I think it is a trojan for mining bitcoin but I dont really understand how to remove it, any help would be appreciated
God bless you
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by cabec (administrator) on DESKTOP-MQCUIRU (ASUSTeK COMPUTER INC. GS GS30) (17-07-2020 15:02:10)
Running from C:\Users\cabec\Downloads
Loaded Profiles: cabec
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <26>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kristjan Skutta -> ) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\cabec\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Spotify AB -> Spotify Ltd) C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe <5>
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [749512 2018-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Discord] => C:\Users\cabec\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Spotify] => C:\Users\cabec\AppData\Roaming\Spotify\Spotify.exe [23330024 2020-07-10] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [Steam] => C:\Users\cabec\Pictures\steam\steam.exe [3376416 2020-07-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [WallpaperEngine] => C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2887160 2020-07-12] (Kristjan Skutta -> )
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32339344 2020-06-23] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [7675360 2020-06-17] (GlassWire -> SecureMix LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10B369E2-9561-4834-B2E2-AE1548B7A964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {11FAC390-8444-4F1B-A572-E1236FF01B95} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B4C39BA-DACF-4FFC-91E5-C3BA371E7524} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {317B3AC1-9E00-42C6-BDE6-B0A149E4EACB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {33B3E5DD-4C3F-472F-A658-08E1D30CD10F} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [659520 2019-11-04] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {373C59AB-BC3C-443F-BF78-B830426D5E17} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF4D48B-BBD5-4A14-BAF3-9F5CDAC7CEDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {54F25868-3D1C-42C4-8CCE-DDA3832689DE} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [659520 2019-11-04] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {70789B62-1E4A-4B6B-9FBD-281F7C6CA368} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8652E09D-FF89-4DDA-8090-04685F2DC308} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {900D8489-CF6D-436E-86F2-D6A9295B3050} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491320 2020-05-12] (Bitdefender SRL -> Bitdefender)
Task: {943785C0-5024-4113-84CD-09D2097BC973} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {96771905-0661-406E-A19F-DD6CB5619695} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {990E3F72-BB51-402A-A1E9-8DA750F3960D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9F584B90-D989-4EDA-92FB-AA9A005B131E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-26] (Google Inc -> Google LLC)
Task: {A5C9B9D9-CBA8-4A26-B4D1-EE05BE3978EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-26] (Google Inc -> Google LLC)
Task: {B6B5345C-4BC6-44B2-88CD-85AB59171087} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B938375F-A09F-4113-ADEE-E0E686B28D78} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE1B5949-93C3-43C3-AC04-6AF343518ACF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECB1EDFD-9E29-41E3-ADEB-77C26B74993D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD663655-8394-4219-BE57-88748A0C6780} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{13636716-f8ba-4148-be78-b443fc47f947}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{19a10513-7b53-490a-8a61-1cfe829c00f8}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{b82b7d28-f146-43ef-a62d-c6ae0af56bd4}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-06-20] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-06-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-06-20] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3266803249-1906538077-2635784554-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\cabec\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-11] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default [2020-07-17]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.pcdiga.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.photopea.com/promo/icon512.png
CHR Extension: (Google Drive) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-26]
CHR Extension: (YouTube) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-26]
CHR Extension: (pro grey) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhpebdanojkmhbbneclbkmpleemilaj [2020-05-11]
