Solved I think somebody is remote controling my PC

[SymBio]

Hello, im new here and also im not from US/UK so sorry for my english.

Today I´ve got message from steam that my password and email has been changed, so I checked my Gmail and email were deleted to bin.

The thing is, that I have 2 phase security on my gmail, so its not possible to join from other computer.

And its true... When I checked active connection it literally says ´´this device XXXX is connected from russia´´ and that is strange because im from czech republic.

I tried malwarebytes search for virusues = 0
I tried windows defender = 0

also what is strange is before everything this happend I had to reset my bios to default bcz when I tried to start up it says I have no boot disk in my PC


Im running windows 10

Yea I know I ran some of dangerous stuff...

Is here anyone who can help me to get rid of this, if its possibble without doing clean instalation and everyting?

Thank you very much!

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

Please observe forum rules. All logs have to be pasted not attached.

 

[SymBio]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

Please observe forum rules. All logs have to be pasted not attached.

oh im sorry.

lemme paste.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-03-2021
Ran by Martin G (administrator) on DESKTOP-GLRDF0L (HP OMEN by HP Laptop) (05-04-2021 15:10:14)
Running from C:\Users\Martin G\Downloads
Loaded Profiles: Martin G
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(ESET, spol. s r.o. -> ESET spol. s r.o.) C:\Users\Martin G\Downloads\esetonlinescanner.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <33>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\hpservice.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\SysInfoCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_b6eaa96b215eb9da\x64\OmenCap.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_a9a8972288e9f3b5\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(TechPowerUp LLC -> uWebb Software) C:\Users\Martin G\Desktop\Throtlestop\ThrottleStop.exe
(Wagnardsoft -> Wagnardsoft) C:\Users\Martin G\Desktop\ICL\ISLC v1.0.2.2\Intelligent standby list cleaner ISLC.exe
(win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-10-14] (IDSA Production signing key -> Intel)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Steam] => D:\Program files\Steam\steam.exe [4087528 2021-03-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Discord] => C:\Users\Martin G\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28177288 2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91591032 2020-04-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50041472 2021-03-12] (Google LLC -> )
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [com.blitz.app] => C:\Users\Martin G\AppData\Local\Programs\Blitz\Blitz.exe [109893896 2021-03-31] (Swift Media Entertainment, Inc. -> Blitz, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-02] (Google LLC -> Google LLC)
Startup: C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2020-07-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
Startup: C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jarvee.lnk [2020-05-31]
ShortcutTarget: Jarvee.lnk -> C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A69DAA-8646-45B1-AC0F-16AB6D71106D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {040CDB39-B6E1-4611-9AF5-491930F06FE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1298E2D3-971B-4B15-9B1D-4BE9B0196836} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI
Task: {22356908-3FA6-4890-9D09-FE27B426CB2D} - System32\Tasks\Core Temp Autostart Martin G => C:\Program Files\Core Temp\Core Temp.exe [1009496 2020-12-01] (ALCPU -> ALCPU)
Task: {2B3BA3E1-9F05-4146-9882-BA339D38DFA8} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098928 2020-08-02] (Intel(R) Software Development Products -> Intel Corporation)
Task: {34999F3F-67EE-4C5A-AB52-6F2E88DBA704} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {36E46CF9-9020-4C1B-B760-0E316F2B07E1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3ABB42BF-0B0F-459E-8BCA-4D27536C9EE6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {482575FA-0988-434C-BE2D-82239B30CEA5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {48FC3605-B571-49BE-ABB0-58A59B5E026C} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
Task: {4C8D764F-98B9-43CB-830A-559A65AF2C36} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
Task: {4D64548D-0553-420A-A8F3-DF998B4CD9C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {54FF4D5D-4B31-4505-A3EE-4AF8825440CB} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
Task: {58494C52-6A2C-465B-8E29-701A0D27DAA3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5C9C02EF-20E9-4397-AB1D-C57F93F66C5E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {6401556C-2580-437E-B543-9E23BDA41464} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A35E3D5-BEE0-42FD-B3DE-950C60DC907D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7DF9A716-927E-4BB9-B6C1-5DACFC68B59C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {82759878-93C5-47F5-AA7D-BF15712402FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-03] (Google Inc -> Google LLC)
Task: {8891A927-57E9-4135-9F0B-5B09BEC8DDD5} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {8B22603E-185A-4ED6-AA9D-8473212FBEEB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FA53CBE-598A-48C9-8E3C-05BF9EA89F8E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098928 2020-08-02] (Intel(R) Software Development Products -> Intel Corporation)
Task: {8FABAF06-8293-49C0-934E-BC9DDADA438E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {956A9890-A00E-4C06-9632-DEFE85095084} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {977D5D7A-FB4C-44A4-BFCC-041CF327BF4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-03] (Google Inc -> Google LLC)
Task: {9ECAD93D-3DC4-47E9-BCDF-ACFC433FDB64} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {A36DF90B-94D5-45AA-9DD4-06D7CF5BCE44} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:
Task: {A5975A1E-2C67-449F-A0F8-5F9E177FC37F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B1E8DB32-C88E-4199-8649-D1309043A858} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
Task: {C82CB7D6-3742-40F7-922B-D00A4647CE4E} - System32\Tasks\Uninstaller_SkipUac_Martin_G => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {CC425616-1B4C-4513-B5F3-1D44B4167381} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF426629-C45E-4556-8F8B-169D588E36BF} - System32\Tasks\Throttle => C:\Users\Martin G\Desktop\Throtlestop\ThrottleStop.exe [3882992 2020-08-11] (TechPowerUp LLC -> uWebb Software)
Task: {D1E1599A-54D2-4187-9BA0-55E47FAECD5C} - System32\Tasks\Intelligent StandbyList Cleaner => C:\Users\Martin G\Desktop\ICL\ISLC v1.0.2.2\Intelligent standby list cleaner ISLC.exe [422592 2020-02-14] (Wagnardsoft -> Wagnardsoft)
Task: {D3869DE1-AA9C-458D-8F65-A73FADA8FDA2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D48CB396-EEBC-4230-B9E3-66A343EF1BD5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D49234DA-E318-42B7-857F-FF47FE394EE9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8AA9F99-E1A3-46DC-87E6-8D16DF632D38} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DAD69DCA-8321-4110-9E77-8DA9283B5421} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7B2A145-37EF-4AB2-BA66-4FA8A7FFEFFD} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
Task: {E9E76F3E-DA6E-435F-917D-0722D4FD705E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
Task: {EE620BBE-2AEE-4C6D-8FBB-D3AED9698F0F} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
Task: {F7225E08-FFBF-42BC-A74F-105C23F18B27} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => cmd /c start hpdiags://SmartCheckTest

