01:12 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:10 - 2017-12-30 01:12 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:10 - 2017-12-30 01:12 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:10 - 2017-08-25 05:34 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-18 17:09 - 2017-12-30 01:12 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:09 - 2017-12-30 01:12 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:09 - 2017-12-30 01:12 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:09 - 2017-12-30 01:12 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:09 - 2017-12-30 01:12 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-18 17:09 - 2017-08-25 05:32 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-15 20:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-14 09:45 - 2017-12-24 23:08 - 000000000 ___RD C:\Users\MoonP\3D Objects
2018-01-14 09:45 - 2017-03-23 18:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-14 09:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-14 09:39 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-12 22:21 - 2017-12-30 09:26 - 000000000 ____D C:\Windows.old
2018-01-12 18:15 - 2018-01-04 20:18 - 000000000 ____D C:\Users\MoonP\Documents\Prezentace
2018-01-12 17:58 - 2017-12-25 23:51 - 000000000 ____D C:\Program Files\Epic Games
2018-01-12 16:46 - 2017-12-24 20:05 - 000000000 ____D C:\Users\MoonP\AppData\Local\NVIDIA Corporation
==================== Files in the root of some directories =======
2018-01-11 17:14 - 2018-02-01 21:09 - 000000132 _____ () C:\Users\MoonP\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
Some files in TEMP:
====================
2018-02-11 12:12 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\Users\MoonP\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-11 10:07
==================== End of FRST.txt ============================
Při zapnutí ntb chrome s ruskou stránkou Vyřešeno
Re: Při zapnutí ntb chrome s ruskou stránkou
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35
Re: Při zapnutí ntb chrome s ruskou stránkou
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 02
Ran by MoonP (11-02-2018 13:11:10)
Running from C:\Users\MoonP\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-30 00:15:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2564185752-1118092260-3013568569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2564185752-1118092260-3013568569-503 - Limited - Disabled)
Guest (S-1-5-21-2564185752-1118092260-3013568569-501 - Limited - Disabled)
MoonP (S-1-5-21-2564185752-1118092260-3013568569-1001 - Administrator - Enabled) => C:\Users\MoonP
WDAGUtilityAccount (S-1-5-21-2564185752-1118092260-3013568569-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizace pro Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{90140000-001A-0405-1000-0000000FF1CE}_Office14.SingleImage_{024CEC4C-4BD4-4A4C-AC32-10F5FA2EF3BA}) (Version: - Microsoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.54 - NVIDIA Corporation) Hidden
AutoCAD 2015 – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0405-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0405-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2017 – Čeština (Czech) (HKLM\...\{28B89EEF-0001-0405-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-0001-0405-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2015 – Čeština (Czech) (HKLM\...\AutoCAD 2015 – Čeština (Czech)) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD 2017 – Čeština (Czech) (HKLM\...\AutoCAD 2017 – Čeština (Czech)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Featured Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FontForge verze 31-07-2017 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 31-07-2017 - FontForgeBuilds)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: - )
Microsoft Office 2010 pro studenty a domácnosti (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9001.2138 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{97B083AF-B1CB-4F60-8DFF-93B76D58E570}) (Version: - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NewBlueFX 2012 Beta1 (HKLM-x32\...\NewBlueFX 2012_is1) (Version: - you-huo)
NVIDIA 3D Vision Driver 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.10.24870 - Electronic Arts, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RogueKiller version 12.12.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.3.0 - Adlice Software)
RouterKeygen (HKLM-x32\...\RouterKeygen) (Version: 1.1.0 - Rui Araújo)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sweet Home 3D version 5.7 (HKLM\...\Sweet Home 3D_is1) (Version: 5.7 - eTeks)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.39.74.1020 - Electronic Arts Inc.)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.2.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.1.0 - Topaz Labs, LLC)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\cs-CZ\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-11] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxDTCM.dll [2017-11-21] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-02] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-11] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00163307-35EB-4761-A704-D0049B71E5F3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {00DE4967-072E-499B-8A63-9ED76E14105A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Task: {0B9EE1A9-6D15-4DFB-A2E4-8A67E5D22DB2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {0E2CF6CC-1DD1-40B6-8A75-E0FFAB6810EE} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {17CA0F56-52EF-497E-ABAB-EC065AE6C12C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {195683D2-CF57-476D-8D83-D383F9B8C0B1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {3215DF77-F21F-4DDF-8301-7EC2865F2E4F} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {43171DC6-2319-4A0B-B40A-348BF7BC987D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3b1240d7-0cf0-4e69-877c-2f8f90532619 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {43EC4846-58B7-4593-B7C1-79C0223C8243} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\383fc889-5e3b-4f1d-80e1-77ab68921f9e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {48224D7E-30C8-430B-97E8-DDF63BB1497B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {490CD3A0-AD93-4B75-8CAF-54A6BFF2E1B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {4C0F0A3D-4B4E-46C5-ADE7-A2EE5D29EB0E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {50600B96-7490-4277-AD10-3C175AC3AE12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {51730FFF-CF07-40B1-B000-8EBB42C1DEAF} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {52216FAA-849E-49A4-88F2-A4D1378F16BF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {5EDB2C5A-D71A-4F76-B9B0-A80BDD256942} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {729BD31B-4BEC-4F5C-9ABE-C78558E64513} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {72F783EC-FFFF-4B38-B544-98CACCDE46AD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\88bea261-5810-4ff0-8936-ef4b4a181a09 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {80FEEBF8-092A-435C-917E-4D97A400EF0C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-11-23] (McAfee, Inc.)