CHR Extension: (Photopea) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdklklfpinionkgpmghaghehojplfjio [2020-07-14]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-26]
CHR Extension: (Gmail) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\cabec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-06-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [5448672 2020-06-17] (GlassWire -> SecureMix LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-04-19] (SurfRight B.V. -> SurfRight B.V.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-19] (Malwarebytes Inc -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1352120 2020-05-12] (Bitdefender SRL -> Bitdefender)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1711232 2020-06-25] (Rockstar Games, Inc. -> Rockstar Games)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2019-12-02] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2020-07-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-06-01] (ASUSTeK Computer Inc. -> )
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 dpclat_driver; C:\Windows\system32\drivers\dpclat_driver.sys [21232 2019-12-02] (Thesycon Systemsoftware Consulting GmbH -> Thesycon GmbH)
R3 e1rexpress; C:\Windows\System32\drivers\e1r65x64.sys [548800 2018-05-03] (Intel(R) INTELNPG1 -> Intel Corporation)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-06] (Malwarebytes Inc -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\nvlddmkm.sys [23287696 2020-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvModuleTracker; C:\Windows\System32\drivers\NvModuleTracker.sys [50592 2020-03-04] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 UcmCxUcsiNvppc; C:\Windows\System32\drivers\UcmCxUcsiNvppc.sys [715680 2019-11-21] (NVIDIA Corporation -> NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45664 2019-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [355760 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-03] (Microsoft Windows -> Microsoft Corporation)
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\R:\Faclog\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-17 15:02 - 2020-07-17 15:02 - 000021277 _____ C:\Users\cabec\Downloads\FRST.txt
2020-07-17 15:02 - 2020-07-17 15:02 - 000000000 ____D C:\FRST
2020-07-17 15:01 - 2020-07-17 15:01 - 002292736 _____ (Farbar) C:\Users\cabec\Downloads\FRST64.exe
2020-07-17 14:55 - 2020-07-17 14:55 - 000049228 _____ C:\ProgramData\agent.uninstall.1594994103.bdinstall.v2.bin
2020-07-17 14:42 - 2020-07-17 14:42 - 000000250 _____ C:\Users\cabec\Desktop\VIRUS FREE.reg
2020-07-17 14:35 - 2020-07-17 14:35 - 020327732 _____ C:\Users\cabec\Desktop\registry backup.reg
2020-07-17 14:24 - 2020-07-17 14:24 - 000000000 ____D C:\Windows\pss
2020-07-14 17:50 - 2020-07-15 17:15 - 000000000 ____D C:\Windows\Minidump
2020-07-14 17:18 - 2020-07-17 15:02 - 000471256 _____ C:\Windows\ZAM.krnl.trace
2020-07-14 17:18 - 2020-07-17 14:50 - 000000000 ____D C:\Users\cabec\AppData\Local\AMSDK
2020-07-14 17:18 - 2020-07-14 17:18 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2020-07-14 17:18 - 2020-07-14 17:18 - 000003558 _____ C:\Windows\system32\Tasks\AMHelper
2020-07-14 17:18 - 2020-07-14 17:18 - 000002680 _____ C:\Windows\system32\Tasks\AMSkipUAC
2020-07-14 17:18 - 2020-07-14 17:18 - 000001340 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2020-07-14 17:18 - 2020-07-14 17:18 - 000001340 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\Users\cabec\AppData\Local\Zemana
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2020-07-14 17:18 - 2020-07-14 17:18 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-07-14 17:17 - 2020-07-14 17:17 - 012741568 _____ (Zemana Ltd. ) C:\Users\cabec\Downloads\AntiMalware_Setup.exe
2020-07-14 16:57 - 2020-07-14 16:57 - 000000797 _____ C:\Users\cabec\Documents\hosts.txt
2020-07-14 15:52 - 2020-07-16 19:11 - 000000150 _____ C:\Windows\Reimage.ini
2020-07-14 15:51 - 2020-07-17 14:47 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-07-14 15:51 - 2020-07-14 17:44 - 000611598 _____ C:\Windows\ntbtlog.txt
2020-07-14 08:26 - 2020-07-14 08:38 - 000000881 _____ C:\Users\cabec\Desktop\exame 2013.txt
2020-07-14 07:57 - 2020-07-14 07:57 - 000003802 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2020-07-14 07:56 - 2020-07-14 07:56 - 000001203 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2020-07-14 07:56 - 2020-07-14 07:56 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2020-07-14 07:55 - 2020-07-17 14:55 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2020-07-14 07:55 - 2020-07-14 07:56 - 000000000 ____D C:\Program Files\Bitdefender Agent
2020-07-14 07:55 - 2020-07-14 07:55 - 000115192 _____ C:\ProgramData\agent.1594709704.bdinstall.v2.bin