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 1.0.0.1 1.1.1.1
Tcpip\..\Interfaces\{50720d9e-e362-4577-80aa-6b2a68df43d7}: [DhcpNameServer] 1.0.0.1 1.1.1.1
Tcpip\..\Interfaces\{e094826a-67a4-4a77-97b4-9fc83c79c79e}: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default [2021-04-05]
CHR Extension: (Prezentace) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-03]
CHR Extension: (Dokumenty) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-03]
CHR Extension: (Disk Google) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-03]
CHR Extension: (Tabulky) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-03]
CHR Extension: (Záložky na iCloudu) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-06-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-13]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-04]
CHR HKU\S-1-5-21-1215771508-622911918-1038150175-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-20] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-03-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-03-11] (NVIDIA Corporation -> NVIDIA)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\AppHelperCap.exe [729608 2021-03-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\NetworkCap.exe [728568 2021-03-02] (HP Inc. -> HP Inc.)
R2 HPOmenCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_b6eaa96b215eb9da\x64\OmenCap.exe [523544 2020-06-14] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\SysInfoCap.exe [729080 2021-03-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe [479504 2021-01-06] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-05] (Malwarebytes Inc -> Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [9513760 2020-12-06] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S4 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109264 2020-06-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6969856 2021-01-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7023744 2021-02-05] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\Martin G\AppData\Local\Temp\ALSysIO64.sys [47240 2021-04-05] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [33352 2018-12-19] (HP Inc. -> HP Inc.)
R3 HPOmenCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys [33464 2018-12-19] (HP Inc. -> HP Inc.)
R2 HpPortIo; C:\Windows\System32\drivers\HpPortIox64.sys [31488 2020-01-16] (HP Inc. -> )
R1 HWiNFO_152; C:\WINDOWS\system32\drivers\HWiNFO64A_152.SYS [63208 2021-02-07] (Martin Malik - REALiX -> REALiX(tm))
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [312496 2020-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslb01d9415; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F060F3F7-39B0-4BAA-89DC-BF1141455644}\MpKslDrv.sys [97528 2021-04-05] (Microsoft Windows -> Microsoft Corporation)
R1 rtf64; C:\WINDOWS\system32\DRIVERS\rtf64x64.sys [70560 2018-09-04] (Realtek Semiconductor Corp. -> Realtek)
R3 ThrottleStop; C:\Users\Martin G\AppData\Local\Temp\ThrottleStop.sys [50216 2021-04-05] (TechPowerUp LLC -> ) <==== ATTENTION
R3 ViGEmBus; C:\WINDOWS\System32\DriverStore\FileRepository\vigembus.inf_amd64_e84845c70c38fbe7\x64\ViGEmBus.sys [74648 2018-08-01] (HP Inc. -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2742720 2021-02-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-05 15:10 - 2021-04-05 15:10 - 000027426 _____ C:\Users\Martin G\Downloads\FRST.txt
2021-04-05 15:10 - 2021-04-05 15:10 - 000000000 ____D C:\FRST
2021-04-05 15:09 - 2021-04-05 15:09 - 002300928 _____ (Farbar) C:\Users\Martin G\Downloads\FRST64.exe
2021-04-05 15:03 - 2021-04-05 15:03 - 000000661 _____ C:\Users\Martin G\Desktop\ESET Online Scanner.lnk
2021-04-05 15:02 - 2021-04-05 15:02 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Martin G\Downloads\esetonlinescanner.exe
2021-04-05 15:02 - 2021-04-05 15:02 - 000000789 _____ C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-05 15:02 - 2021-04-05 15:02 - 000000000 ____D C:\Users\Martin G\AppData\Local\ESET
2021-04-05 14:46 - 2021-04-05 14:46 - 000009590 _____ C:\Users\Martin G\Downloads\pid_finder.zip
2021-04-05 13:47 - 2021-04-05 13:47 - 000063984 _____ C:\Users\Martin G\Desktop\this.html
2021-04-05 13:46 - 2021-04-05 13:46 - 001953658 _____ C:\Users\Martin G\Downloads\hjred103.zip
2021-04-05 13:36 - 2021-04-05 13:36 - 000388608 _____ (Trend Micro Inc.) C:\Users\Martin G\Downloads\HijackThis.exe
2021-04-05 12:57 - 2021-04-05 12:57 - 000003148 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-04-04 20:18 - 2021-04-04 20:18 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-03-11 07:15 - 002797808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-04-04 20:18 - 2021-03-11 07:15 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-04-04 20:16 - 2021-03-13 06:05 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-04 20:16 - 2021-03-13 06:05 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-04 20:16 - 2021-03-13 06:05 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-04 20:16 - 2021-03-13 06:05 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 039196464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2021-04-04 20:16 - 2021-03-13 06:02 - 001511216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 001163536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000687888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-04-04 20:16 - 2021-03-13 06:02 - 000678704 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000671512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000612144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000556848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000546096 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 002102560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 001587488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 000655648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 008306456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 007429904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 004610320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 002729744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 000445200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-04-04 20:16 - 2021-03-13 05:59 - 000848656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-04-04 20:16 - 2021-03-13 05:57 - 007119848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-04 20:16 - 2021-03-13 05:57 - 006075480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-04 20:16 - 2021-03-11 07:15 - 000084450 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-04 20:05 - 2021-04-04 20:15 - 661682264 _____ (NVIDIA Corporation) C:\Users\Martin G\Downloads\461.92-notebook-win10-64bit-international-dch-whql.exe
2021-04-04 19:53 - 2021-04-04 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops Cold War
2021-04-04 15:34 - 2021-04-04 15:35 - 000000000 ____D C:\Users\Martin G\AppData\Local\Disc_Soft_Ltd
2021-04-04 15:28 - 2021-04-04 16:28 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-04-04 14:46 - 2021-04-04 14:46 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-04 11:29 - 2021-04-04 11:46 - 000000000 ____D C:\Users\Martin G\Desktop\mbar
2021-04-04 11:29 - 2021-04-04 11:46 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-04-04 11:29 - 2021-04-04 11:29 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\E546A75E.sys
2021-04-04 10:23 - 2021-04-04 10:25 - 000000000 ___HD C:\Users\Martin G\AppData\Local\dac1d999c719ced1c94daef0c7593160
2021-04-04 10:19 - 2021-04-04 11:24 - 000000000 ____D C:\Users\Martin G\Desktop\CoD Warzone AIM ESP No Recoil Cheat v3.01 by Elarum
2021-04-01 23:35 - 2021-04-01 23:35 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-04-01 23:35 - 2021-04-01 23:35 - 000000000 ____D C:\WINDOWS\LastGood
2021-04-01 23:33 - 2021-03-26 09:52 - 001452336 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-01 23:33 - 2021-03-26 09:52 - 001191728 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-01 12:41 - 2021-04-01 12:41 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2021-03-30 20:14 - 2020-12-06 13:08 - 009513760 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2021-03-30 19:16 - 2021-03-30 19:16 - 000000000 ____D C:\Users\Martin G\AppData\LocalLow\LINE Games Corporation
2021-03-30 19:16 - 2021-03-30 19:16 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2021-03-30 11:17 - 2021-03-30 11:17 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\EasyAntiCheat
2021-03-30 11:17 - 2021-03-30 11:17 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-03-29 20:37 - 2021-03-29 20:37 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-03-26 11:47 - 2021-03-26 11:55 - 1383160687 _____ C:\Users\Martin G\Downloads\Visage-Video.mp4
2021-03-20 21:03 - 2021-03-20 21:03 - 000000000 ____D C:\Users\Martin G\AppData\Local\Medium
2021-03-20 21:03 - 2021-03-20 21:03 - 000000000 ____D C:\Users\Martin G\AppData\Local\CrashReportClient
2021-03-20 14:21 - 2021-03-20 14:21 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-03-20 12:53 - 2021-03-20 12:58 - 1110509643 _____ C:\Users\Martin G\Downloads\OUTLAST sestřih.mp4
2021-03-20 10:49 - 2021-03-20 11:06 - 3492040708 _____ C:\Users\Martin G\Downloads\955298881-661060277-673e0758-48a0-466c-8f2d-c317808120c4.mp4
2021-03-20 00:18 - 2021-03-20 00:18 - 015622940 _____ C:\Users\Martin G\Downloads\AT-cm_1098057388.mp4
2021-03-20 00:03 - 2021-03-20 00:03 - 007247629 _____ C:\Users\Martin G\Downloads\AT-cm_1097936555 (1) (1).mp4
2021-03-19 22:10 - 2021-03-19 22:10 - 011580754 _____ C:\Users\Martin G\Downloads\AT-cm_1097835467.mp4
2021-03-19 22:05 - 2021-03-19 22:05 - 016341353 _____ C:\Users\Martin G\Downloads\41079033421-offset-5856.mp4
2021-03-19 22:04 - 2021-03-19 22:04 - 007247629 _____ C:\Users\Martin G\Downloads\AT-cm_1097936555 (1).mp4
2021-03-19 22:02 - 2021-03-19 22:02 - 007247629 _____ C:\Users\Martin G\Downloads\AT-cm_1097936555.mp4
2021-03-19 22:01 - 2021-03-19 22:01 - 015543832 _____ C:\Users\Martin G\Downloads\AT-cm_1097979890.mp4
2021-03-19 18:30 - 2021-03-19 18:30 - 005592354 _____ C:\Users\Martin G\Downloads\Gaming Careers LUTs.zip
2021-03-19 18:30 - 2021-03-19 18:30 - 000000000 ____D C:\Users\Martin G\Desktop\Stream luts
2021-03-19 13:39 - 2021-03-19 13:39 - 000000000 ____D C:\Users\Martin G\AppData\Local\Visage
2021-03-19 10:46 - 2021-03-19 10:46 - 000373975 _____ C:\Users\Martin G\Desktop\19.3 covid monika.pdf
2021-03-19 10:45 - 2021-03-19 10:45 - 000374811 _____ C:\Users\Martin G\Desktop\19.3 covid.pdf
2021-03-18 23:43 - 2021-03-18 23:43 - 000001301 _____ C:\Users\Martin G\Desktop\Nový textový dokument (2).txt
2021-03-18 23:42 - 2021-04-03 20:04 - 000000841 _____ C:\Users\Martin G\Desktop\Popis.txt
2021-03-17 20:31 - 2021-03-17 20:31 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\NemirtingasEpicEmu
2021-03-17 18:15 - 2021-04-01 12:41 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Blitz
2021-03-17 18:15 - 2021-03-20 10:09 - 000000000 ____D C:\Users\Martin G\AppData\Local\blitz-updater
2021-03-17 18:15 - 2021-03-17 18:15 - 000002260 _____ C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitz.lnk
2021-03-17 18:15 - 2021-03-17 18:15 - 000002252 _____ C:\Users\Martin G\Desktop\Blitz.lnk
2021-03-17 13:36 - 2021-03-17 13:36 - 063366648 _____ (Blitz, Inc.) C:\Users\Martin G\Downloads\Blitz-1.13.140.exe
2021-03-17 10:44 - 2021-03-17 10:44 - 000000000 ____D C:\Users\Martin G\Documents\Horizon Zero Dawn
2021-03-17 00:06 - 2021-03-18 14:31 - 000000000 ____D C:\Users\Martin G\Documents\League of Legends
2021-03-17 00:00 - 2021-03-17 00:00 - 000000000 ____D C:\Riot Games
2021-03-16 23:59 - 2021-03-16 23:59 - 069423360 _____ (Riot Games, Inc.) C:\Users\Martin G\Downloads\Install League of Legends eune.exe
2021-03-16 19:42 - 2021-03-16 19:42 - 000541842 _____ C:\Users\Martin G\Downloads\Forza Horizon 4 [FitGirl Repack].torrent
2021-03-16 18:54 - 2021-03-16 18:54 - 000540549 _____ C:\Users\Martin G\Downloads\Horizon - Zero Dawn CE [FitGirl Repack] INT.torrent
2021-03-16 18:20 - 2021-03-16 18:20 - 000000000 ____D C:\Users\Martin G\AppData\LocalLow\Team17
2021-03-16 13:38 - 2021-03-16 13:39 - 2341612746 _____ C:\Users\Martin G\Desktop\950466154-661060277-32f62a2b-a179-410f-9a87-910c3a1442a6.mp4
2021-03-15 21:25 - 2021-03-15 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast [GOG.com]
2021-03-15 21:21 - 2021-03-15 21:21 - 000000000 ____D C:\GOG Games
2021-03-15 18:11 - 2021-03-15 18:11 - 000000000 ____D C:\ProgramData\Steam
2021-03-15 16:52 - 2021-03-15 16:52 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1215771508-622911918-1038150175-1002
2021-03-15 16:52 - 2021-03-15 16:52 - 000002370 _____ C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-15 12:49 - 2021-03-15 12:49 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Voxengo
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Voxengo
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Common Files\VST2
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Common Files\Avid
2021-03-13 20:26 - 2021-03-13 20:26 - 000875437 _____ C:\Users\Martin G\Downloads\vac465lite.zip
2021-03-13 20:26 - 2021-03-13 20:26 - 000000000 ____D C:\Users\Martin G\Desktop\VAC
2021-03-13 18:38 - 2021-03-13 18:38 - 000000000 ____D C:\Users\Martin G\AppData\Local\Helios
2021-03-12 22:41 - 2021-03-12 22:41 - 000000000 ____D C:\Users\Martin G\Desktop\Twitch
2021-03-12 22:39 - 2021-03-12 22:40 - 007902116 _____ C:\Users\Martin G\Downloads\Mecha Free Panels.zip
2021-03-12 22:12 - 2021-03-12 22:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-12 22:12 - 2021-03-12 22:12 - 001328400 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2021-03-12 22:12 - 2021-03-12 22:12 - 001282560 _____ C:\WINDOWS\system32\FaceProcessor.dll
2021-03-12 22:12 - 2021-03-12 22:12 - 000512864 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-12 22:11 - 2021-03-12 22:11 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-12 22:11 - 2021-03-12 22:11 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-12 22:11 - 2021-03-12 22:11 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-12 22:11 - 2021-03-12 22:11 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-12 22:11 - 2021-03-12 22:11 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-12 22:11 - 2021-03-12 22:11 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-12 14:37 - 2021-03-29 21:04 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\slobs-client
2021-03-11 17:58 - 2021-04-04 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 8
2021-03-09 14:47 - 2021-03-09 14:47 - 002928490 _____ C:\Users\Martin G\Downloads\Product card US.pdf
2021-03-09 14:47 - 2021-03-09 14:47 - 000420633 _____ C:\Users\Martin G\Downloads\QIG PL.pdf
2021-03-09 13:09 - 2021-03-09 13:09 - 053163713 _____ C:\Users\Martin G\Downloads\hi-res_NGK-1567.zip
2021-03-07 11:31 - 2021-03-07 11:31 - 028436520 _____ (Thrustmaster) C:\Users\Martin G\Downloads\2018_FFD_2.exe
2021-03-07 00:32 - 2021-03-07 00:37 - 259708359 _____ (Unigine Corp. ) C:\Users\Martin G\Downloads\Unigine_Heaven-4.0.exe
2021-03-06 13:46 - 2021-03-29 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

 

[SymBio]

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-05 14:44 - 2021-02-09 11:35 - 000000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare
2021-04-05 14:40 - 2021-02-09 11:18 - 000000000 ____D C:\Users\Martin G\AppData\Local\Battle.net
2021-04-05 14:40 - 2019-05-30 17:05 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-05 14:35 - 2021-02-09 11:18 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Battle.net
2021-04-05 14:16 - 2020-01-23 20:20 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\WhatsApp
2021-04-05 14:16 - 2020-01-23 20:20 - 000000000 ____D C:\Users\Martin G\AppData\Local\WhatsApp
2021-04-05 13:40 - 2019-06-03 15:38 - 000000000 ____D C:\Users\Martin G\AppData\Local\VirtualStore
2021-04-05 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-05 12:57 - 2021-02-04 20:17 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-04-05 12:23 - 2020-09-23 20:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-05 10:50 - 2020-09-23 20:16 - 001687358 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-05 10:50 - 2019-12-07 16:41 - 000716920 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-05 10:50 - 2019-12-07 16:41 - 000145084 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-05 10:50 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-05 10:48 - 2020-10-19 10:52 - 000000000 ____D C:\Program Files\CCleaner
2021-04-05 10:43 - 2020-09-23 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-05 10:43 - 2020-09-22 15:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-05 10:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-04 23:17 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-04 20:53 - 2021-02-11 22:13 - 000000000 ____D C:\Program Files (x86)\Call of Duty Black Ops Cold War
2021-04-04 20:19 - 2019-05-30 17:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-04-04 20:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-04 20:18 - 2019-05-30 17:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-04 20:18 - 2019-05-30 17:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-04-04 15:33 - 2020-09-23 20:07 - 000000000 ____D C:\Users\Martin G
2021-04-04 12:20 - 2021-02-28 12:13 - 000079296 _____ C:\Users\Martin G\Desktop\cc_20210228_111324.reg
2021-04-04 12:17 - 2019-06-22 20:39 - 000000000 ____D C:\Users\Martin G\AppData\Local\CrashDumps
2021-04-04 11:29 - 2021-02-06 12:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-04 10:36 - 2020-09-21 19:46 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\vlc
2021-04-02 11:18 - 2019-06-03 15:41 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-01 11:38 - 2021-02-09 11:17 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-04-01 10:49 - 2020-03-15 17:59 - 000000000 ____D C:\ProgramData\Riot Games
2021-03-30 20:14 - 2019-06-18 21:53 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-30 17:27 - 2019-06-03 17:02 - 000000000 ____D C:\Users\Martin G\AppData\Local\D3DSCache
2021-03-30 11:17 - 2019-06-03 15:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-29 22:39 - 2021-02-09 20:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-03-29 22:38 - 2021-03-05 12:32 - 000000000 ____D C:\Games
2021-03-29 20:37 - 2019-06-23 00:05 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Streamlabs OBS
2021-03-29 20:37 - 2019-06-23 00:04 - 000000000 ____D C:\Program Files\Streamlabs OBS
2021-03-28 23:01 - 2020-01-05 17:16 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\qBittorrent
2021-03-27 12:54 - 2020-10-19 10:52 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-23 14:24 - 2020-07-17 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-03-21 18:44 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-20 21:03 - 2019-06-19 23:03 - 000000000 ____D C:\Users\Martin G\AppData\Local\UnrealEngine
2021-03-20 14:21 - 2019-06-03 15:57 - 000000000 ____D C:\Users\Martin G\AppData\Local\NVIDIA
2021-03-20 14:21 - 2019-05-30 17:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-03-17 19:15 - 2020-01-06 22:30 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Discord
2021-03-17 00:06 - 2020-03-15 17:59 - 000000000 ____D C:\Users\Martin G\AppData\Local\Riot Games
2021-03-17 00:00 - 2020-03-15 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-03-16 09:06 - 2019-05-30 16:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-15 19:35 - 2021-02-07 20:45 - 000000000 ____D C:\Users\Martin G\Documents\My Games
2021-03-15 16:57 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-15 16:52 - 2019-06-03 15:40 - 000000000 ___RD C:\Users\Martin G\OneDrive
2021-03-13 18:38 - 2020-11-23 15:53 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-03-13 11:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-13 00:03 - 2020-09-23 20:06 - 000444480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-11 18:13 - 2021-02-10 19:35 - 000000000 ____D C:\Program Files (x86)\IObit
2021-03-11 17:58 - 2021-02-10 19:35 - 000000000 ____D C:\ProgramData\ProductData
2021-03-11 07:15 - 2020-10-28 12:43 - 000070896 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-03-11 07:15 - 2020-10-28 12:43 - 000059632 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 002154224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 001295088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 000169272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 000145208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2021-03-10 18:07 - 2019-05-30 17:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 18:05 - 2019-05-30 17:04 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 17:57 - 2019-08-11 20:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-03-06 12:34 - 2020-10-19 08:51 - 000000000 ____D C:\Users\Martin G\AppData\Local\Minion