Task: {82727394-2F9B-4735-B02A-24150CCCB4F3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {885FEAFC-97A5-4060-8576-CB9DD4423FED} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [2017-04-29] (Lenovo(beijing) Limited)
Task: {8C7EEC98-C5A0-4698-A56F-6DC47D793DAB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {905DAC9D-50A9-4662-8426-609DE3DE0CEC} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {9C375FE9-22A4-48EC-A580-398FEB510F92} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {B06D154E-6412-4154-A509-7CA3BCB3BCDC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {B28D3694-A5DF-459E-84AE-8AF521F0D6D9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-14] (Intel(R) Corporation)
Task: {B4224D40-C960-4E67-9177-F336A2CFD7D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {B8907FAD-8014-45FE-B673-8920951949A4} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {B8CC28AC-5AA7-4221-9320-65DA17C827B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\846fefb4-a51c-4518-9b52-ca124c773271 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {BB5FF2E1-243E-47B5-868A-E6EC6C76B740} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {DDA8EAD2-A7F0-4F9F-8697-78BD758805B2} - System32\Tasks\S-1-5-21-2564185752-1118092260-3013568569-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {F437B628-FAA9-4CA1-A324-341642F013CC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-07] (Microsoft Corporation)
Task: {F8B298BB-2EDC-4C8F-AE0E-3EA020D5B716} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-07] (Microsoft Corporation)
Task: {FA9DB1DB-72C5-48B6-BB73-C4F8E1B2C8E5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-18 04:00 - 2016-10-18 04:00 - 000107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll
2016-10-18 04:00 - 2016-10-18 04:00 - 000412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll
2017-08-25 05:34 - 2018-01-10 15:33 - 001268024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-02 01:18 - 2016-11-02 01:18 - 000253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll
2017-12-30 09:07 - 2017-12-30 09:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-30 09:07 - 2017-12-30 09:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-19 04:02 - 2016-09-19 04:02 - 000163336 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2018-01-31 20:22 - 2018-01-31 20:32 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 20:22 - 2018-01-31 20:32 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-31 20:22 - 2018-01-31 20:36 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-31 20:22 - 2018-01-31 20:32 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2016-06-24 01:33 - 2016-06-24 01:33 - 000829632 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2018-02-03 16:29 - 2018-02-01 07:13 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libglesv2.dll
2018-02-03 16:29 - 2018-02-01 07:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libegl.dll
2017-08-25 05:34 - 2018-01-10 15:33 - 001041208 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-09 03:40 - 2016-11-09 03:40 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-15 01:00 - 2016-10-15 01:00 - 000042728 _____ () C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\win32api.pyd
2016-10-15 01:00 - 2016-10-15 01:00 - 000060648 _____ () C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\pywintypes27.dll
2016-10-15 01:00 - 2016-10-15 01:00 - 000126696 _____ () C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\pythoncom27.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 22:03 - 2018-02-11 09:54 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{E00704F9-BF62-45C1-A101-44E714F12FDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{BC1408C4-B952-4671-BDAE-450D77F076C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{DC40141E-BB9B-4159-98C2-8B3F98177CF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{FA9B22D9-2E0A-4130-B357-EBCFB70C2739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8D497084-E8FA-4E75-9102-56A29F0447AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{EB23FA0E-A33B-47DA-A23A-293F702C0B88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{9AA48994-C418-44A7-B717-72A2CFBCD365}] => (Allow) LPort=50248