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-07-14 07:55 - 2020-07-14 07:55 - 000000000 ____D C:\ProgramData\Bitdefender
2020-07-14 07:54 - 2020-07-14 07:54 - 012444368 _____ C:\Users\cabec\Downloads\bitdefender_online.exe
2020-07-14 07:37 - 2020-07-14 07:38 - 000000000 ____D C:\Users\cabec\AppData\Local\glasswire
2020-07-14 07:37 - 2020-07-14 07:37 - 048212664 _____ (SecureMix LLC) C:\Users\cabec\Downloads\GlassWireSetup.exe
2020-07-14 07:37 - 2020-07-14 07:37 - 000001981 _____ C:\Users\Public\Desktop\GlassWire.lnk
2020-07-14 07:37 - 2020-07-14 07:37 - 000001981 _____ C:\ProgramData\Desktop\GlassWire.lnk
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\ProgramData\GlassWire
2020-07-14 07:37 - 2020-07-14 07:37 - 000000000 ____D C:\Program Files (x86)\GlassWire
2020-07-14 07:37 - 2015-05-29 08:30 - 000008392 _____ C:\Windows\system32\Drivers\gwdrv.cat
2020-07-14 07:37 - 2015-05-29 08:15 - 000033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2020-07-14 07:30 - 2020-07-14 07:30 - 008751634 _____ C:\Users\cabec\Desktop\DESKTOP-MQCUIRU.arn
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Downloads\autoruns.exe
2020-07-14 07:24 - 2020-07-14 07:24 - 000755576 _____ (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\autoruns (1).exe
2020-07-14 07:00 - 2020-07-14 08:24 - 000003975 _____ C:\Users\cabec\Desktop\exame 2015.txt
2020-07-14 05:17 - 2020-07-14 06:59 - 000002184 _____ C:\Users\cabec\Desktop\exame 2016.txt
2020-07-13 15:19 - 2020-07-14 07:19 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON24.SYS
2020-07-13 15:19 - 2020-07-13 15:19 - 001567005 _____ C:\Users\cabec\Downloads\ProcessMonitor.zip
2020-07-13 15:19 - 2020-07-13 15:19 - 000000000 ____D C:\Users\cabec\Downloads\ProcessMonitor
2020-07-13 15:19 - 2019-12-10 22:42 - 002181504 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon.exe
2020-07-13 15:19 - 2019-12-10 22:42 - 000063582 ____N C:\Users\cabec\Desktop\procmon.chm
2020-07-13 15:19 - 2019-12-10 22:38 - 001177168 ____N (Sysinternals - www.sysinternals.com) C:\Users\cabec\Desktop\Procmon64.exe
2020-07-13 15:19 - 2018-09-28 01:55 - 000007490 ____N C:\Users\cabec\Desktop\Eula.txt
2020-07-13 14:51 - 2020-07-13 19:15 - 000003527 _____ C:\Users\cabec\Desktop\exame 2017.txt
2020-07-13 14:05 - 2020-07-13 14:05 - 000001375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2020-07-13 14:05 - 2020-07-13 14:05 - 000001363 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2020-07-13 14:05 - 2020-07-13 14:05 - 000001363 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
2020-07-13 12:06 - 2020-07-13 12:06 - 000000027 _____ C:\Users\cabec\Desktop\exame 2014.txt
2020-07-13 11:45 - 2020-07-13 11:45 - 002101330 _____ C:\Users\cabec\Desktop\Resumos HCA.pdf
2020-07-12 16:22 - 2020-07-12 16:22 - 002101330 _____ C:\Users\cabec\Downloads\Resumos HCA.pdf
2020-07-10 13:54 - 2020-07-10 13:54 - 000758323 _____ C:\Users\cabec\Downloads\Archive-69bc.zip
2020-07-10 13:54 - 2020-07-10 13:54 - 000758128 _____ C:\Users\cabec\Downloads\2020-07-10 13.51.58.heic
2020-07-10 13:54 - 2020-07-10 13:54 - 000000000 ____D C:\Users\cabec\Downloads\Archive-69bc
2020-07-09 13:21 - 2020-07-09 13:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2020-07-09 13:14 - 2020-07-09 13:22 - 000000000 ____D C:\Program Files (x86)\Overwatch
2020-07-07 09:47 - 2020-03-04 13:54 - 001804784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2020-07-07 09:47 - 2020-03-04 13:54 - 000050592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Blizzard Entertainment
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\Users\cabec\AppData\Local\Blizzard
2020-07-05 20:48 - 2020-07-05 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2020-07-05 20:46 - 2020-07-05 20:48 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2020-06-29 20:44 - 2020-06-29 20:44 - 806409556 _____ C:\Users\cabec\Downloads\VIDEO RENDER.mp4
2020-06-28 21:39 - 2020-07-10 12:14 - 000000000 ____D C:\Users\cabec\AppData\Local\Battle.net
2020-06-28 21:39 - 2020-07-05 20:44 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Battle.net
2020-06-28 21:39 - 2020-06-28 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2020-06-28 21:34 - 2020-06-28 21:34 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup (1).exe
2020-06-26 01:23 - 2020-06-26 01:24 - 006088416 _____ (Cfx.re) C:\Users\cabec\Downloads\FiveM.exe
2020-06-26 01:23 - 2020-06-26 01:23 - 008556152 _____ (cfx-collective) C:\Users\cabec\Downloads\FiveM (1).exe
2020-06-25 02:06 - 2020-06-25 02:06 - 004902896 _____ (Blizzard Entertainment) C:\Users\cabec\Downloads\Battle.net-Setup.exe
2020-06-23 15:19 - 2020-06-23 15:22 - 000000000 ____D C:\ProgramData\Epic