==================== Files in the root of some directories ========

2020-01-02 16:20 - 2020-01-02 16:20 - 000000068 _____ () C:\Users\Martin G\AppData\Roaming\changzhi_leidian.data
2020-04-22 22:53 - 2020-04-22 22:53 - 000000068 _____ () C:\Users\Martin G\AppData\Roaming\changzhi_mplayer.data
2021-02-05 21:53 - 2021-02-10 21:03 - 001065984 _____ () C:\Users\Martin G\AppData\Local\file__0.localstorage
2019-06-03 17:01 - 2019-06-03 17:01 - 000000410 _____ () C:\Users\Martin G\AppData\Local\oobelibMkey.log
2020-03-09 14:25 - 2020-04-17 10:47 - 000003833 _____ () C:\Users\Martin G\AppData\Local\PlariumPlay.log
2020-10-11 22:09 - 2021-01-15 23:51 - 000007597 _____ () C:\Users\Martin G\AppData\Local\Resmon.ResmonCfg
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_server_api.data
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_uranus.data
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_wkstore_api.data

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[SymBio]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-03-2021
Ran by Martin G (05-04-2021 15:12:03)
Running from C:\Users\Martin G\Downloads
Windows 10 Home Version 20H2 19042.867 (X64) (2020-09-23 18:11:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1215771508-622911918-1038150175-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1215771508-622911918-1038150175-503 - Limited - Disabled)
Guest (S-1-5-21-1215771508-622911918-1038150175-501 - Limited - Disabled)
Martin G (S-1-5-21-1215771508-622911918-1038150175-1002 - Administrator - Enabled) => C:\Users\Martin G
WDAGUtilityAccount (S-1-5-21-1215771508-622911918-1038150175-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_1) (Version: 8.1 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Beauty Box (HKLM\...\Beauty Box AE) (Version: 3.0.6 - Digital Anarchy, Inc.)
Blitz 1.13.145 (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 1.13.145 - Blitz, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty Black Ops Cold War (HKLM-x32\...\Call of Duty Black Ops Cold War) (Version: - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.12.10.2 - Canon Inc.)
Canon Utilities EOS Network Setting Tool (HKLM-x32\...\EOS Network Setting Tool) (Version: 1.0.10.4 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.12.10.7 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.9.10.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
CPUID CPU-Z 1.94 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.94 - CPUID, Inc.)
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
Discord (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{5A87092D-1128-4C00-9495-4312AEA73AEF}) (Version: 21.120.2.1 - Intel Corporation) Hidden
ExitLag version 4 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4 - ExitLag)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HWiNFO64 Version 6.42 (HKLM\...\HWiNFO64_is1) (Version: 6.42 - Martin Malik - REALiX)
Intel Driver && Support Assistant (HKLM-x32\...\{E051A413-9853-4901-AF60-176ED50E7329}) (Version: 20.10.42.5 - Intel) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{6E05E656-6ED8-49DE-AA9C-C4677F7086C5}) (Version: 4.1.5 - Intel Corporation)
Intel XTU SDK (HKLM-x32\...\{43A58350-CB99-4F4E-9BB6-F058D7B27985}) (Version: 1.0.17 - HP Inc.) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{0798FE0D-0E50-488A-B0DC-07E65B2758AE}) (Version: 2.4.05982 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1003 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1029-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{6f610581-f2d3-4d65-9c20-3627d30f5572}) (Version: 20.10.42.5 - Intel)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4B3C56AB-963E-4F48-9747-05297683DB3B}) (Version: 16.8.3.1003 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{a6cf16a4-9aef-469b-98af-71b15f60a233}) (Version: 21.120.2.1 - Intel Corporation) Hidden
Jarvee (HKLM-x32\...\{9D1EA30B-26FB-4FD9-BE37-0927E7E6F315}) (Version: 14.1.7 - Jarvee) Hidden
Jarvee (HKLM-x32\...\Jarvee 14.1.7) (Version: 14.1.7 - Jarvee)
League of Legends (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Little Nightmares II (HKLM-x32\...\Little Nightmares II_is1) (Version: - )
Logitech Capture (HKLM\...\Capture) (Version: 1.0.553 - Logitech)
Luminar 4 (HKLM\...\{A6F0B6DE-D1DD-4C1C-9D49-C66592461EEC}) (Version: 4.0.0.4810 - Skylum) Hidden
Luminar 4 (HKLM\...\Luminar 4 4.0.0.4810) (Version: 4.0.0.4810 - Skylum)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MSI Kombustor 4.1.11.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Need for Speed: Payback (HKLM-x32\...\Need for Speed: Payback_is1) (Version: - )
Niceboy ORYX K600 Mechanical Keyboard v1.6.5 (HKLM-x32\...\{2C0A8508-5710-4207-8ED8-57518B198878}_is1) (Version: - )
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.92 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outlast (HKLM-x32\...\GOGPACKOUTLAST_is1) (Version: 2.0.0.3 - GOG.com)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Quick CPU x64 (HKLM\...\{B5A7CA0D-7B9C-4954-9C62-A2C8CECE90A6}) (Version: 3.3.2.0 - CoderBag)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype verze 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 0.15.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.15.1 - General Workings, Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.6 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: - TechPowerUp)
Unigine Superposition Benchmark 1.1 (HKLM\...\Superposition_is1) (Version: 1.1 - UNIGINE)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Visage (HKLM-x32\...\Visage_is1) (Version: - )
VIVEPORT DirectX 9.0 (HKLM-x32\...\{4b01ac5b-340e-4644-828b-0882c8255a4e}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VIVEPORT DirectX 9.0 (x86/x64) (HKLM-x32\...\{9D42F21E-7CFA-4C87-99FD-C81CFFCB12E5}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voxengo Marvel GEQ (HKLM\...\Voxengo Marvel GEQ_is1) (Version: 1.10 - Voxengo)
WhatsApp (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\WhatsApp) (Version: 2.2110.12 - WhatsApp)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Worms W.M.D (HKLM-x32\...\Worms W.M.D_is1) (Version: - )

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-03] (Microsoft Corporation)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6 [2021-02-06] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2021-02-11] (HP Inc.)
HyperX NGENUITY -> C:\Program Files\WindowsApps\33C30B79.HyperXNGenuity_5.1.64.0_x64__0a78dr3hq0pvt [2021-02-11] (HyperX Gaming) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-03] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-04] (NVIDIA Corp.)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_1.0.40392.0_x64__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-10-31] (Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\nvshext.dll [2021-03-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-05 15:03 - 2021-04-05 15:03 - 001195008 _____ (ESET) [File not signed] C:\Users\Martin G\AppData\Local\ESET\ESETOnlineScanner\esets_apiW_a.DLL
2019-07-15 10:20 - 2019-07-15 10:20 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll

 

[SymBio]

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Martin G\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Martin G\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2020-10-19 12:51 - 000001090 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 1.0.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)
Ethernet: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\StartupFolder: => "Jarvee.lnk"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "ViveportDesktop"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "LDNews"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "PlariumPlay"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "reWASD Tray Agent"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "com.blitz.app"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{147A3A7A-677D-4B89-882D-CDF061871907}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B0B0D82C-89F6-4286-B347-4E25066134B8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{48F9E02D-7FFE-4643-9CF7-62C8B12FFB48}] => (Allow) D:\Program files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{6E49FD3E-9582-428D-AE78-E903C8BD24C0}] => (Allow) D:\Program files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{4AA8BDAA-7B28-4BC1-84F4-AC19C43600C1}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [TCP Query User{C8E41B06-CF1F-4886-9EC2-39FA935B9FB1}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [{DEC6E1DB-11FC-45B7-B606-406156A28A0B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDC8C9DC-0243-4C14-8E14-BDD013175ACF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{84B1B65E-895E-4A25-A827-F42FD2CED952}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7E51133-9F9F-4EA9-900D-DDDFB2371221}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{262E4992-9BD5-4C6C-9FE6-AAB32C55A3CF}] => (Allow) C:\Users\Martin G\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{483F843F-9678-42F2-866D-0B3B9935E6B0}] => (Allow) C:\Users\Martin G\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{17673503-81AF-4539-A85B-F752971EE4C9}] => (Allow) C:\Users\Martin G\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{76C4181D-36C8-4583-AC14-358EF983C386}] => (Allow) C:\Users\Martin G\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{AB8132C7-05F5-4DBE-BB94-5E6F26A0B611}] => (Allow) C:\Users\Martin G\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{6D40797B-868A-44CB-9461-D398D8F3163E}] => (Allow) C:\Users\Martin G\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{336648C7-275B-47D5-AE49-7261FD8183F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA112139-5E75-4931-8D72-C37D4076CC80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8C9D5E74-8DE3-47AF-8B42-A22DE50A5CFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B01B6E18-2774-4B6F-B5F0-09FD9433388D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{30025A49-545C-4771-A94D-6568B6F6080D}] => (Allow) D:\Program files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6795FBCB-E66C-47E3-B08D-C42316281719}] => (Allow) D:\Program files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{AE7F2A6F-6E87-4C2B-9D45-0A98ADBCD543}] => (Allow) D:\Program files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{385B05DB-DCCF-4CF1-AFD0-A63AEA2818AA}] => (Allow) D:\Program files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D4D4DA28-1047-4400-8E0B-3D95899021A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AA1106D9-9899-4213-8353-4CC3911F503E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0553BC72-0E58-46FC-8289-46053AA2D77F}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B0507B2D-C804-45EE-AF19-8EBC7CDA7BF2}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B7FF16C0-DD7D-41CA-9DB6-9E851C8584F2}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{74E891C8-AA41-4774-B7E4-01202127EF30}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5073A86A-91AC-4A81-9833-037BB4F55479}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{B07542C5-E035-42CB-A0B9-826A04404798}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{68B2F978-C174-4A03-B5D7-56A9D028682C}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{B054670D-2E31-4EAB-A5E0-B6163F65281C}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [TCP Query User{9AC508B4-C42A-4C1B-8B03-45F853EA1DEE}C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [UDP Query User{86127CFB-AE9F-43D5-8D7A-F5B0484A8A9A}C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [{1FF49F3A-86B8-4B81-B5B9-4184CA9B32A5}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{B1524EBD-DD2B-46C9-B581-DB2D5DDA2EA6}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{0F13566C-EF76-4243-9B75-7363EC6043F7}] => (Block) C:\Program Files\Skylum\Luminar 4\Luminar 4.exe (Skylum Software USA, Inc. -> )
FirewallRules: [{7EE7D4C0-9B4A-447B-A45F-EF2DB4385C51}] => (Block) C:\Program Files\Skylum\Luminar 4\Luminar 4.exe (Skylum Software USA, Inc. -> )
FirewallRules: [{F79888FD-B24A-47CC-A7AC-EC0D8A2AF1EC}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{97F8086E-ED82-4ABB-8B3F-300ECF684213}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{36C6195A-7A2D-4BD4-A0B1-65BAC8A5A066}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [TCP Query User{C88D4875-1201-4F6F-87EF-2CC56E6AE0D9}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{618ABF56-C26B-4C3B-B122-7938A6052D7D}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{D46FF621-90A2-4FBB-9016-11B32992D76C}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [{D9999442-343B-43FE-80A7-899D6BD962A6}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [{A895C221-B5AD-4D9C-A2AD-A7A14B58C2E8}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [{9A6CF990-97B6-4E12-9B8A-29E4C7E5A8F9}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [TCP Query User{F098A56B-E782-43A0-A461-AEC66C0F7AF6}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [UDP Query User{5C665657-083E-47BA-9E56-EE0E7A3533C7}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [TCP Query User{7675DAD5-E3C1-4179-82E7-FA556D18C67A}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query User{D76F657A-5E19-4BDE-A945-18CF822948A6}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{49F307E8-FDF9-4899-9FE9-B86F4FB9545A}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [TCP Query User{15D65C3E-D066-401E-88A5-A0A58A6529BF}C:\gog games\outlast\binaries\win64\olgame.exe] => (Block) C:\gog games\outlast\binaries\win64\olgame.exe (Red Barrels Inc.) [File not signed]
FirewallRules: [UDP Query User{65EF5CF8-C143-4BB6-B4B2-4879C297A38C}C:\gog games\outlast\binaries\win64\olgame.exe] => (Block) C:\gog games\outlast\binaries\win64\olgame.exe (Red Barrels Inc.) [File not signed]
FirewallRules: [TCP Query User{442B228D-6548-4A47-9ACE-1A436EDF603A}C:\users\martin g\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\martin g\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [UDP Query User{52A5995C-2CB4-4BDD-AFF5-5DFDFE87B8E4}C:\users\martin g\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\martin g\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [{B4A7FEE8-3FB3-4232-8866-79E2733906D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{34C27D13-761F-4FEF-981E-26591A41732B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0E4B7357-899D-47D0-8C95-84223D932FE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{93E5D400-F420-4A9E-B332-EF2DDF470B14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5219C1FA-D45F-4DEA-A198-4527E2139CF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