FirewallRules: [{EDAB274B-31D0-4D9D-A5A2-A3DC429AE093}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9B878D85-5156-4A5C-B24A-878497585132}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C91FFD19-0ABB-4CC7-B072-703FAD44A583}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{508A2CB0-7A20-42DD-B38B-4A7ACA091CC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60CBB38B-784C-48D9-B0F2-266EB67147C6}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{9CD68EDA-3953-4781-A834-16E1170D87B6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{E019966A-7E13-4095-A913-42012ECACEE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8AD45A2B-4020-46BD-8931-02B7CBB257DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{84238843-48EC-4F42-8AD2-A28C8FEF90C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8AD446FD-336C-4334-B4AF-A21B37099544}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6B9CFB5E-E57A-4451-B226-8F07FCD58018}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CC76BE69-1E54-45E6-85C4-77510DA54BE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C0811759-5690-49CF-AC8E-84EBC7F8E423}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{944E7F8B-4C36-46F0-8BD3-06E05A8C244B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0F836680-F232-4A81-8B25-7E51053FC8F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0ED8F141-B09B-4EE4-9A3E-49FB63037F71}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1C14926F-06F6-4168-8D10-DC08C5CBEEF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{288C313E-33B8-4370-A0A9-72EC7D2A0B9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8FB928FD-1E2C-4BBB-B293-8627C03C1492}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{EC8F6BD9-355F-4781-8A99-1C0959673392}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{38BABFC1-AE2C-46CB-8039-4CEFC0A00856}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B1ECD638-9869-4FB6-ADDC-1562A3725175}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7746594E-2134-4551-81F9-E88C702E3B89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09CFAC93-62F2-4690-BC28-56FC5B491847}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{78F4D1F2-AE69-49DC-AA38-3B2E32B4681B}] => (Allow) C:\Program Files (x86)\Mr DJ\Simcity\SimCity\SimCity.exe
FirewallRules: [{28557E25-EFF4-47AA-B10E-DE2FD9D4653E}] => (Allow) C:\Program Files (x86)\Mr DJ\Simcity\SimCity\SimCity.exe
FirewallRules: [{23E376DB-4D66-46FF-8241-DE21502A9428}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [{19C3B149-E21C-480D-9288-80B684E899DD}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [{38CF06F5-8F12-4F68-A503-7DE4F4CEFFAF}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{AFC17918-DE4B-4562-9EDE-8770F7EA0DBC}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{4EF05932-FAF0-49AA-93BF-696DEF6659A4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A9915DBC-3733-4DA8-BE3A-511E1C307711}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{AAB3D3EF-C783-48A7-8E54-E3712862015F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{7240D70C-4A74-45AD-B9E9-251DA13C4CE6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{84A7B0F2-C1F8-4010-BFE3-88D31A363242}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{37A53535-563F-415A-85A4-5A018D151A2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E914F87F-8062-44D8-BF4D-371B7E7A1460}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{1187DB37-3F4E-42AA-9D34-68B2D4381C4B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A3203754-448F-498B-B2C7-DAEE68FA3902}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{BBDF88A2-9595-4162-8315-E4EC01C4EFCA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
==================== Restore Points =========================
07-02-2018 16:20:25 Removed Apple Software Update
07-02-2018 16:22:23 Removed Apple Application Support
08-02-2018 16:48:56 JRT Pre-Junkware Removal
09-02-2018 20:17:58 Installed Sophos Virus Removal Tool.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/11/2018 12:56:55 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (02/11/2018 12:56:49 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (02/11/2018 11:04:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-1C2633HD)
Description: Package Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c+App was terminated because it took too long to suspend.
Error: (02/11/2018 11:03:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-1C2633HD)
Description: Package Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c+App was terminated because it took too long to suspend.
Error: (02/11/2018 10:59:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-1C2633HD)
Description: Package Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c+App was terminated because it took too long to suspend.
Error: (02/10/2018 10:55:33 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.
Error: (02/10/2018 10:55:33 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.