2020-06-23 15:19 - 2020-06-23 15:19 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2020-06-23 15:19 - 2020-06-23 15:19 - 000000000 ____D C:\Program Files (x86)\Epic Games
2020-06-23 15:16 - 2020-06-23 15:16 - 044257280 _____ C:\Users\cabec\Downloads\EpicInstaller-10.17.0.msi
2020-06-21 03:12 - 2020-06-21 03:12 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p (1).mp4
2020-06-21 03:11 - 2020-06-21 03:11 - 071170399 _____ C:\Users\cabec\Downloads\y2mate.com - David Carreira - A Força Está em Nós (Ft. Snoop Dogg) - Videoclip Oficial_Mc8IgVWpdeo_1080p.mp4
2020-06-21 02:41 - 2020-06-21 02:41 - 000474573 _____ C:\Users\cabec\Downloads\y2mate.com - É o Conan!!!_MREH0EYn47g_360p.mp4
2020-06-19 20:15 - 2020-06-19 20:15 - 001397166 _____ C:\Users\cabec\Downloads\Shui hua piou piou bei feng shou shou tian de yi pian cheng mao.mp4
2020-06-17 17:28 - 2020-06-17 17:28 - 000227201 _____ C:\Users\cabec\Downloads\Horario Julho.pdf
2020-06-17 17:13 - 2020-06-17 17:13 - 003843584 _____ C:\Users\cabec\Downloads\axonom ortogonais11def.pps
2020-06-17 01:38 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WinRAR
2020-06-17 01:36 - 2020-06-17 01:36 - 005033806 _____ C:\Users\cabec\Downloads\OptiFine_1.15.2_HD_U_G1_pre26_MOD.jar
2020-06-17 01:34 - 2020-06-17 01:38 - 000000000 ____D C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1
2020-06-17 01:34 - 2020-06-17 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 003218976 _____ (Alexander Roshal) C:\Users\cabec\Downloads\winrar-x64-590.exe
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-17 01:34 - 2020-06-17 01:34 - 000000000 ____D C:\Program Files\WinRAR
2020-06-17 01:32 - 2020-06-17 01:32 - 000114344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Users\cabec\AppData\LocalLow\Sun
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Oracle
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-06-17 01:32 - 2020-06-17 01:32 - 000000000 ____D C:\Program Files (x86)\Java
2020-06-17 01:30 - 2020-06-17 01:30 - 002066568 _____ (Oracle Corporation) C:\Users\cabec\Downloads\JavaSetup8u251.exe
2020-06-17 01:29 - 2020-06-17 01:30 - 005551647 _____ C:\Users\cabec\Downloads\preview_OptiFine_1.15.2_HD_U_G1_pre26.jar
2020-06-17 01:28 - 2020-06-17 01:28 - 007062638 _____ C:\Users\cabec\Downloads\SEUS-Renewed-v1.0.1.zip
2020-06-17 01:12 - 2020-06-17 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-06-17 00:26 - 2020-07-11 11:48 - 000000000 ____D C:\Users\cabec\Desktop\Jogos
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-17 15:00 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-17 14:56 - 2018-12-07 00:39 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-07-17 14:56 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-07-17 14:55 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-07-17 14:52 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-17 14:50 - 2020-05-28 17:56 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Spotify
2020-07-17 14:50 - 2020-05-28 17:56 - 000000000 ____D C:\Users\cabec\AppData\Local\Spotify
2020-07-17 14:50 - 2019-11-26 22:30 - 000000000 ___RD C:\Users\cabec\OneDrive
2020-07-17 14:50 - 2018-12-07 00:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-07-17 14:49 - 2018-09-15 07:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-07-17 14:25 - 2019-11-27 14:52 - 000012149 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-07-17 14:25 - 2019-11-27 01:17 - 000018385 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-07-17 14:25 - 2019-11-27 01:17 - 000017429 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-07-17 14:23 - 2019-11-27 01:17 - 000001206 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-07-17 14:23 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-07-17 14:09 - 2018-12-07 00:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-07-16 15:47 - 2019-11-26 22:30 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3266803249-1906538077-2635784554-1001
2020-07-16 15:47 - 2019-11-26 22:27 - 000002374 _____ C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-14 19:36 - 2019-11-26 22:27 - 000000000 ____D C:\Users\cabec
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files\Rockstar Games
2020-07-14 18:58 - 2019-11-27 23:23 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-07-14 17:00 - 2020-01-30 19:47 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Adobe
2020-07-14 16:14 - 2019-12-22 17:11 - 000000000 ___RD C:\Users\cabec\Creative Cloud Files
2020-07-14 08:04 - 2020-04-19 19:38 - 000000000 ____D C:\AdwCleaner
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-07-13 15:08 - 2019-12-02 18:31 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-07-13 14:52 - 2019-11-27 01:27 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Discord