25-03-2021 17:20:47 Naplánovaný kontrolní bod
29-03-2021 22:39:06 Removed Thrustmaster FFB Driver
04-04-2021 15:28:17 Installed reWASD driver V2.94

==================== Faulty Device Manager Devices ============

Name: Intel(R) Wireless-AC 9560 160MHz
Description: Intel(R) Wireless-AC 9560 160MHz
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw08
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/05/2021 10:48:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/04/2021 11:16:46 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/04/2021 03:33:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: PřI volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/04/2021 03:33:27 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/04/2021 10:59:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: aInjector Win64_x32.exe, verze: 7.5.10.687, časové razítko: 0x605b907d
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xe0434352
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0x177c
Čas spuštění chybující aplikace: 0x01d72930ccfe47b4
Cesta k chybující aplikaci: C:\Program Files (x86)\Call of Duty Modern Warfare\aInjector Win64_x32.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 75aa2f05-a626-4c03-839d-aa372cfabbb7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/04/2021 10:59:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: aInjector Win64_x32.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentOutOfRangeException
na System.String.IndexOf(System.String, Int32, Int32, System.StringComparison)
na Microsoft.Win32.RegistryKey.ValidateKeyName(System.String)
na Microsoft.Win32.RegistryKey.OpenSubKey(System.String, Boolean)
na Microsoft.Win32.RegistryKey.OpenSubKey(System.String)
na System.Net.ComNetOS.GetWindowsInstallType()
na System.Net.ComNetOS..cctor()

Informace o výjimce: System.TypeInitializationException
na System.Net.ServicePointManager..cctor()

Informace o výjimce: System.TypeInitializationException
na System.Net.ServicePointManager.EnsureConfigurationLoaded()
na System.Net.ServicePointManager.set_SecurityProtocol(System.Net.SecurityProtocolType)
na ‭‫‮‪‌‮‌‪‫‭‬‍‭‬‮.‭‫‪‎‎‏‍‪‫‫‭‮‬‏‬‬‪‬‏‫‎‫‏‮(System.Net.SecurityProtocolType)
na ‭‫‮‪‌‮‌‪‫‭‬‍‭‬‮.‮‬‬‭‏‫‮‪‎‪‍‍‮‬‏‌‎‫‪‎‏‮(System.String[])

Informace o výjimce: System.Reflection.TargetInvocationException
na System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
na System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
na System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
na System.Reflection.MethodBase.Invoke(System.Object, System.Object[])
na <Module>.Main(System.String[])

Error: (04/04/2021 10:56:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: aInjector Win64_x32.exe, verze: 7.5.10.687, časové razítko: 0x605b907d
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xe0434352
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0xbcc
Čas spuštění chybující aplikace: 0x01d7293072ad5250
Cesta k chybující aplikaci: C:\Program Files (x86)\Call of Duty Modern Warfare\aInjector Win64_x32.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 2a8dbf56-d1d9-433a-aefa-8b3e16f9ef69
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/04/2021 10:56:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: aInjector Win64_x32.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentOutOfRangeException
na System.String.IndexOf(System.String, Int32, Int32, System.StringComparison)
na Microsoft.Win32.RegistryKey.ValidateKeyName(System.String)
na Microsoft.Win32.RegistryKey.OpenSubKey(System.String, Boolean)
na Microsoft.Win32.RegistryKey.OpenSubKey(System.String)
na System.Net.ComNetOS.GetWindowsInstallType()
na System.Net.ComNetOS..cctor()

Informace o výjimce: System.TypeInitializationException
na System.Net.ServicePointManager..cctor()

Informace o výjimce: System.TypeInitializationException
na System.Net.ServicePointManager.EnsureConfigurationLoaded()
na System.Net.ServicePointManager.set_SecurityProtocol(System.Net.SecurityProtocolType)
na ‭‫‮‪‌‮‌‪‫‭‬‍‭‬‮.‭‫‪‎‎‏‍‪‫‫‭‮‬‏‬‬‪‬‏‫‎‫‏‮(System.Net.SecurityProtocolType)
na ‭‫‮‪‌‮‌‪‫‭‬‍‭‬‮.‮‬‬‭‏‫‮‪‎‪‍‍‮‬‏‌‎‫‪‎‏‮(System.String[])

Informace o výjimce: System.Reflection.TargetInvocationException
na System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
na System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
na System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
na System.Reflection.MethodBase.Invoke(System.Object, System.Object[])
na <Module>.Main(System.String[])

 

[SymBio]

System errors:
=============
Error: (04/05/2021 03:04:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla přI spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (04/05/2021 03:04:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\MARTIN~1\AppData\Local\Temp\ehdrv.sys

Error: (04/05/2021 03:04:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\MARTIN~1\AppData\Local\Temp\ehdrv.sys

Error: (04/05/2021 03:04:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla přI spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (04/05/2021 03:04:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla přI spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (04/05/2021 03:04:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\MARTIN~1\AppData\Local\Temp\ehdrv.sys

Error: (04/05/2021 03:04:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla přI spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (04/05/2021 03:04:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\MARTIN~1\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2021-04-05 12:34:58
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

App:MiniTool_Partition_Wizard_BundleInstaller threat description - Microsoft Security Intelligence

Název: App:MiniTool_Partition_Wizard_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\SSD\SSD\Záloha PC\Stažené\pw11-free.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.335.243.0, AS: 1.335.243.0, NIS: 1.335.243.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-05 12:34:58
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

PUA:Win32/Presenoker threat description - Microsoft Security Intelligence

Název: PUA:Win32/Presenoker
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Martin G\AppData\Roaming\Fusion_ld\Fusion.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.335.243.0, AS: 1.335.243.0, NIS: 1.335.243.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 14:19:43
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

Trojan:Win32/AgentTesla!ml threat description - Microsoft Security Intelligence

Název: Trojan:Win32/AgentTesla!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Martin G\AppData\Local\Temp\Rar$DRb828.10270\Hack.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0, NIS: 1.335.176.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 13:39:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

Trojan:Win32/Tiggre!rfn threat description - Microsoft Security Intelligence

Název: Trojan:Win32/Tiggre!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Martin G\AppData\Local\Temp\Rar$DRb6344.15231\oxygen.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0, NIS: 1.335.176.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 11:46:20
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

Trojan:Win32/Tiggre!rfn threat description - Microsoft Security Intelligence

Název: Trojan:Win32/Tiggre!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Martin G\Desktop\cheat\YUCheat.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0, NIS: 1.335.176.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 14:54:02
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu přI pokusu o obnovení položky z karantény.
Další informace:

Trojan:Win32/Tiggre!rfn threat description - Microsoft Security Intelligence

Název: Trojan:Win32/Tiggre!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Uživatel: DESKTOP-GLRDF0L\Martin G
Kód chyby: 0x80508014
Popis chyby: Položku v karanténě nelze obnovit.
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0
Verze modulu: 1.1.18000.5

Date: 2021-04-01 12:41:43
Description:
Modul programu Antivirová ochrana v programu Microsoft Defender byl ukončen v důsledku neočekávané chyby.
Typ chyby: Chyba
Kód výjimky: 0xc0000005
Zdroj:

CodeIntegrity:
===============
Date: 2021-04-04 11:36:40
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-04 11:36:38
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\tstMicroRC.gc because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-04 11:36:35
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdVMMRC.rc because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: AMI F.15 11/02/2020
Motherboard: HP 846A
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 16260.92 MB
Available physical RAM: 10582.1 MB
Total Virtual: 24196.92 MB
Available Virtual: 16703.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.57 GB) (Free:103.65 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:931.5 GB) (Free:642.66 GB) NTFS

\\?\Volume{3baee5f3-6c5f-40e2-8c4f-b9b0f671388d}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{a0dbe2d5-e201-424b-8b79-dcba1cfb99e5}\ () (Fixed) (Total:0.63 GB) (Free:0.07 GB) NTFS
\\?\Volume{0e252405-fae7-4e56-b1c0-131d64e79a3e}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[SymBio]

Here is report from rogue, going on another

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Martin G [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210331_083429, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/04/05 20:12:49 (Duration : 00:10:03)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Rogue.MalwareFox (Malicious)] MalwareFox AntiMalware -- %programfiles(x86)%\MalwareFox AntiMalware -> Deleted

 

[SymBio]

Malwarebytes scan


Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 05.04.21
Čas skenování: 20:14
Logovací soubor: ce2d22a6-963a-11eb-a20d-e4e7493ee1ff.json

-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1173
Aktualizovat verzi balíku komponent: 1.0.39117
Licence: Vypršelo

-Systémová informace-
OS: Windows 10 (Build 19042.867)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-GLRDF0L\Martin G

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 303607
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 3 min, 36 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

 

[SymBio]

ADW SCAN


# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-05-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3645 octets] - [05/04/2021 17:43:12]
AdwCleaner[C00].txt - [3549 octets] - [05/04/2021 17:45:22]
AdwCleaner[S01].txt - [1598 octets] - [05/04/2021 17:46:29]
AdwCleaner[S02].txt - [1659 octets] - [05/04/2021 20:20:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

 

[SymBio]

I hope I did all correctly

 

[Broni]

RogueKiller log seems to be incomplete. Please retry.