Error: (02/10/2018 12:55:48 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (02/10/2018 11:17:21 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (02/10/2018 11:17:14 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
System errors:
=============
Error: (02/11/2018 01:10:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 01:07:18 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-1C2633HD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-1C2633HD\MoonP SID (S-1-5-21-2564185752-1118092260-3013568569-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 01:07:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 01:05:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Content Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (02/11/2018 01:05:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
Error: (02/11/2018 12:58:59 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-1C2633HD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-1C2633HD\MoonP SID (S-1-5-21-2564185752-1118092260-3013568569-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 12:58:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 12:57:06 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-1C2633HD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-1C2633HD\MoonP SID (S-1-5-21-2564185752-1118092260-3013568569-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 11:17:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 11:08:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2018-02-07 16:19:08.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:19:02.474
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:54.459
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:42.133
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:38.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:37.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:37.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:35.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:30.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:23.006
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8084.16 MB
Available physical RAM: 4767.21 MB
Total Virtual: 9492.16 MB
Available Virtual: 6158.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:762.57 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS
\\?\Volume{d0479196-7b81-42c3-a67a-fbe03494ed7a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{3fa2e2cc-7f6e-4d2f-87c0-4776c5510825}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F112AF3C)
Partition: GPT.
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 02
Ran by MoonP (11-02-2018 13:11:10)
Running from C:\Users\MoonP\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-30 00:15:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2564185752-1118092260-3013568569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2564185752-1118092260-3013568569-503 - Limited - Disabled)
Guest (S-1-5-21-2564185752-1118092260-3013568569-501 - Limited - Disabled)
MoonP (S-1-5-21-2564185752-1118092260-3013568569-1001 - Administrator - Enabled) => C:\Users\MoonP
WDAGUtilityAccount (S-1-5-21-2564185752-1118092260-3013568569-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizace pro Microsoft Outlook Social Connector (KB2289116) (HKLM\...\{90140000-001A-0405-1000-0000000FF1CE}_Office14.SingleImage_{024CEC4C-4BD4-4A4C-AC32-10F5FA2EF3BA}) (Version: - Microsoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.54 - NVIDIA Corporation) Hidden
AutoCAD 2015 – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0405-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0405-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2017 – Čeština (Czech) (HKLM\...\{28B89EEF-0001-0405-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-0001-0405-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2015 – Čeština (Czech) (HKLM\...\AutoCAD 2015 – Čeština (Czech)) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD 2017 – Čeština (Czech) (HKLM\...\AutoCAD 2017 – Čeština (Czech)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Featured Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
Epic Games Launcher (HKLM-x32\...\{8F89B0CF-8144-43EE-AB9F-B7F8F23D85FB}) (Version: 1.1.135.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FontForge verze 31-07-2017 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 31-07-2017 - FontForgeBuilds)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: - )
Microsoft Office 2010 pro studenty a domácnosti (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9001.2138 - Microsoft Corporation)
Microsoft Outlook Social Connector (KB2289116) ªº§ó·s (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{97B083AF-B1CB-4F60-8DFF-93B76D58E570}) (Version: - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NewBlueFX 2012 Beta1 (HKLM-x32\...\NewBlueFX 2012_is1) (Version: - you-huo)
NVIDIA 3D Vision Driver 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.10.24870 - Electronic Arts, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RogueKiller version 12.12.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.3.0 - Adlice Software)
RouterKeygen (HKLM-x32\...\RouterKeygen) (Version: 1.1.0 - Rui Araújo)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sweet Home 3D version 5.7 (HKLM\...\Sweet Home 3D_is1) (Version: 5.7 - eTeks)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.39.74.1020 - Electronic Arts Inc.)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.2.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.1.0 - Topaz Labs, LLC)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\cs-CZ\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-11] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxDTCM.dll [2017-11-21] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-02] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-11] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00163307-35EB-4761-A704-D0049B71E5F3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {00DE4967-072E-499B-8A63-9ED76E14105A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Task: {0B9EE1A9-6D15-4DFB-A2E4-8A67E5D22DB2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {0E2CF6CC-1DD1-40B6-8A75-E0FFAB6810EE} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {17CA0F56-52EF-497E-ABAB-EC065AE6C12C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {195683D2-CF57-476D-8D83-D383F9B8C0B1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {3215DF77-F21F-4DDF-8301-7EC2865F2E4F} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {43171DC6-2319-4A0B-B40A-348BF7BC987D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3b1240d7-0cf0-4e69-877c-2f8f90532619 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {43EC4846-58B7-4593-B7C1-79C0223C8243} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\383fc889-5e3b-4f1d-80e1-77ab68921f9e => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {48224D7E-30C8-430B-97E8-DDF63BB1497B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {490CD3A0-AD93-4B75-8CAF-54A6BFF2E1B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {4C0F0A3D-4B4E-46C5-ADE7-A2EE5D29EB0E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {50600B96-7490-4277-AD10-3C175AC3AE12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {51730FFF-CF07-40B1-B000-8EBB42C1DEAF} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {52216FAA-849E-49A4-88F2-A4D1378F16BF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {5EDB2C5A-D71A-4F76-B9B0-A80BDD256942} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {729BD31B-4BEC-4F5C-9ABE-C78558E64513} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {72F783EC-FFFF-4B38-B544-98CACCDE46AD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\88bea261-5810-4ff0-8936-ef4b4a181a09 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {80FEEBF8-092A-435C-917E-4D97A400EF0C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-11-23] (McAfee, Inc.)