2020-07-13 14:17 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-07-13 14:08 - 2020-06-05 11:33 - 000000000 ____D C:\Users\cabec\AppData\Local\Adobe
2020-07-13 14:07 - 2020-06-05 11:33 - 000000000 ____D C:\ProgramData\Adobe
2020-07-13 14:07 - 2019-12-02 18:31 - 000003522 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-07-13 14:05 - 2019-12-02 18:32 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-07-13 14:05 - 2019-12-02 18:30 - 000000000 ____D C:\Program Files\Adobe
2020-07-13 14:05 - 2019-12-02 18:29 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-07-13 14:03 - 2019-12-01 17:35 - 000000000 ____D C:\Users\cabec\AppData\Roaming\WhatsApp
2020-07-11 11:26 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-08 16:48 - 2020-04-07 07:27 - 000000000 ____D C:\Users\cabec\AppData\Local\WhatsApp
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-11-27 01:18 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:01 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:01 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-07 09:48 - 2019-05-15 12:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-01 01:14 - 2019-11-27 01:17 - 000012150 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-28 21:49 - 2020-03-15 18:02 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-06-28 18:14 - 2019-12-02 21:42 - 000000000 ____D C:\Users\cabec\AppData\Roaming\obs-studio
2020-06-28 16:19 - 2019-11-27 01:05 - 000000000 ____D C:\Users\cabec\AppData\Roaming\.minecraft
2020-06-27 01:39 - 2020-03-15 14:57 - 000000000 ____D C:\Users\cabec\AppData\Local\FiveM
2020-06-26 01:52 - 2020-03-15 15:02 - 000000000 ____D C:\Users\cabec\AppData\Local\DigitalEntitlements
2020-06-25 02:32 - 2019-11-26 22:30 - 000000000 ____D C:\Users\cabec\AppData\Local\NVIDIA Corporation
2020-06-25 01:36 - 2020-04-21 16:14 - 000000000 ____D C:\Users\cabec\Desktop\Escola
2020-06-25 01:36 - 2020-03-26 19:02 - 000000000 ____D C:\Users\cabec\Desktop\Photoshop
2020-06-25 00:20 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-06-24 23:50 - 2019-11-26 22:37 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-23 22:49 - 2019-11-26 23:15 - 000000000 ____D C:\Users\cabec\AppData\Local\D3DSCache
2020-06-23 21:38 - 2019-11-27 23:24 - 000000000 ____D C:\Users\cabec\AppData\Local\Rockstar Games
2020-06-23 21:18 - 2019-11-27 23:23 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2020-06-23 15:44 - 2019-11-26 23:13 - 000000000 ____D C:\Users\cabec\AppData\Local\UnrealEngine
2020-06-23 15:29 - 2019-11-26 23:15 - 000000000 ____D C:\Program Files\Epic Games
2020-06-23 15:20 - 2019-05-15 12:01 - 002754024 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 002122216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-06-23 15:20 - 2019-05-15 12:01 - 001295848 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-23 15:19 - 2020-04-23 15:32 - 000000000 ____D C:\Users\cabec\AppData\Local\EpicGamesLauncher
2020-06-21 17:01 - 2020-01-01 21:13 - 000000000 ____D C:\Users\cabec\Desktop\fotos
2020-06-21 00:42 - 2019-11-28 19:05 - 000000000 ____D C:\Users\cabec\AppData\Local\CrashDumps
2020-06-17 01:15 - 2019-11-26 23:07 - 000000000 ____D C:\Users\cabec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Files in the root of some directories ========
2020-03-31 17:48 - 2020-06-04 15:52 - 000000132 _____ () C:\Users\cabec\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2019-12-02 18:29 - 2020-06-17 11:53 - 000001435 _____ () C:\Users\cabec\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by cabec (17-07-2020 15:02:43)
Running from C:\Users\cabec\Downloads
Windows 10 Home Version 1809 17763.914 (X64) (2019-11-26 21:06:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3266803249-1906538077-2635784554-500 - Administrator - Disabled)
cabec (S-1-5-21-3266803249-1906538077-2635784554-1001 - Administrator - Enabled) => C:\Users\cabec
DefaultAccount (S-1-5-21-3266803249-1906538077-2635784554-503 - Limited - Disabled)
Guest (S-1-5-21-3266803249-1906538077-2635784554-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3266803249-1906538077-2635784554-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.2.0.436 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 24.0.1.169 - Bitdefender)
CPUID ASUS CPU-Z 1.86 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0EE6DDEF-E36B-45EB-9E03-5A266EC8A8F8}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FiveM (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\CitizenFX_FiveM) (Version: - The CitizenFX Collective)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GlassWire 2.2 (remove only) (HKLM-x32\...\GlassWire 2.2) (Version: 2.2.210 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.18.312 - SurfRight B.V.)
Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1829.12.0.1154 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{aa81bdf2-96a6-4400-a596-c7d1916ce9f7}) (Version: 1.50.369.0 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 442.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.38.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.38.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.25.260 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.1 - Rockstar Games)
Spotify (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\Spotify) (Version: 1.1.37.690.g8f3b16fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
WhatsApp (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\WhatsApp) (Version: 2.2027.10 - WhatsApp)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zemana AntiMalware version 3.1.495 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.495 - Zemana)
Zoom (HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-11] (Adobe Systems Incorporated)
ASUS Product Registration Program (APRP) -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgramAPRP_2.1.7.0_x86__qmba6cd70vzyy [2019-05-15] (ASUSTeK COMPUTER INC.) [Startup Task]
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-12] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1660.4.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-11-26] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20332.0_x86__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-11-26] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-11-26] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3266803249-1906538077-2635784554-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3E512AFE03D6} -> [Creative Cloud Files] => C:\Users\cabec\Creative Cloud Files [2019-12-22 17:11]
CustomCLSID: HKU\S-1-5-21-3266803249-1906538077-2635784554-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_205c3f0c6a210463\nvshext.dll [2020-03-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2019-11-04] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\cabec\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\cabec\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\cabec\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cabec\Desktop\fotos\425000.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3266803249-1906538077-2635784554-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B4EB1566-E2AE-4438-9BC2-0A308CB11AF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C3A391E5-7C5B-4258-9426-EA8C43613E9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{2DC31673-07E7-4D78-A304-67E704BD2FAA}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File
FirewallRules: [UDP Query User{8FD4C7A0-0968-481E-B08A-073DFF93FECD}R:\faclog\xml_udp.exe] => (Allow) R:\faclog\xml_udp.exe => No File
FirewallRules: [{E0CAF784-F8F0-41E7-9C9A-970A9D64F08C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{44489132-C84B-4D5C-83D5-CD548276B0EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{30C4DA47-72F5-4A2F-BC7B-C8EB0D9658AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{48C600C9-AD24-4B48-9D26-26EB6703C8FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{AC5E0D92-DB13-4376-9EEF-5DE28D7DD632}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BB38DA3A-C591-41B8-9CC9-49A86CEE0886}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{37EEFF46-748B-43A7-B65C-05DFFA20B41F}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{8EE01FFF-85B1-4405-B3EA-5650D0AE87DF}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{B91F71BC-5E6A-499E-9A4C-966DE48C898D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8AFDCE90-B5D8-4C7F-8AB0-4874D6F46E0E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{6FA27901-58B4-4E40-AE8A-2BA5CAC223FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20332.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59D62CD5-0161-4F56-94C4-80BCFAE4BC42}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File
FirewallRules: [{6BB9495C-F788-41DC-9931-862D29FA40A0}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File
FirewallRules: [{243CA801-2705-4B78-849B-E888F42DE731}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File
FirewallRules: [{2CCD6495-6C1C-49D9-ABAD-5F2836EA1EC1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File
FirewallRules: [{A5A332F8-A4E1-4A44-87CA-7F878F892FF1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File
FirewallRules: [{ADC2B3AB-A461-4E4E-8EDC-E13CEA633135}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File
FirewallRules: [{C97CF2AA-125A-4E52-B00C-5EAC42A17E4D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{DA6D6BDC-2096-4BF5-8B5F-DEA3C2A80F7A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => No File
FirewallRules: [{0917DBF2-23E4-4CD0-907B-FFC35C94B690}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File
FirewallRules: [{4EABDA6A-4CEB-49FD-BBFC-01059B8C1B81}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File
FirewallRules: [TCP Query User{AF278700-1AE7-42E9-AC2C-16F31DCEC347}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [UDP Query User{0BF14D1E-9FC3-4201-BEBF-D2BB21F89A2B}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File
FirewallRules: [TCP Query User{9A8D3B69-D874-48D8-860B-8E2557F475FB}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [UDP Query User{180ECF96-FA4F-45FD-A261-B32DD1B347DD}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File
FirewallRules: [TCP Query User{C4FE6CEB-B714-470D-A436-52AB7BC5E155}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [UDP Query User{B7A79C89-D300-4E07-9A26-04DA5803FD50}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File