 

[SymBio]

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Martin G [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210331_083429, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/04/06 10:18:07 (Duration : 00:09:58)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

[Broni]

Good

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[SymBio]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by Martin G (administrator) on DESKTOP-GLRDF0L (HP OMEN by HP Laptop) (06-04-2021 12:38:06)
Running from C:\Users\Martin G\Downloads
Loaded Profiles: Martin G
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\hpservice.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\SysInfoCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_b6eaa96b215eb9da\x64\OmenCap.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_a9a8972288e9f3b5\RstMwService.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe <2>
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(TechPowerUp LLC -> uWebb Software) C:\Users\Martin G\Desktop\Throtlestop\ThrottleStop.exe
(Wagnardsoft -> Wagnardsoft) C:\Users\Martin G\Desktop\ICL\ISLC v1.0.2.2\Intelligent standby list cleaner ISLC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-10-14] (IDSA Production signing key -> Intel)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Steam] => D:\Program files\Steam\steam.exe [4087528 2021-03-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Discord] => C:\Users\Martin G\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28177288 2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91591032 2020-04-14] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50041472 2021-03-12] (Google LLC -> )
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Run: [com.blitz.app] => C:\Users\Martin G\AppData\Local\Programs\Blitz\Blitz.exe [109893896 2021-03-31] (Swift Media Entertainment, Inc. -> Blitz, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-02] (Google LLC -> Google LLC)
Startup: C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2020-07-15]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
Startup: C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jarvee.lnk [2020-05-31]
ShortcutTarget: Jarvee.lnk -> C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A69DAA-8646-45B1-AC0F-16AB6D71106D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {040CDB39-B6E1-4611-9AF5-491930F06FE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {22356908-3FA6-4890-9D09-FE27B426CB2D} - System32\Tasks\Core Temp Autostart Martin G => C:\Program Files\Core Temp\Core Temp.exe [1009496 2020-12-01] (ALCPU -> ALCPU)
Task: {2B3BA3E1-9F05-4146-9882-BA339D38DFA8} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098928 2020-08-02] (Intel(R) Software Development Products -> Intel Corporation)
Task: {2B8A6A05-D179-4D79-B597-1C2F31F0D865} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI
Task: {34999F3F-67EE-4C5A-AB52-6F2E88DBA704} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {36E46CF9-9020-4C1B-B760-0E316F2B07E1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3ABB42BF-0B0F-459E-8BCA-4D27536C9EE6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {482575FA-0988-434C-BE2D-82239B30CEA5} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4D64548D-0553-420A-A8F3-DF998B4CD9C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {58494C52-6A2C-465B-8E29-701A0D27DAA3} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {59FBD21A-84D9-4B1A-92E7-8D985C8DAAA6} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
Task: {5C9C02EF-20E9-4397-AB1D-C57F93F66C5E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {607354A8-B626-4226-A985-0A8B09C2FD70} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
Task: {6401556C-2580-437E-B543-9E23BDA41464} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B1DFE79-B6DD-428D-96A7-9CB4DADF0C48} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
Task: {7A35E3D5-BEE0-42FD-B3DE-950C60DC907D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7DF9A716-927E-4BB9-B6C1-5DACFC68B59C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {82759878-93C5-47F5-AA7D-BF15712402FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-03] (Google Inc -> Google LLC)
Task: {82862BF5-FFD7-48BC-84D1-B0C6DA2C39D4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
Task: {8B22603E-185A-4ED6-AA9D-8473212FBEEB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8FA53CBE-598A-48C9-8E3C-05BF9EA89F8E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098928 2020-08-02] (Intel(R) Software Development Products -> Intel Corporation)
Task: {8FABAF06-8293-49C0-934E-BC9DDADA438E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {956A9890-A00E-4C06-9632-DEFE85095084} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {977D5D7A-FB4C-44A4-BFCC-041CF327BF4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-03] (Google Inc -> Google LLC)
Task: {9C9CAD2D-92EA-4C97-8EE6-9DD0E37F65B7} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
Task: {9ECAD93D-3DC4-47E9-BCDF-ACFC433FDB64} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {9FDC8576-E330-4D2B-9D64-797ABEB506BF} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
Task: {A5975A1E-2C67-449F-A0F8-5F9E177FC37F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ACDA4186-B3C6-4C75-88D8-0CBBDD5DD3C5} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => cmd /c start hpdiags://SmartCheckTest
Task: {B149BA76-9610-4B68-A89D-FC08E2C05CAA} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:
Task: {C278FFFE-4E20-429C-86E6-FA7E96437A4D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
Task: {C82CB7D6-3742-40F7-922B-D00A4647CE4E} - System32\Tasks\Uninstaller_SkipUac_Martin_G => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {CC425616-1B4C-4513-B5F3-1D44B4167381} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF426629-C45E-4556-8F8B-169D588E36BF} - System32\Tasks\Throttle => C:\Users\Martin G\Desktop\Throtlestop\ThrottleStop.exe [3882992 2020-08-11] (TechPowerUp LLC -> uWebb Software)
Task: {D1E1599A-54D2-4187-9BA0-55E47FAECD5C} - System32\Tasks\Intelligent StandbyList Cleaner => C:\Users\Martin G\Desktop\ICL\ISLC v1.0.2.2\Intelligent standby list cleaner ISLC.exe [422592 2020-02-14] (Wagnardsoft -> Wagnardsoft)
Task: {D3869DE1-AA9C-458D-8F65-A73FADA8FDA2} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D48CB396-EEBC-4230-B9E3-66A343EF1BD5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D49234DA-E318-42B7-857F-FF47FE394EE9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8AA9F99-E1A3-46DC-87E6-8D16DF632D38} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {DAD69DCA-8321-4110-9E77-8DA9283B5421} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF2BAFB3-D51E-4026-B185-9B264CCE3F5C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 1.0.0.1 1.1.1.1
Tcpip\..\Interfaces\{50720d9e-e362-4577-80aa-6b2a68df43d7}: [DhcpNameServer] 1.0.0.1 1.1.1.1
Tcpip\..\Interfaces\{e094826a-67a4-4a77-97b4-9fc83c79c79e}: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default [2021-04-06]
CHR Extension: (Prezentace) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-03]
CHR Extension: (Dokumenty) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-03]
CHR Extension: (Disk Google) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-03]
CHR Extension: (Tabulky) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-03]
CHR Extension: (Záložky na iCloudu) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-06-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-13]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Martin G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-04]
CHR HKU\S-1-5-21-1215771508-622911918-1038150175-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-20] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-03-29] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-03-11] (NVIDIA Corporation -> NVIDIA)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\AppHelperCap.exe [729608 2021-03-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\NetworkCap.exe [728568 2021-03-02] (HP Inc. -> HP Inc.)
R2 HPOmenCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_b6eaa96b215eb9da\x64\OmenCap.exe [523544 2020-06-14] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_5451dfef9ec90792\x64\SysInfoCap.exe [729080 2021-03-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f98b15466093b28e\x64\TouchpointAnalyticsClientService.exe [479504 2021-01-06] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-05] (Malwarebytes Inc -> Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [9513760 2020-12-06] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13688656 2021-03-24] (Adlice -> )
S4 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109264 2020-06-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Uncheater\ucldr_battlegrounds_gl.exe [6969856 2021-01-16] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7023744 2021-02-05] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\Martin G\AppData\Local\Temp\ALSysIO64.sys [47240 2021-04-06] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [33352 2018-12-19] (HP Inc. -> HP Inc.)
R3 HPOmenCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys [33464 2018-12-19] (HP Inc. -> HP Inc.)
R2 HpPortIo; C:\Windows\System32\drivers\HpPortIox64.sys [31488 2020-01-16] (HP Inc. -> )
R1 HWiNFO_152; C:\WINDOWS\system32\drivers\HWiNFO64A_152.SYS [63208 2021-02-07] (Martin Malik - REALiX -> REALiX(tm))
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [312496 2020-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-04] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsldee57da3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10699636-6989-45D2-95E9-1DBD7750EC45}\MpKslDrv.sys [97528 2021-04-06] (Microsoft Windows -> Microsoft Corporation)
U3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [42056 2021-04-06] (Adlice -> )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R1 rtf64; C:\WINDOWS\system32\DRIVERS\rtf64x64.sys [70560 2018-09-04] (Realtek Semiconductor Corp. -> Realtek)
R3 ThrottleStop; C:\Users\Martin G\AppData\Local\Temp\ThrottleStop.sys [50216 2021-04-06] (TechPowerUp LLC -> ) <==== ATTENTION
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-04-06] (Adlice -> )
R3 ViGEmBus; C:\WINDOWS\System32\DriverStore\FileRepository\vigembus.inf_amd64_e84845c70c38fbe7\x64\ViGEmBus.sys [74648 2018-08-01] (HP Inc. -> Benjamin Höglinger-Stelzer)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2742720 2021-02-07] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2021-04-05] (Zemana Ltd. -> Zemana Ltd.)
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-06 12:38 - 2021-04-06 12:38 - 000027861 _____ C:\Users\Martin G\Downloads\FRST.txt
2021-04-06 12:38 - 2021-04-06 12:38 - 000000000 ____D C:\Users\Martin G\Downloads\FRST-OlderVersion
2021-04-06 12:37 - 2021-04-06 12:38 - 002298368 _____ (Farbar) C:\Users\Martin G\Downloads\FRST64.exe
2021-04-06 10:28 - 2021-04-06 10:28 - 000002242 _____ C:\Users\Martin G\Desktop\roguereport.txt
2021-04-06 10:13 - 2021-04-06 10:13 - 000042056 _____ C:\WINDOWS\system32\Drivers\rkflt.sys
2021-04-06 10:13 - 2021-04-06 10:13 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-04-06 10:12 - 2021-04-06 12:38 - 000073871 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-04-05 22:14 - 2021-04-05 22:14 - 000003148 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-04-05 20:19 - 2021-04-05 20:19 - 000001674 _____ C:\Users\Martin G\Desktop\MWBYTES scan.txt
2021-04-05 20:13 - 2021-04-05 20:13 - 000001296 _____ C:\Users\Martin G\Desktop\report rogue.txt
2021-04-05 20:05 - 2021-04-05 22:15 - 090177536 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-04-05 20:01 - 2021-04-06 10:17 - 000000000 ____D C:\ProgramData\RogueKiller
2021-04-05 20:01 - 2021-04-05 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-04-05 20:01 - 2021-04-05 20:01 - 000000000 ____D C:\Program Files\RogueKiller
2021-04-05 19:58 - 2021-04-05 19:59 - 040488656 _____ (Adlice Software ) C:\Users\Martin G\Downloads\RogueKiller_setup.exe
2021-04-05 18:49 - 2021-04-05 18:58 - 000018597 _____ C:\WINDOWS\ZAM.krnl.trace
2021-04-05 18:49 - 2021-04-05 18:49 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2021-04-05 18:49 - 2021-04-05 18:49 - 000000000 ____D C:\Users\Martin G\AppData\Local\Zemana
2021-04-05 18:49 - 2021-04-05 18:49 - 000000000 ____D C:\Users\Martin G\AppData\Local\Wolf of Webstreet OPC Private Limited
2021-04-05 18:47 - 2021-04-05 18:47 - 006617512 _____ (Zemana Ltd. ) C:\Users\Martin G\Downloads\MalwareFox.exe
2021-04-05 18:39 - 2021-04-05 18:39 - 000448512 _____ (OldTimer Tools) C:\Users\Martin G\Downloads\TFC.exe