Task: {82727394-2F9B-4735-B02A-24150CCCB4F3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {885FEAFC-97A5-4060-8576-CB9DD4423FED} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [2017-04-29] (Lenovo(beijing) Limited)
Task: {8C7EEC98-C5A0-4698-A56F-6DC47D793DAB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation)
Task: {905DAC9D-50A9-4662-8426-609DE3DE0CEC} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {9C375FE9-22A4-48EC-A580-398FEB510F92} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {B06D154E-6412-4154-A509-7CA3BCB3BCDC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {B28D3694-A5DF-459E-84AE-8AF521F0D6D9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-14] (Intel(R) Corporation)
Task: {B4224D40-C960-4E67-9177-F336A2CFD7D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {B8907FAD-8014-45FE-B673-8920951949A4} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-15] (Intel Corporation)
Task: {B8CC28AC-5AA7-4221-9320-65DA17C827B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\846fefb4-a51c-4518-9b52-ca124c773271 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-13] (Lenovo Group Limited)
Task: {BB5FF2E1-243E-47B5-868A-E6EC6C76B740} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-02-03] (Microsoft Corporation)
Task: {BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {DDA8EAD2-A7F0-4F9F-8697-78BD758805B2} - System32\Tasks\S-1-5-21-2564185752-1118092260-3013568569-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {F437B628-FAA9-4CA1-A324-341642F013CC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-07] (Microsoft Corporation)
Task: {F8B298BB-2EDC-4C8F-AE0E-3EA020D5B716} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-07] (Microsoft Corporation)
Task: {FA9DB1DB-72C5-48B6-BB73-C4F8E1B2C8E5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-18 04:00 - 2016-10-18 04:00 - 000107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll
2016-10-18 04:00 - 2016-10-18 04:00 - 000412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll
2017-08-25 05:34 - 2018-01-10 15:33 - 001268024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-02 01:18 - 2016-11-02 01:18 - 000253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll
2017-12-30 09:07 - 2017-12-30 09:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-30 09:07 - 2017-12-30 09:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-19 04:02 - 2016-09-19 04:02 - 000163336 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2018-01-31 20:22 - 2018-01-31 20:32 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 20:22 - 2018-01-31 20:32 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-31 20:22 - 2018-01-31 20:36 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-31 20:22 - 2018-01-31 20:32 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2016-06-24 01:33 - 2016-06-24 01:33 - 000829632 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2018-02-03 16:29 - 2018-02-01 07:13 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libglesv2.dll
2018-02-03 16:29 - 2018-02-01 07:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libegl.dll
2017-08-25 05:34 - 2018-01-10 15:33 - 001041208 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-09 03:40 - 2016-11-09 03:40 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-10-15 01:00 - 2016-10-15 01:00 - 000042728 _____ () C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\win32api.pyd
2016-10-15 01:00 - 2016-10-15 01:00 - 000060648 _____ () C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\pywintypes27.dll
2016-10-15 01:00 - 2016-10-15 01:00 - 000126696 _____ () C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\pythoncom27.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 22:03 - 2018-02-11 09:54 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2564185752-1118092260-3013568569-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{E00704F9-BF62-45C1-A101-44E714F12FDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{BC1408C4-B952-4671-BDAE-450D77F076C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{DC40141E-BB9B-4159-98C2-8B3F98177CF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{FA9B22D9-2E0A-4130-B357-EBCFB70C2739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{8D497084-E8FA-4E75-9102-56A29F0447AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{EB23FA0E-A33B-47DA-A23A-293F702C0B88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{9AA48994-C418-44A7-B717-72A2CFBCD365}] => (Allow) LPort=50248