FirewallRules: [{343A8CA4-9763-4756-9ACB-6E66B31FE737}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{6B7B79B8-CD22-4DFD-8066-C45EA89170A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [TCP Query User{2D87E3AC-51EA-4843-891F-6270D5B6AF86}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe => No File
FirewallRules: [UDP Query User{054ACD9D-A7D8-46B2-BD65-1104C56AC9F4}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe => No File
FirewallRules: [TCP Query User{48334160-DE2B-4B88-88AB-3249E06F4E4D}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{4D4A3834-B4E1-4A7C-91A0-383FEA139E31}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{004C3002-7BAE-4DB3-8A5E-6C546B6A319D}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => No File
FirewallRules: [UDP Query User{3D4F3756-AC06-4E19-A1DD-22541610E72A}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => No File
FirewallRules: [TCP Query User{916E4580-6205-446F-9960-84887A81011A}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{95C77CB8-221F-4F37-8379-14EBAE17D948}C:\users\cabec\appdata\local\fivem\fivem.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [TCP Query User{14D99437-3139-460D-A634-AC2A55EF54C0}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [UDP Query User{D12AB444-51FF-48BC-9FE5-8FCCB115FB6E}C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\cabec\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [{2EB7BAE9-D176-43BE-A493-E87516D62E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [{16030B2C-5537-4353-8E79-6F546D1B8678}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe => No File
FirewallRules: [TCP Query User{E49EEC6D-6D1A-4C89-8676-EC231F17EBC5}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{2E6A3C83-B3A9-4BE4-84EC-B263F63EDE9A}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{2853E3F7-69FF-4D36-BA08-EC5857FC100E}D:\overwatch\_retail_\overwatch.exe] => (Allow) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{3052D99D-636E-44FC-977D-3FD8912BF6AA}D:\overwatch\_retail_\overwatch.exe] => (Allow) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{60188921-0C33-4C26-942C-F39A9560CC4D}] => (Allow) C:\Users\cabec\Desktop\jogos\Steam.exe => No File
FirewallRules: [{EC93ACF3-EC4A-4615-84C8-124E3D39FA1C}] => (Allow) C:\Users\cabec\Desktop\jogos\Steam.exe => No File
FirewallRules: [{920ECE17-DF28-4883-867C-8D1C797B1B39}] => (Allow) C:\Users\cabec\Desktop\jogos\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{BF1DFD7B-2402-4B5B-8ABA-4E97AF0022F8}] => (Allow) C:\Users\cabec\Desktop\jogos\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A4BD95D7-70CD-47DC-BA6E-A3183B143DAA}] => (Allow) C:\Users\cabec\Desktop\jogos\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{9E62D6AC-B6C8-4B99-8BEA-9AE44F36379E}] => (Allow) C:\Users\cabec\Desktop\jogos\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [TCP Query User{09757607-6E63-4190-AACC-5CC113768E11}C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{B5BE851D-6643-4F20-895E-D697D5275B19}C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\desktop\jogos\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{C5A51D38-9A65-4EEF-9491-B4B48891CA54}] => (Allow) C:\Users\cabec\Desktop\steam\Steam.exe => No File
FirewallRules: [{0FA3D3E0-6CD4-49A2-9C09-EECD7E279596}] => (Allow) C:\Users\cabec\Desktop\steam\Steam.exe => No File
FirewallRules: [{7EFADCA5-CC61-41C6-93E5-D932EB45E4B1}] => (Allow) C:\Users\cabec\Desktop\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C8F8CCF4-3A5E-49A1-AF47-F2B7CE80D192}] => (Allow) C:\Users\cabec\Desktop\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AA614601-B43C-4F2C-9F58-0BE8965EF022}] => (Allow) C:\steam\Steam.exe => No File
FirewallRules: [{DE333F3F-EF8A-4993-94D5-C175C0D79550}] => (Allow) C:\steam\Steam.exe => No File
FirewallRules: [{76B0861F-2ED6-4D1F-B26B-0BA44376ABB6}] => (Allow) C:\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{EB87DB16-7F47-4D70-B1C3-ADC343E7F5A8}] => (Allow) C:\steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{89D90CFD-45D9-406C-94C8-8A3ADEF122F9}] => (Allow) C:\Users\cabec\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{312510DE-4545-4B15-AB6E-96156FD80857}] => (Allow) C:\Users\cabec\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{FAB40BAE-028D-489A-8B2C-D6590F2CAEB6}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9820688A-9299-4459-9F9E-36C28974E0AE}C:\users\cabec\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cabec\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F075C96-65EA-4EB5-8B15-63F89D253746}] => (Allow) C:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{984F01A8-7664-4545-BA0A-1E5083FA257F}] => (Allow) C:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{2D74CFC2-CBDC-4BD4-ACF4-CBBDBA3B4AD6}] => (Allow) C:\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{944D89E6-FD7A-4F5B-8833-F4B828A625D7}] => (Allow) C:\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [TCP Query User{051C33DC-C7A4-40DF-B7B3-ABB35900B0C9}C:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{EAC8F45C-CD67-4F7D-B6D0-98D69ADA6F2D}C:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{3439D8EB-6502-4613-ADD2-431CEC0460CD}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EF73778D-5753-4482-B650-D53A14B3ABF5}] => (Allow) C:\Users\cabec\Pictures\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6D35C2A8-87DD-4AC6-8F69-14CF0B2CAC24}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4CBF99F-F0E8-4585-A813-3492720ED181}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0FF9790B-D8A8-43C5-9AF2-E30DC4467436}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{33AA7470-9092-44D2-8818-6E85988D0124}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{64F23525-3A54-4E61-AC1C-4326A8E18AB3}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{41A45A20-6F0E-418E-AAA1-C6669BA35AB9}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