2021-04-05 18:35 - 2021-04-05 18:35 - 000852798 _____ C:\Users\Martin G\Downloads\SecurityCheck.exe
2021-04-05 17:42 - 2021-04-05 17:45 - 000000000 ____D C:\AdwCleaner
2021-04-05 17:42 - 2021-04-05 17:42 - 008534696 _____ (Malwarebytes) C:\Users\Martin G\Downloads\adwcleaner_8.2.exe
2021-04-05 17:42 - 2021-04-05 17:42 - 002084016 _____ (Malwarebytes) C:\Users\Martin G\Downloads\MBSetup (1).exe
2021-04-05 15:21 - 2021-04-05 15:21 - 000012101 _____ C:\Users\Martin G\Downloads\frst64.txt.zip
2021-04-05 15:16 - 2021-04-05 15:16 - 000012007 _____ C:\Users\Martin G\Downloads\FRST.rar
2021-04-05 15:15 - 2021-04-05 15:15 - 000025569 _____ C:\Users\Martin G\Downloads\FRST+ADDITION.rar
2021-04-05 15:12 - 2021-04-05 15:13 - 000053901 _____ C:\Users\Martin G\Downloads\Addition.txt
2021-04-05 15:10 - 2021-04-06 12:38 - 000000000 ____D C:\FRST
2021-04-05 15:10 - 2021-04-05 15:13 - 000052037 _____ C:\Users\Martin G\Downloads\frst64.txt.txt
2021-04-05 15:03 - 2021-04-05 15:03 - 000000661 _____ C:\Users\Martin G\Desktop\ESET Online Scanner.lnk
2021-04-05 15:02 - 2021-04-05 15:02 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Martin G\Downloads\esetonlinescanner.exe
2021-04-05 15:02 - 2021-04-05 15:02 - 000000789 _____ C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-05 15:02 - 2021-04-05 15:02 - 000000000 ____D C:\Users\Martin G\AppData\Local\ESET
2021-04-05 14:46 - 2021-04-05 14:46 - 000009590 _____ C:\Users\Martin G\Downloads\pid_finder.zip
2021-04-05 13:47 - 2021-04-05 13:47 - 000063984 _____ C:\Users\Martin G\Desktop\this.html
2021-04-05 13:46 - 2021-04-05 13:46 - 001953658 _____ C:\Users\Martin G\Downloads\hjred103.zip
2021-04-05 13:36 - 2021-04-05 13:36 - 000388608 _____ (Trend Micro Inc.) C:\Users\Martin G\Downloads\HijackThis.exe
2021-04-04 20:18 - 2021-04-04 20:18 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-04-04 20:18 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-04 20:18 - 2021-03-11 07:15 - 002797808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-04-04 20:18 - 2021-03-11 07:15 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-04-04 20:16 - 2021-03-13 06:05 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-04 20:16 - 2021-03-13 06:05 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-04 20:16 - 2021-03-13 06:05 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-04 20:16 - 2021-03-13 06:05 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-04 20:16 - 2021-03-13 06:05 - 000948936 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 039196464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2021-04-04 20:16 - 2021-03-13 06:02 - 001511216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 001163536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000687888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-04-04 20:16 - 2021-03-13 06:02 - 000678704 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000671512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000612144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000556848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-04 20:16 - 2021-03-13 06:02 - 000546096 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 002102560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 001587488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-04 20:16 - 2021-03-13 06:01 - 000655648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 008306456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 007429904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 004610320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 002729744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-04 20:16 - 2021-03-13 06:00 - 000445200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-04-04 20:16 - 2021-03-13 05:59 - 000848656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-04-04 20:16 - 2021-03-13 05:57 - 007119848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-04 20:16 - 2021-03-13 05:57 - 006075480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-04 20:16 - 2021-03-11 07:15 - 000084450 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-04 20:05 - 2021-04-04 20:15 - 661682264 _____ (NVIDIA Corporation) C:\Users\Martin G\Downloads\461.92-notebook-win10-64bit-international-dch-whql.exe
2021-04-04 19:53 - 2021-04-04 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops Cold War
2021-04-04 15:34 - 2021-04-04 15:35 - 000000000 ____D C:\Users\Martin G\AppData\Local\Disc_Soft_Ltd
2021-04-04 15:28 - 2021-04-04 16:28 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-04-04 14:46 - 2021-04-04 14:46 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-04 11:29 - 2021-04-04 11:46 - 000000000 ____D C:\Users\Martin G\Desktop\mbar
2021-04-04 11:29 - 2021-04-04 11:46 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-04-04 11:29 - 2021-04-04 11:29 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\E546A75E.sys
2021-04-04 10:23 - 2021-04-04 10:25 - 000000000 ___HD C:\Users\Martin G\AppData\Local\dac1d999c719ced1c94daef0c7593160
2021-04-04 10:19 - 2021-04-04 11:24 - 000000000 ____D C:\Users\Martin G\Desktop\CoD Warzone AIM ESP No Recoil Cheat v3.01 by Elarum
2021-04-01 23:35 - 2021-04-01 23:35 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-04-01 23:35 - 2021-04-01 23:35 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-04-01 23:33 - 2021-03-26 09:52 - 001452336 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-01 23:33 - 2021-03-26 09:52 - 001191728 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-01 12:41 - 2021-04-01 12:41 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2021-03-30 20:14 - 2020-12-06 13:08 - 009513760 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2021-03-30 19:16 - 2021-03-30 19:16 - 000000000 ____D C:\Users\Martin G\AppData\LocalLow\LINE Games Corporation
2021-03-30 19:16 - 2021-03-30 19:16 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2021-03-30 11:17 - 2021-03-30 11:17 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\EasyAntiCheat
2021-03-30 11:17 - 2021-03-30 11:17 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-03-29 20:37 - 2021-03-29 20:37 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-03-26 11:47 - 2021-03-26 11:55 - 1383160687 _____ C:\Users\Martin G\Downloads\Visage-Video.mp4
2021-03-20 21:03 - 2021-03-20 21:03 - 000000000 ____D C:\Users\Martin G\AppData\Local\Medium
2021-03-20 21:03 - 2021-03-20 21:03 - 000000000 ____D C:\Users\Martin G\AppData\Local\CrashReportClient
2021-03-20 12:53 - 2021-03-20 12:58 - 1110509643 _____ C:\Users\Martin G\Downloads\OUTLAST sestřih.mp4
2021-03-20 10:49 - 2021-03-20 11:06 - 3492040708 _____ C:\Users\Martin G\Downloads\955298881-661060277-673e0758-48a0-466c-8f2d-c317808120c4.mp4
2021-03-20 00:18 - 2021-03-20 00:18 - 015622940 _____ C:\Users\Martin G\Downloads\AT-cm_1098057388.mp4
2021-03-20 00:03 - 2021-03-20 00:03 - 007247629 _____ C:\Users\Martin G\Downloads\AT-cm_1097936555 (1) (1).mp4
2021-03-19 22:10 - 2021-03-19 22:10 - 011580754 _____ C:\Users\Martin G\Downloads\AT-cm_1097835467.mp4
2021-03-19 22:05 - 2021-03-19 22:05 - 016341353 _____ C:\Users\Martin G\Downloads\41079033421-offset-5856.mp4
2021-03-19 22:04 - 2021-03-19 22:04 - 007247629 _____ C:\Users\Martin G\Downloads\AT-cm_1097936555 (1).mp4
2021-03-19 22:02 - 2021-03-19 22:02 - 007247629 _____ C:\Users\Martin G\Downloads\AT-cm_1097936555.mp4
2021-03-19 22:01 - 2021-03-19 22:01 - 015543832 _____ C:\Users\Martin G\Downloads\AT-cm_1097979890.mp4
2021-03-19 18:30 - 2021-03-19 18:30 - 005592354 _____ C:\Users\Martin G\Downloads\Gaming Careers LUTs.zip
2021-03-19 18:30 - 2021-03-19 18:30 - 000000000 ____D C:\Users\Martin G\Desktop\Stream luts
2021-03-19 13:39 - 2021-03-19 13:39 - 000000000 ____D C:\Users\Martin G\AppData\Local\Visage
2021-03-19 10:46 - 2021-03-19 10:46 - 000373975 _____ C:\Users\Martin G\Desktop\19.3 covid monika.pdf
2021-03-19 10:45 - 2021-03-19 10:45 - 000374811 _____ C:\Users\Martin G\Desktop\19.3 covid.pdf
2021-03-18 23:43 - 2021-03-18 23:43 - 000001301 _____ C:\Users\Martin G\Desktop\Nový textový dokument (2).txt
2021-03-18 23:42 - 2021-04-03 20:04 - 000000841 _____ C:\Users\Martin G\Desktop\Popis.txt
2021-03-17 20:31 - 2021-03-17 20:31 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\NemirtingasEpicEmu
2021-03-17 18:15 - 2021-04-01 12:41 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Blitz
2021-03-17 18:15 - 2021-03-20 10:09 - 000000000 ____D C:\Users\Martin G\AppData\Local\blitz-updater
2021-03-17 18:15 - 2021-03-17 18:15 - 000002260 _____ C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitz.lnk
2021-03-17 18:15 - 2021-03-17 18:15 - 000002252 _____ C:\Users\Martin G\Desktop\Blitz.lnk
2021-03-17 13:36 - 2021-03-17 13:36 - 063366648 _____ (Blitz, Inc.) C:\Users\Martin G\Downloads\Blitz-1.13.140.exe
2021-03-17 10:44 - 2021-03-17 10:44 - 000000000 ____D C:\Users\Martin G\Documents\Horizon Zero Dawn
2021-03-17 00:06 - 2021-03-18 14:31 - 000000000 ____D C:\Users\Martin G\Documents\League of Legends
2021-03-17 00:00 - 2021-03-17 00:00 - 000000000 ____D C:\Riot Games
2021-03-16 23:59 - 2021-03-16 23:59 - 069423360 _____ (Riot Games, Inc.) C:\Users\Martin G\Downloads\Install League of Legends eune.exe
2021-03-16 19:42 - 2021-03-16 19:42 - 000541842 _____ C:\Users\Martin G\Downloads\Forza Horizon 4 [FitGirl Repack].torrent
2021-03-16 18:54 - 2021-03-16 18:54 - 000540549 _____ C:\Users\Martin G\Downloads\Horizon - Zero Dawn CE [FitGirl Repack] INT.torrent
2021-03-16 18:20 - 2021-03-16 18:20 - 000000000 ____D C:\Users\Martin G\AppData\LocalLow\Team17
2021-03-16 13:38 - 2021-03-16 13:39 - 2341612746 _____ C:\Users\Martin G\Desktop\950466154-661060277-32f62a2b-a179-410f-9a87-910c3a1442a6.mp4
2021-03-15 21:25 - 2021-03-15 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast [GOG.com]
2021-03-15 21:21 - 2021-03-15 21:21 - 000000000 ____D C:\GOG Games
2021-03-15 18:11 - 2021-03-15 18:11 - 000000000 ____D C:\ProgramData\Steam
2021-03-15 16:52 - 2021-03-15 16:52 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1215771508-622911918-1038150175-1002
2021-03-15 16:52 - 2021-03-15 16:52 - 000002370 _____ C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-15 12:49 - 2021-03-15 12:49 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Voxengo
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Voxengo
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Common Files\VST2
2021-03-15 12:48 - 2021-03-15 12:48 - 000000000 ____D C:\Program Files\Common Files\Avid
2021-03-13 20:26 - 2021-03-13 20:26 - 000875437 _____ C:\Users\Martin G\Downloads\vac465lite.zip
2021-03-13 20:26 - 2021-03-13 20:26 - 000000000 ____D C:\Users\Martin G\Desktop\VAC
2021-03-13 18:38 - 2021-03-13 18:38 - 000000000 ____D C:\Users\Martin G\AppData\Local\Helios
2021-03-12 22:41 - 2021-03-12 22:41 - 000000000 ____D C:\Users\Martin G\Desktop\Twitch
2021-03-12 22:39 - 2021-03-12 22:40 - 007902116 _____ C:\Users\Martin G\Downloads\Mecha Free Panels.zip
2021-03-12 22:12 - 2021-03-12 22:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-12 22:12 - 2021-03-12 22:12 - 001328400 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2021-03-12 22:12 - 2021-03-12 22:12 - 001282560 _____ C:\WINDOWS\system32\FaceProcessor.dll
2021-03-12 22:12 - 2021-03-12 22:12 - 000512864 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-12 22:11 - 2021-03-12 22:11 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-12 22:11 - 2021-03-12 22:11 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-12 22:11 - 2021-03-12 22:11 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-12 22:11 - 2021-03-12 22:11 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-12 22:11 - 2021-03-12 22:11 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-12 22:11 - 2021-03-12 22:11 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-12 22:11 - 2021-03-12 22:11 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-12 14:37 - 2021-03-29 21:04 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\slobs-client
2021-03-11 17:58 - 2021-04-04 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 8
2021-03-09 14:47 - 2021-03-09 14:47 - 002928490 _____ C:\Users\Martin G\Downloads\Product card US.pdf
2021-03-09 14:47 - 2021-03-09 14:47 - 000420633 _____ C:\Users\Martin G\Downloads\QIG PL.pdf
2021-03-09 13:09 - 2021-03-09 13:09 - 053163713 _____ C:\Users\Martin G\Downloads\hi-res_NGK-1567.zip
2021-03-07 11:31 - 2021-03-07 11:31 - 028436520 _____ (Thrustmaster) C:\Users\Martin G\Downloads\2018_FFD_2.exe
2021-03-07 00:32 - 2021-03-07 00:37 - 259708359 _____ (Unigine Corp. ) C:\Users\Martin G\Downloads\Unigine_Heaven-4.0.exe