FirewallRules: [{EDAB274B-31D0-4D9D-A5A2-A3DC429AE093}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9B878D85-5156-4A5C-B24A-878497585132}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C91FFD19-0ABB-4CC7-B072-703FAD44A583}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{508A2CB0-7A20-42DD-B38B-4A7ACA091CC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60CBB38B-784C-48D9-B0F2-266EB67147C6}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{9CD68EDA-3953-4781-A834-16E1170D87B6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{E019966A-7E13-4095-A913-42012ECACEE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8AD45A2B-4020-46BD-8931-02B7CBB257DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{84238843-48EC-4F42-8AD2-A28C8FEF90C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8AD446FD-336C-4334-B4AF-A21B37099544}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6B9CFB5E-E57A-4451-B226-8F07FCD58018}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CC76BE69-1E54-45E6-85C4-77510DA54BE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C0811759-5690-49CF-AC8E-84EBC7F8E423}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{944E7F8B-4C36-46F0-8BD3-06E05A8C244B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0F836680-F232-4A81-8B25-7E51053FC8F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0ED8F141-B09B-4EE4-9A3E-49FB63037F71}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1C14926F-06F6-4168-8D10-DC08C5CBEEF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{288C313E-33B8-4370-A0A9-72EC7D2A0B9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8FB928FD-1E2C-4BBB-B293-8627C03C1492}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{EC8F6BD9-355F-4781-8A99-1C0959673392}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{38BABFC1-AE2C-46CB-8039-4CEFC0A00856}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B1ECD638-9869-4FB6-ADDC-1562A3725175}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7746594E-2134-4551-81F9-E88C702E3B89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09CFAC93-62F2-4690-BC28-56FC5B491847}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{78F4D1F2-AE69-49DC-AA38-3B2E32B4681B}] => (Allow) C:\Program Files (x86)\Mr DJ\Simcity\SimCity\SimCity.exe
FirewallRules: [{28557E25-EFF4-47AA-B10E-DE2FD9D4653E}] => (Allow) C:\Program Files (x86)\Mr DJ\Simcity\SimCity\SimCity.exe
FirewallRules: [{23E376DB-4D66-46FF-8241-DE21502A9428}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [{19C3B149-E21C-480D-9288-80B684E899DD}] => (Allow) D:\SimCity\SimCity\SimCity.exe
FirewallRules: [{38CF06F5-8F12-4F68-A503-7DE4F4CEFFAF}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{AFC17918-DE4B-4562-9EDE-8770F7EA0DBC}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{4EF05932-FAF0-49AA-93BF-696DEF6659A4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A9915DBC-3733-4DA8-BE3A-511E1C307711}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{AAB3D3EF-C783-48A7-8E54-E3712862015F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{7240D70C-4A74-45AD-B9E9-251DA13C4CE6}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{84A7B0F2-C1F8-4010-BFE3-88D31A363242}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{37A53535-563F-415A-85A4-5A018D151A2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E914F87F-8062-44D8-BF4D-371B7E7A1460}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{1187DB37-3F4E-42AA-9D34-68B2D4381C4B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A3203754-448F-498B-B2C7-DAEE68FA3902}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{BBDF88A2-9595-4162-8315-E4EC01C4EFCA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
==================== Restore Points =========================
07-02-2018 16:20:25 Removed Apple Software Update
07-02-2018 16:22:23 Removed Apple Application Support
08-02-2018 16:48:56 JRT Pre-Junkware Removal
09-02-2018 20:17:58 Installed Sophos Virus Removal Tool.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/11/2018 12:56:55 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (02/11/2018 12:56:49 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (02/11/2018 11:04:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-1C2633HD)
Description: Package Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c+App was terminated because it took too long to suspend.
Error: (02/11/2018 11:03:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-1C2633HD)
Description: Package Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c+App was terminated because it took too long to suspend.
Error: (02/11/2018 10:59:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-1C2633HD)
Description: Package Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c+App was terminated because it took too long to suspend.
Error: (02/10/2018 10:55:33 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.
Error: (02/10/2018 10:55:33 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.