{999F86F6-527B-4C61-9801-0BD6CBD9D937}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2B776A8B-F6C8-4700-B36E-593BB60A20A5}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D8FC0FE3-8EBD-4EC7-B311-E1D75C49D126}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{FA131442-74CB-457B-989A-8C5188B009B3}C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\users\cabec\pictures\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C7F77A1E-1CF4-48E8-A7B2-C00D963C76E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C6FADD75-C65D-457C-B72C-DA534512A88D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{FB8467D7-5D74-4DF2-A9EA-6D338788158F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{C0A61DBC-2E0B-45E7-B8FE-CA489B065BE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25C0C7D0-8F13-4DCC-A995-A4DA608992AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DEB01ED7-2EF4-4F0C-A5AD-72976FF64542}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3F0A00FF-02E4-4F96-9C72-C73ACDC9C529}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CCDA7A30-E535-4EC7-A420-EDA70AE37F2C}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F0F90CB4-C3BD-4024-974F-B46938DE3A46}] => (Allow) C:\Users\cabec\Pictures\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CACEE9EB-3C5F-44E3-AD51-245CF3FE13F4}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{2B46F0F2-3E6B-4F24-98DA-B5EA32F4502D}] => (Allow) C:\Users\cabec\Pictures\steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{0D99FA9F-5CFC-4DAC-8B84-FFBA96C85F29}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{12C41A4B-3BD7-4283-BF51-54D2DEDF1820}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
==================== Restore Points =========================
23-06-2020 15:19:16 Installed DirectX
01-07-2020 18:34:24 Scheduled Checkpoint
09-07-2020 12:14:52 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/17/2020 02:51:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3738
Start Time: 01d65c414d1ee551
Termination Time: 0
Application Path: C:\Windows\System32\MicrosoftEdgeCP.exe
Report Id: 6f294794-eb49-4c98-9960-b7ce9150186a
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Hang type: Unknown
Error: (07/17/2020 02:50:09 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/17/2020 02:23:48 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/17/2020 02:22:50 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/17/2020 12:21:43 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/17/2020 04:48:34 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/16/2020 07:13:55 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/16/2020 12:59:25 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (07/17/2020 03:02:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (07/17/2020 03:02:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/17/2020 03:00:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (07/17/2020 03:00:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/17/2020 02:59:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MQCUIRU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MQCUIRU\cabec SID (S-1-5-21-3266803249-1906538077-2635784554-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2020 02:58:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Error: (07/17/2020 02:58:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (07/17/2020 02:56:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.
Windows Defender:
===================================
Date: 2019-12-12 13:59:59.764
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {487BAD9A-C330-4233-BE7B-AE97962EBE50}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-12-05 09:33:29.113
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {698660BF-F832-4C05-83F8-1D45D12588CB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-12-04 21:22:33.404
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A2C9B23-8239-4F5E-A6A4-00DC55AB3123}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-12-04 20:13:19.227
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {807AA218-8425-4517-B0C0-105137EF48AF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-11-28 17:40:25.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9330D0A3-A7E2-4D90-B67C-CDC616EDA42F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-12-13 16:39:02.212
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2020-07-17 14:50:19.458
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-17 14:50:19.456
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-17 14:23:56.841
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-17 14:23:56.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-17 14:22:58.419
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-17 14:22:58.416
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-17 12:21:52.441
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-17 12:21:52.438
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\ConnectAgent.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 0404 04/12/2019
Motherboard: ASUSTeK COMPUTER INC. WS C246 GS
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 12%
Total physical RAM: 32633.93 MB
Available physical RAM: 28442.95 MB
Total Virtual: 34681.93 MB
Available Virtual: 28698.56 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:476.33 GB) (Free:139.77 GB) NTFS
Drive d: (data) (Fixed) (Total:1862.89 GB) (Free:1820.86 GB) NTFS
\\?\Volume{7fb0217e-e2a9-4e88-8f9a-c50f72859aa3}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{783377f8-cd83-45ef-bd0f-bc43b2b24249}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7FE96090)
Partition: GPT.
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2BBCADC2)
Partition: GPT.
==================== End of Addition.txt =======================