 

[SymBio]

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-06 12:27 - 2020-09-23 20:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-06 12:25 - 2019-05-30 17:05 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-06 10:42 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-06 10:20 - 2020-10-19 10:52 - 000000000 ____D C:\Program Files\CCleaner
2021-04-06 10:19 - 2020-09-23 20:16 - 001687358 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-06 10:19 - 2019-12-07 16:41 - 000716920 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-06 10:19 - 2019-12-07 16:41 - 000145084 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-06 10:19 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-06 10:12 - 2020-09-23 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-06 10:12 - 2020-09-22 15:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-06 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-05 22:15 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-05 20:56 - 2021-02-11 22:13 - 000000000 ____D C:\Program Files (x86)\Call of Duty Black Ops Cold War
2021-04-05 20:46 - 2021-02-09 11:18 - 000000000 ____D C:\Users\Martin G\AppData\Local\Battle.net
2021-04-05 20:21 - 2019-06-03 15:34 - 000000000 ____D C:\ProgramData\HP
2021-04-05 20:05 - 2020-07-06 15:50 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-04-05 18:49 - 2020-09-23 20:07 - 000000000 ____D C:\Users\Martin G
2021-04-05 17:45 - 2021-02-10 19:34 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\IObit
2021-04-05 17:39 - 2021-02-04 20:17 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-04-05 15:46 - 2020-01-02 16:16 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Fusion_ld
2021-04-05 14:44 - 2021-02-09 11:35 - 000000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare
2021-04-05 14:35 - 2021-02-09 11:18 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Battle.net
2021-04-05 14:16 - 2020-01-23 20:20 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\WhatsApp
2021-04-05 14:16 - 2020-01-23 20:20 - 000000000 ____D C:\Users\Martin G\AppData\Local\WhatsApp
2021-04-05 13:40 - 2019-06-03 15:38 - 000000000 ____D C:\Users\Martin G\AppData\Local\VirtualStore
2021-04-04 20:19 - 2019-05-30 17:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-04-04 20:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-04 20:18 - 2019-05-30 17:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-04 20:18 - 2019-05-30 17:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-04-04 12:20 - 2021-02-28 12:13 - 000079296 _____ C:\Users\Martin G\Desktop\cc_20210228_111324.reg
2021-04-04 12:17 - 2019-06-22 20:39 - 000000000 ____D C:\Users\Martin G\AppData\Local\CrashDumps
2021-04-04 11:29 - 2021-02-06 12:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-04 10:36 - 2020-09-21 19:46 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\vlc
2021-04-02 11:18 - 2019-06-03 15:41 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-01 11:38 - 2021-02-09 11:17 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-04-01 10:49 - 2020-03-15 17:59 - 000000000 ____D C:\ProgramData\Riot Games
2021-03-30 20:14 - 2019-06-18 21:53 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-30 17:27 - 2019-06-03 17:02 - 000000000 ____D C:\Users\Martin G\AppData\Local\D3DSCache
2021-03-30 11:17 - 2019-06-03 15:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-29 22:39 - 2021-02-09 20:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-03-29 22:38 - 2021-03-06 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-03-29 22:38 - 2021-03-05 12:32 - 000000000 ____D C:\Games
2021-03-29 20:37 - 2019-06-23 00:05 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Streamlabs OBS
2021-03-29 20:37 - 2019-06-23 00:04 - 000000000 ____D C:\Program Files\Streamlabs OBS
2021-03-28 23:01 - 2020-01-05 17:16 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\qBittorrent
2021-03-27 12:54 - 2020-10-19 10:52 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-23 14:24 - 2020-07-17 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-03-21 18:44 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-20 21:03 - 2019-06-19 23:03 - 000000000 ____D C:\Users\Martin G\AppData\Local\UnrealEngine
2021-03-20 14:21 - 2019-06-03 15:57 - 000000000 ____D C:\Users\Martin G\AppData\Local\NVIDIA
2021-03-20 14:21 - 2019-05-30 17:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-03-17 19:15 - 2020-01-06 22:30 - 000000000 ____D C:\Users\Martin G\AppData\Roaming\Discord
2021-03-17 00:06 - 2020-03-15 17:59 - 000000000 ____D C:\Users\Martin G\AppData\Local\Riot Games
2021-03-17 00:00 - 2020-03-15 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-03-16 09:06 - 2019-05-30 16:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-15 19:35 - 2021-02-07 20:45 - 000000000 ____D C:\Users\Martin G\Documents\My Games
2021-03-15 16:57 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-15 16:52 - 2019-06-03 15:40 - 000000000 ___RD C:\Users\Martin G\OneDrive
2021-03-13 18:38 - 2020-11-23 15:53 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-03-13 11:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-13 00:03 - 2020-09-23 20:06 - 000444480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-13 00:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-11 18:13 - 2021-02-10 19:35 - 000000000 ____D C:\Program Files (x86)\IObit
2021-03-11 17:58 - 2021-02-10 19:35 - 000000000 ____D C:\ProgramData\ProductData
2021-03-11 07:15 - 2020-10-28 12:43 - 000070896 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-03-11 07:15 - 2020-10-28 12:43 - 000059632 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 002154224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 001295088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 000169272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2021-03-11 07:15 - 2019-06-03 15:57 - 000145208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2021-03-10 18:07 - 2019-05-30 17:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 18:05 - 2019-05-30 17:04 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-10 17:57 - 2019-08-11 20:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

==================== Files in the root of some directories ========

2020-01-02 16:20 - 2020-01-02 16:20 - 000000068 _____ () C:\Users\Martin G\AppData\Roaming\changzhi_leidian.data
2020-04-22 22:53 - 2020-04-22 22:53 - 000000068 _____ () C:\Users\Martin G\AppData\Roaming\changzhi_mplayer.data
2021-02-05 21:53 - 2021-02-10 21:03 - 001065984 _____ () C:\Users\Martin G\AppData\Local\file__0.localstorage
2019-06-03 17:01 - 2019-06-03 17:01 - 000000410 _____ () C:\Users\Martin G\AppData\Local\oobelibMkey.log
2020-03-09 14:25 - 2020-04-17 10:47 - 000003833 _____ () C:\Users\Martin G\AppData\Local\PlariumPlay.log
2020-10-11 22:09 - 2021-01-15 23:51 - 000007597 _____ () C:\Users\Martin G\AppData\Local\Resmon.ResmonCfg
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_server_api.data
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_uranus.data
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_wkstore_api.data

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[SymBio]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by Martin G (06-04-2021 12:39:33)
Running from C:\Users\Martin G\Downloads
Windows 10 Home Version 20H2 19042.867 (X64) (2020-09-23 18:11:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1215771508-622911918-1038150175-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1215771508-622911918-1038150175-503 - Limited - Disabled)
Guest (S-1-5-21-1215771508-622911918-1038150175-501 - Limited - Disabled)
Martin G (S-1-5-21-1215771508-622911918-1038150175-1002 - Administrator - Enabled) => C:\Users\Martin G
WDAGUtilityAccount (S-1-5-21-1215771508-622911918-1038150175-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_1) (Version: 8.1 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Beauty Box (HKLM\...\Beauty Box AE) (Version: 3.0.6 - Digital Anarchy, Inc.)
Blitz 1.13.145 (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 1.13.145 - Blitz, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty Black Ops Cold War (HKLM-x32\...\Call of Duty Black Ops Cold War) (Version: - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.12.10.2 - Canon Inc.)
Canon Utilities EOS Network Setting Tool (HKLM-x32\...\EOS Network Setting Tool) (Version: 1.0.10.4 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.12.10.7 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.9.10.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
CPUID CPU-Z 1.94 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.94 - CPUID, Inc.)
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
Discord (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{5A87092D-1128-4C00-9495-4312AEA73AEF}) (Version: 21.120.2.1 - Intel Corporation) Hidden
ExitLag version 4 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4 - ExitLag)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HWiNFO64 Version 6.42 (HKLM\...\HWiNFO64_is1) (Version: 6.42 - Martin Malik - REALiX)
Intel Driver && Support Assistant (HKLM-x32\...\{E051A413-9853-4901-AF60-176ED50E7329}) (Version: 20.10.42.5 - Intel) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{6E05E656-6ED8-49DE-AA9C-C4677F7086C5}) (Version: 4.1.5 - Intel Corporation)
Intel XTU SDK (HKLM-x32\...\{43A58350-CB99-4F4E-9BB6-F058D7B27985}) (Version: 1.0.17 - HP Inc.) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{0798FE0D-0E50-488A-B0DC-07E65B2758AE}) (Version: 2.4.05982 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1003 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0210-1029-84C8-B8D95FA3C8C3}) (Version: 21.110.0.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{6f610581-f2d3-4d65-9c20-3627d30f5572}) (Version: 20.10.42.5 - Intel)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4B3C56AB-963E-4F48-9747-05297683DB3B}) (Version: 16.8.3.1003 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{a6cf16a4-9aef-469b-98af-71b15f60a233}) (Version: 21.120.2.1 - Intel Corporation) Hidden
Jarvee (HKLM-x32\...\{9D1EA30B-26FB-4FD9-BE37-0927E7E6F315}) (Version: 14.1.7 - Jarvee) Hidden
Jarvee (HKLM-x32\...\Jarvee 14.1.7) (Version: 14.1.7 - Jarvee)
League of Legends (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Little Nightmares II (HKLM-x32\...\Little Nightmares II_is1) (Version: - )
Logitech Capture (HKLM\...\Capture) (Version: 1.0.553 - Logitech)
Luminar 4 (HKLM\...\{A6F0B6DE-D1DD-4C1C-9D49-C66592461EEC}) (Version: 4.0.0.4810 - Skylum) Hidden
Luminar 4 (HKLM\...\Luminar 4 4.0.0.4810) (Version: 4.0.0.4810 - Skylum)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MSI Kombustor 4.1.11.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Need for Speed: Payback (HKLM-x32\...\Need for Speed: Payback_is1) (Version: - )
Niceboy ORYX K600 Mechanical Keyboard v1.6.5 (HKLM-x32\...\{2C0A8508-5710-4207-8ED8-57518B198878}_is1) (Version: - )
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.92 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Outlast (HKLM-x32\...\GOGPACKOUTLAST_is1) (Version: 2.0.0.3 - GOG.com)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Quick CPU x64 (HKLM\...\{B5A7CA0D-7B9C-4954-9C62-A2C8CECE90A6}) (Version: 3.3.2.0 - CoderBag)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
RogueKiller version 14.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.6.0 - Adlice Software)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype verze 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 0.15.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.15.1 - General Workings, Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.6 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: - TechPowerUp)
Unigine Superposition Benchmark 1.1 (HKLM\...\Superposition_is1) (Version: 1.1 - UNIGINE)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Visage (HKLM-x32\...\Visage_is1) (Version: - )
VIVEPORT DirectX 9.0 (HKLM-x32\...\{4b01ac5b-340e-4644-828b-0882c8255a4e}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VIVEPORT DirectX 9.0 (x86/x64) (HKLM-x32\...\{9D42F21E-7CFA-4C87-99FD-C81CFFCB12E5}) (Version: 1.2.0.3 - HTC Corp.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voxengo Marvel GEQ (HKLM\...\Voxengo Marvel GEQ_is1) (Version: 1.10 - Voxengo)
WhatsApp (HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\WhatsApp) (Version: 2.2110.12 - WhatsApp)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Worms W.M.D (HKLM-x32\...\Worms W.M.D_is1) (Version: - )