Error: (02/10/2018 12:55:48 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (02/10/2018 11:17:21 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (02/10/2018 11:17:14 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
System errors:
=============
Error: (02/11/2018 01:10:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 01:07:18 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-1C2633HD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-1C2633HD\MoonP SID (S-1-5-21-2564185752-1118092260-3013568569-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 01:07:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 01:05:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Content Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (02/11/2018 01:05:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
Error: (02/11/2018 12:58:59 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-1C2633HD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-1C2633HD\MoonP SID (S-1-5-21-2564185752-1118092260-3013568569-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 12:58:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 12:57:06 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-1C2633HD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-1C2633HD\MoonP SID (S-1-5-21-2564185752-1118092260-3013568569-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 11:17:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/11/2018 11:08:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2018-02-07 16:19:08.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:19:02.474
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:54.459
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:42.133
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:38.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:37.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:37.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:35.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:30.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
Date: 2018-02-07 16:18:23.006
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8084.16 MB
Available physical RAM: 4767.21 MB
Total Virtual: 9492.16 MB
Available Virtual: 6158.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:762.57 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS
\\?\Volume{d0479196-7b81-42c3-a67a-fbe03494ed7a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{3fa2e2cc-7f6e-4d2f-87c0-4776c5510825}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F112AF3C)
Partition: GPT.
==================== End of Addition.txt ============================
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Při zapnutí ntb chrome s ruskou stránkou
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
C:\Users\MoonP\Documents\yg.aep -- tohle znáš?
Pak napiš , co problémy.
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\MoonP\AppData\Local\Temp\dllnt_dump.dll
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {17CA0F56-52EF-497E-ABAB-EC065AE6C12C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
C:\Users\MoonP\Documents\yg.aep -- tohle znáš?
Pak napiš , co problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Při zapnutí ntb chrome s ruskou stránkou
LOG: Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 02
Ran by MoonP (11-02-2018 15:53:00) Run:1
Running from C:\Users\MoonP\OneDrive\Plocha
Loaded Profiles: MoonP (Available Profiles: MoonP)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\MoonP\AppData\Local\Temp\dllnt_dump.dll
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {17CA0F56-52EF-497E-ABAB-EC065AE6C12C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
EmptyTemp:
End
*****************
Processes closed successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\MoonP\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EPP" => removed successfully
"HKLM\Software\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17CA0F56-52EF-497E-ABAB-EC065AE6C12C} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17CA0F56-52EF-497E-ABAB-EC065AE6C12C} => could not remove key. ErrorCode1: 0x00000002
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} => could not remove key. ErrorCode1: 0x00000002
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => could not remove key. ErrorCode1: 0x00000002
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135556244 B
Java, Flash, Steam htmlcache => 349538412 B
Windows/system/drivers => 1484140 B
Edge => 0 B
Chrome => 366627008 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 38592 B
NetworkService => 23730 B
MoonP => 25646379 B
RecycleBin => 321832044 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:54:02 ====
C:\Users\MoonP\Documents\yg.aep -- Ano, toto je video.
Problémy již nejsou.
Ran by MoonP (11-02-2018 15:53:00) Run:1
Running from C:\Users\MoonP\OneDrive\Plocha
Loaded Profiles: MoonP (Available Profiles: MoonP)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\MoonP\AppData\Local\Temp\dllnt_dump.dll
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\MoonP\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {17CA0F56-52EF-497E-ABAB-EC065AE6C12C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
EmptyTemp:
End
*****************
Processes closed successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\MoonP\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-2564185752-1118092260-3013568569-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EPP" => removed successfully
"HKLM\Software\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17CA0F56-52EF-497E-ABAB-EC065AE6C12C} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17CA0F56-52EF-497E-ABAB-EC065AE6C12C} => could not remove key. ErrorCode1: 0x00000002
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFCE4F4C-1513-4C00-8A8A-CE5538AA440A} => could not remove key. ErrorCode1: 0x00000002
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => could not remove key. ErrorCode1: 0x00000002
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135556244 B
Java, Flash, Steam htmlcache => 349538412 B
Windows/system/drivers => 1484140 B
Edge => 0 B
Chrome => 366627008 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 38592 B
NetworkService => 23730 B
MoonP => 25646379 B
RecycleBin => 321832044 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:54:02 ====
C:\Users\MoonP\Documents\yg.aep -- Ano, toto je video.
Problémy již nejsou.
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Při zapnutí ntb chrome s ruskou stránkou
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/
Sophos i Zemana můžeš odinstalovat.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/
Sophos i Zemana můžeš odinstalovat.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Při zapnutí ntb chrome s ruskou stránkou
# DelFix v1.013 - Logfile created 11/02/2018 at 17:35:16
# Updated 17/04/2016 by Xplode
# Username : MoonP - LAPTOP-1C2633HD
# Operating System : Windows 10 Home (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2018-02-10-120518.log
Deleted : C:\zoek-results2018-02-10-173511.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\AdwCleaner.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\AdwCleaner[S2].txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\Fixlog.txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\FRST64.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\JRT.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\JRT.txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\HijackThis.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\hijackthis.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\hijackthis2.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\RKreport_DEL_02102018_125604.txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\RKreport_DEL_02112018_125808 (1).log
Deleted : C:\Users\MoonP\OneDrive\Plocha\RKreport_DEL_02112018_125808.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\zoek-results.txt
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\MoonP\Downloads\Addition.txt
Deleted : C:\Users\MoonP\Downloads\AdwCleaner.exe
Deleted : C:\Users\MoonP\Downloads\FRST.txt
Deleted : C:\Users\MoonP\Downloads\JRT.exe
Deleted : C:\Users\MoonP\Downloads\hijackthis.log
Deleted : C:\Users\MoonP\Downloads\TFC.exe
Deleted : C:\Users\MoonP\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #15 [Removed Apple Software Update | 02/07/2018 15:20:25]
Deleted : RP #16 [Removed Apple Application Support | 02/07/2018 15:22:23]
Deleted : RP #18 [JRT Pre-Junkware Removal | 02/08/2018 15:48:56]
Deleted : RP #19 [Installed Sophos Virus Removal Tool. | 02/09/2018 19:17:58]
Deleted : RP #20 [Removed QuickTime 7 | 02/11/2018 15:08:18]
New restore point created !
########## - EOF - ##########
Ještě jsem se chtěl zeptat, mohu odinstalovat i MalwareBytes?
# Updated 17/04/2016 by Xplode
# Username : MoonP - LAPTOP-1C2633HD
# Operating System : Windows 10 Home (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2018-02-10-120518.log
Deleted : C:\zoek-results2018-02-10-173511.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\AdwCleaner.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\AdwCleaner[S2].txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\Fixlog.txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\FRST64.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\JRT.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\JRT.txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\HijackThis.exe
Deleted : C:\Users\MoonP\OneDrive\Plocha\hijackthis.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\hijackthis2.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\RKreport_DEL_02102018_125604.txt
Deleted : C:\Users\MoonP\OneDrive\Plocha\RKreport_DEL_02112018_125808 (1).log
Deleted : C:\Users\MoonP\OneDrive\Plocha\RKreport_DEL_02112018_125808.log
Deleted : C:\Users\MoonP\OneDrive\Plocha\zoek-results.txt
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\MoonP\Downloads\Addition.txt
Deleted : C:\Users\MoonP\Downloads\AdwCleaner.exe
Deleted : C:\Users\MoonP\Downloads\FRST.txt
Deleted : C:\Users\MoonP\Downloads\JRT.exe
Deleted : C:\Users\MoonP\Downloads\hijackthis.log
Deleted : C:\Users\MoonP\Downloads\TFC.exe
Deleted : C:\Users\MoonP\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #15 [Removed Apple Software Update | 02/07/2018 15:20:25]
Deleted : RP #16 [Removed Apple Application Support | 02/07/2018 15:22:23]
Deleted : RP #18 [JRT Pre-Junkware Removal | 02/08/2018 15:48:56]
Deleted : RP #19 [Installed Sophos Virus Removal Tool. | 02/09/2018 19:17:58]
Deleted : RP #20 [Removed QuickTime 7 | 02/11/2018 15:08:18]
New restore point created !
########## - EOF - ##########
Ještě jsem se chtěl zeptat, mohu odinstalovat i MalwareBytes?
CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Při zapnutí ntb chrome s ruskou stránkou
Klidně odinstaluj...
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Při zapnutí ntb chrome s ruskou stránkou Vyřešeno
Ok, tak super, díky moc za Vaší trpělivost 
Dávám vyřešeno.
Dávám vyřešeno.CPU: i5-6500 GPU: Msi RX480 8GB RAM: Crucial 2x8GB MB: MSI B150 PSU: Seasonic S12II-520 CASE: Gladius M35
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot] a 2 hosti