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-03] (Microsoft Corporation)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6 [2021-02-06] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2021-02-11] (HP Inc.)
HyperX NGENUITY -> C:\Program Files\WindowsApps\33C30B79.HyperXNGenuity_5.1.64.0_x64__0a78dr3hq0pvt [2021-02-11] (HyperX Gaming) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-03] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-04] (NVIDIA Corp.)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_1.0.40392.0_x64__8wekyb3d8bbwe [2021-02-21] (Microsoft Corporation)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-10-31] (Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
CustomCLSID: HKU\S-1-5-21-1215771508-622911918-1038150175-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_9f074a9de859939d\nvshext.dll [2021-03-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-26 13:04 - 2019-10-26 13:04 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-10-26 13:04 - 2019-10-26 13:04 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-07-15 10:20 - 2019-07-15 10:20 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Martin G\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Martin G\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2020-10-19 12:51 - 000001090 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 1.0.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)
Ethernet: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\StartupFolder: => "Jarvee.lnk"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "ViveportDesktop"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "LDNews"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "PlariumPlay"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "reWASD Tray Agent"
HKU\S-1-5-21-1215771508-622911918-1038150175-1002\...\StartupApproved\Run: => "com.blitz.app"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{147A3A7A-677D-4B89-882D-CDF061871907}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B0B0D82C-89F6-4286-B347-4E25066134B8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{48F9E02D-7FFE-4643-9CF7-62C8B12FFB48}] => (Allow) D:\Program files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{6E49FD3E-9582-428D-AE78-E903C8BD24C0}] => (Allow) D:\Program files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{4AA8BDAA-7B28-4BC1-84F4-AC19C43600C1}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [TCP Query User{C8E41B06-CF1F-4886-9EC2-39FA935B9FB1}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
FirewallRules: [{DEC6E1DB-11FC-45B7-B606-406156A28A0B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDC8C9DC-0243-4C14-8E14-BDD013175ACF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{84B1B65E-895E-4A25-A827-F42FD2CED952}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7E51133-9F9F-4EA9-900D-DDDFB2371221}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{336648C7-275B-47D5-AE49-7261FD8183F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA112139-5E75-4931-8D72-C37D4076CC80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8C9D5E74-8DE3-47AF-8B42-A22DE50A5CFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B01B6E18-2774-4B6F-B5F0-09FD9433388D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{30025A49-545C-4771-A94D-6568B6F6080D}] => (Allow) D:\Program files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6795FBCB-E66C-47E3-B08D-C42316281719}] => (Allow) D:\Program files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{AE7F2A6F-6E87-4C2B-9D45-0A98ADBCD543}] => (Allow) D:\Program files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{385B05DB-DCCF-4CF1-AFD0-A63AEA2818AA}] => (Allow) D:\Program files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D4D4DA28-1047-4400-8E0B-3D95899021A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AA1106D9-9899-4213-8353-4CC3911F503E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0553BC72-0E58-46FC-8289-46053AA2D77F}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B0507B2D-C804-45EE-AF19-8EBC7CDA7BF2}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B7FF16C0-DD7D-41CA-9DB6-9E851C8584F2}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{74E891C8-AA41-4774-B7E4-01202127EF30}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5073A86A-91AC-4A81-9833-037BB4F55479}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{B07542C5-E035-42CB-A0B9-826A04404798}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{68B2F978-C174-4A03-B5D7-56A9D028682C}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{B054670D-2E31-4EAB-A5E0-B6163F65281C}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [TCP Query User{9AC508B4-C42A-4C1B-8B03-45F853EA1DEE}C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [UDP Query User{86127CFB-AE9F-43D5-8D7A-F5B0484A8A9A}C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro 2020\adobe premiere pro.exe (Adobe Inc. -> Adobe)
FirewallRules: [{1FF49F3A-86B8-4B81-B5B9-4184CA9B32A5}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{B1524EBD-DD2B-46C9-B581-DB2D5DDA2EA6}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{0F13566C-EF76-4243-9B75-7363EC6043F7}] => (Block) C:\Program Files\Skylum\Luminar 4\Luminar 4.exe (Skylum Software USA, Inc. -> )
FirewallRules: [{7EE7D4C0-9B4A-447B-A45F-EF2DB4385C51}] => (Block) C:\Program Files\Skylum\Luminar 4\Luminar 4.exe (Skylum Software USA, Inc. -> )
FirewallRules: [{F79888FD-B24A-47CC-A7AC-EC0D8A2AF1EC}] => (Allow) C:\Users\Martin G\AppData\Roaming\Jarvee\Jarvee.exe (ADNAN ČOKIĆ vl. SMAG SERVICES agencija, Živinice -> Jarvee)
FirewallRules: [{97F8086E-ED82-4ABB-8B3F-300ECF684213}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{36C6195A-7A2D-4BD4-A0B1-65BAC8A5A066}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [TCP Query User{C88D4875-1201-4F6F-87EF-2CC56E6AE0D9}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{618ABF56-C26B-4C3B-B122-7938A6052D7D}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{D46FF621-90A2-4FBB-9016-11B32992D76C}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [{D9999442-343B-43FE-80A7-899D6BD962A6}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\launcher.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [{A895C221-B5AD-4D9C-A2AD-A7A14B58C2E8}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [{9A6CF990-97B6-4E12-9B8A-29E4C7E5A8F9}] => (Allow) C:\Program Files\Unigine\Superposition Benchmark\bin\superposition.exe (UNIGINE LLC -> UNIGINE)
FirewallRules: [TCP Query User{F098A56B-E782-43A0-A461-AEC66C0F7AF6}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [UDP Query User{5C665657-083E-47BA-9E56-EE0E7A3533C7}C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) C:\program files (x86)\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [TCP Query User{7675DAD5-E3C1-4179-82E7-FA556D18C67A}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query User{D76F657A-5E19-4BDE-A945-18CF822948A6}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{49F307E8-FDF9-4899-9FE9-B86F4FB9545A}] => (Allow) C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [TCP Query User{15D65C3E-D066-401E-88A5-A0A58A6529BF}C:\gog games\outlast\binaries\win64\olgame.exe] => (Block) C:\gog games\outlast\binaries\win64\olgame.exe (Red Barrels Inc.) [File not signed]
FirewallRules: [UDP Query User{65EF5CF8-C143-4BB6-B4B2-4879C297A38C}C:\gog games\outlast\binaries\win64\olgame.exe] => (Block) C:\gog games\outlast\binaries\win64\olgame.exe (Red Barrels Inc.) [File not signed]
FirewallRules: [TCP Query User{442B228D-6548-4A47-9ACE-1A436EDF603A}C:\users\martin g\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\martin g\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [UDP Query User{52A5995C-2CB4-4BDD-AFF5-5DFDFE87B8E4}C:\users\martin g\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\martin g\appdata\local\programs\blitz\blitz.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.)
FirewallRules: [{B4A7FEE8-3FB3-4232-8866-79E2733906D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{34C27D13-761F-4FEF-981E-26591A41732B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0E4B7357-899D-47D0-8C95-84223D932FE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{93E5D400-F420-4A9E-B332-EF2DDF470B14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5219C1FA-D45F-4DEA-A198-4527E2139CF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

25-03-2021 17:20:47 Naplánovaný kontrolní bod
29-03-2021 22:39:06 Removed Thrustmaster FFB Driver
04-04-2021 15:28:17 Installed reWASD driver V2.94
05-04-2021 17:45:12 AdwCleaner_BeforeCleaning_05/04/2021_17:45:11
05-04-2021 20:20:49 AdwCleaner_BeforeCleaning_05/04/2021_20:20:47

==================== Faulty Device Manager Devices ============

Name: Intel(R) Wireless-AC 9560 160MHz
Description: Intel(R) Wireless-AC 9560 160MHz
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw08
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/06/2021 10:20:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/05/2021 04:46:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: PřI volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/05/2021 04:46:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/05/2021 04:46:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: PřI volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/05/2021 04:46:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/05/2021 10:48:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/04/2021 11:16:46 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/04/2021 03:33:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: PřI volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.


System errors:
=============
Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba RogueKiller RTP byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Analytics service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Dynamic Platform and Thermal Framework service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba RstMwService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/05/2021 08:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel Bluetooth Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2021-04-05 12:34:58
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

App:MiniTool_Partition_Wizard_BundleInstaller threat description - Microsoft Security Intelligence

Název: App:MiniTool_Partition_Wizard_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\SSD\SSD\Záloha PC\Stažené\pw11-free.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.335.243.0, AS: 1.335.243.0, NIS: 1.335.243.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-05 12:34:58
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

PUA:Win32/Presenoker threat description - Microsoft Security Intelligence

Název: PUA:Win32/Presenoker
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Martin G\AppData\Roaming\Fusion_ld\Fusion.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.335.243.0, AS: 1.335.243.0, NIS: 1.335.243.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 14:19:43
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

Trojan:Win32/AgentTesla!ml threat description - Microsoft Security Intelligence

Název: Trojan:Win32/AgentTesla!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Martin G\AppData\Local\Temp\Rar$DRb828.10270\Hack.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0, NIS: 1.335.176.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 13:39:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

Trojan:Win32/Tiggre!rfn threat description - Microsoft Security Intelligence

Název: Trojan:Win32/Tiggre!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Martin G\AppData\Local\Temp\Rar$DRb6344.15231\oxygen.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0, NIS: 1.335.176.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 11:46:20
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:

Trojan:Win32/Tiggre!rfn threat description - Microsoft Security Intelligence

Název: Trojan:Win32/Tiggre!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Martin G\Desktop\cheat\YUCheat.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-GLRDF0L\Martin G
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0, NIS: 1.335.176.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-04 14:54:02
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu přI pokusu o obnovení položky z karantény.
Další informace:

Trojan:Win32/Tiggre!rfn threat description - Microsoft Security Intelligence

Název: Trojan:Win32/Tiggre!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Uživatel: DESKTOP-GLRDF0L\Martin G
Kód chyby: 0x80508014
Popis chyby: Položku v karanténě nelze obnovit.
Verze bezpečnostních informací: AV: 1.335.176.0, AS: 1.335.176.0
Verze modulu: 1.1.18000.5

Date: 2021-04-01 12:41:43
Description:
Modul programu Antivirová ochrana v programu Microsoft Defender byl ukončen v důsledku neočekávané chyby.
Typ chyby: Chyba
Kód výjimky: 0xc0000005
Zdroj:

CodeIntegrity:
===============
Date: 2021-04-04 11:36:40
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-04 11:36:38
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\tstMicroRC.gc because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-04 11:36:35
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdVMMRC.rc because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: AMI F.15 11/02/2020
Motherboard: HP 846A
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 47%
Total physical RAM: 16260.92 MB
Available physical RAM: 8600.76 MB
Total Virtual: 24196.92 MB
Available Virtual: 15183.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.57 GB) (Free:100.56 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:931.5 GB) (Free:642.67 GB) NTFS

\\?\Volume{3baee5f3-6c5f-40e2-8c4f-b9b0f671388d}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{a0dbe2d5-e201-424b-8b79-dcba1cfb99e5}\ () (Fixed) (Total:0.63 GB) (Free:0.07 GB) NTFS
\\?\Volume{0e252405-fae7-4e56-b1c0-131d64e79a3e}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[SymBio]

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by Martin G (06-04-2021 17:53:13) Run:1
Running from C:\Users\Martin G\Desktop
Loaded Profiles: Martin G
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
R3 ALSysIO; C:\Users\Martin G\AppData\Local\Temp\ALSysIO64.sys [47240 2021-04-06] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
C:\Users\Martin G\AppData\Local\Temp\ALSysIO64.sys
R3 ThrottleStop; C:\Users\Martin G\AppData\Local\Temp\ThrottleStop.sys [50216 2021-04-06] (TechPowerUp LLC -> ) <==== ATTENTION
C:\Users\Martin G\AppData\Local\Temp\ThrottleStop.sys
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\win10_amd64\AscRegistryFilter.sys [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2020-01-02 16:20 - 2020-01-02 16:20 - 000000068 _____ () C:\Users\Martin G\AppData\Roaming\changzhi_leidian.data
2020-04-22 22:53 - 2020-04-22 22:53 - 000000068 _____ () C:\Users\Martin G\AppData\Roaming\changzhi_mplayer.data
2021-02-05 21:53 - 2021-02-10 21:03 - 001065984 _____ () C:\Users\Martin G\AppData\Local\file__0.localstorage
2019-06-03 17:01 - 2019-06-03 17:01 - 000000410 _____ () C:\Users\Martin G\AppData\Local\oobelibMkey.log
2020-03-09 14:25 - 2020-04-17 10:47 - 000003833 _____ () C:\Users\Martin G\AppData\Local\PlariumPlay.log
2020-10-11 22:09 - 2021-01-15 23:51 - 000007597 _____ () C:\Users\Martin G\AppData\Local\Resmon.ResmonCfg
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_server_api.data
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_uranus.data
2019-06-22 20:57 - 2019-06-22 20:57 - 000012288 _____ () C:\Users\Martin G\AppData\Local\vita_wkstore_api.data
AlternateDataStreams: C:\WINDOWS\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Martin G\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Martin G\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
ALSysIO => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
C:\Users\Martin G\AppData\Local\Temp\ALSysIO64.sys => moved successfully
ThrottleStop => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ThrottleStop => removed successfully
ThrottleStop => service removed successfully
C:\Users\Martin G\AppData\Local\Temp\ThrottleStop.sys => moved successfully
HKLM\System\CurrentControlSet\Services\AscFileFilter => removed successfully
AscFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\AscRegistryFilter => removed successfully
AscRegistryFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz145 => removed successfully
cpuz145 => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => removed successfully
ZAM => service removed successfully
C:\Users\Martin G\AppData\Roaming\changzhi_leidian.data => moved successfully
C:\Users\Martin G\AppData\Roaming\changzhi_mplayer.data => moved successfully
C:\Users\Martin G\AppData\Local\file__0.localstorage => moved successfully
C:\Users\Martin G\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\Martin G\AppData\Local\PlariumPlay.log => moved successfully
C:\Users\Martin G\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Martin G\AppData\Local\vita_server_api.data => moved successfully
C:\Users\Martin G\AppData\Local\vita_uranus.data => moved successfully
C:\Users\Martin G\AppData\Local\vita_wkstore_api.data => moved successfully
C:\WINDOWS\Temp => ":$DATA" ADS removed successfully
C:\Users\Martin G\Data aplikací => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
"C:\Users\Martin G\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.


The system needed a reboot.

==== End of Fixlog 17:53:18 ====

 

[SymBio]

Btw what this fix did with throttlestop service? I need that service to be running because it controls overheating and performance of my gaming laptop.

Without that im not able to play games and my PC is thermalthrottling.


And can you tell me if I was right that somebody was connected to my computer and if im safe now.

Thank you, Broni

 

[Broni]

If that throttlestop was legit, please reinstall it.

So far, I didn't see any sign of someone connecting to your computer.

Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[SymBio]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (89.0.4389.114)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[SymBio]

Farbar Service Scanner Version: 23-12-2020
Ran by Martin G (administrator) on 06-04-2021 at 19:29:02
Running from "C:\Users\Martin G\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[SymBio]

Sophos scan is running and it looks likes its gonna run for couple hours.

In that time, Broni, can you tell me, if you didnt see any connection/virus or smth... How did he bypass my 2 phase security on gmail? And why gmail said that my OWN PC is connected from russia?