Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nalezen mallware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Vitek
Návštěvník
Návštěvník
Příspěvky: 115
Registrován: 07 led 2016 22:54

Nalezen mallware

#1 Příspěvek od Vitek »

Zdravím, poprosím kontrolu logu jestli je vše ok. Mallwarebytes našel 14 detekcí tak bych chtěl zjistit jestli je vše v pořádku.
Zapl jsem Mallwarebytes a adwcleaner, ten už nic nenašel.
Díky

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by vitek (administrator) on VITEK-PC (Micro-Star International Co., Ltd MS-7C02) (15-10-2023 20:35:18)
Running from C:\Users\vitek\Desktop\FRST64.exe
Loaded Profiles: vitek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\LGHUB\lghub.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
(D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) D:\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <4>
(Discord Inc. -> Discord Inc.) C:\Users\vitek\AppData\Local\Discord\app-1.0.9019\Discord.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(explorer.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\APP Manager\AppManager.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_14c40086f8e718c9\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(svchost.exe ->) (GAINWARD TECHNOLOGY INT'L LIMITED -> Gainward Co. Ltd.) D:\EXPERTool\TBPanel.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Agent\WDDriveAgent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [746440 2018-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [14036304 2023-09-28] (SteelSeries ApS -> SteelSeries ApS)
HKLM-x32\...\Run: [WDDriveAgent] => C:\Program Files (x86)\Western Digital\WD Drive Agent\WDDriveAgent.exe [2379096 2018-03-26] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [APP Manager] => C:\Program Files (x86)\MSI\APP Manager\AppManager.exe [3705520 2019-05-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [457872 2021-03-08] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835760 2019-11-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26327864 2021-08-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [Steam] => D:\Steam\steam.exe [4375912 2023-09-29] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [TBPanel] => D:\EXPERTool\TBPanel.exe [2438960 2018-10-17] (GAINWARD TECHNOLOGY INT'L LIMITED -> Gainward Co. Ltd.)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [Discord] => C:\Users\vitek\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42614688 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [152025856 2023-02-25] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [Gaijin.Net Updater] => C:\Users\vitek\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2361600 2019-11-28] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1785864 2023-10-03] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [uTorrent] => D:\uTorrent\utorrent.exe [416168 2023-02-28] (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [EpicGamesLauncher] => D:\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37104080 2023-10-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2643048 2023-09-07] (Electronic Arts, Inc. -> Electronic Arts)
HKLM\...\Windows x64\Print Processors\Canon TS3400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGF.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: CNMLMBX.DLL (No File)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series XPS: C:\Windows\system32\CNMXLMBX.DLL [393728 2013-03-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3400 series: C:\Windows\system32\CNMLMGF.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\117.0.5938.152\Installer\chrmstp.exe [2023-10-12] (Google LLC -> Google LLC)
Startup: C:\Users\vitek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2021-03-03]
ShortcutTarget: Twitch.lnk -> C:\Users\vitek\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {F7C06618-A77C-4D9F-99D5-62EBAE95542F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.)
Task: {D5A8F596-C49B-43C5-8FB7-66182FE00400} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {06EFA47F-546C-4A64-95A1-E8D033842058} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {4205641D-49A8-4E81-BD87-938C015DA23B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "a27f0db1-0cdf-4b5c-943d-b248ac2787f2" --version "6.16.10662" --silent
Task: {3B063EF0-6E5D-464F-A850-0E86BEFDE99E} - System32\Tasks\CCleanerSkipUAC - vitek => C:\Program Files\CCleaner\CCleaner.exe [35675552 2023-09-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {036F41AA-A447-4441-92A9-B2BE171EDA2B} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe /ua /installsource scheduler (No File)
Task: {29AC77D0-D3BB-4111-BB60-EE1EA5F15702} - System32\Tasks\EXPERTool => D:\EXPERTool\TBPanel.exe [2438960 2018-10-17] (GAINWARD TECHNOLOGY INT'L LIMITED -> Gainward Co. Ltd.)
Task: {7B608357-3AA3-48DF-BC49-E5C35C64C3C8} - System32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-19] (Google Inc -> Google Inc.)
Task: {5BD3D8C2-DBF1-4327-AFD5-9610D49C5955} - System32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-19] (Google Inc -> Google Inc.)
Task: {14AA0012-B1A6-438E-90F4-B8991D6A194B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21915760 2023-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B359F3D-31CD-484B-B8D0-1DB2FDF44D2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21915760 2023-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE7DD0AF-884D-491E-9DB8-31A4469802AF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115648 2023-10-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {52AB13DD-9302-49A1-86BE-4D91C710137D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115648 2023-10-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F5B2379-1874-4D53-8DDC-EFEA2C01A991} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C7C5DEBB-6187-47E3-9FA4-A9D2A39BA24E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F7AEA92-951D-4FCE-AAC9-C478C047BF6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {928F3752-7661-4BAD-A107-EFE776BC82D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8F0471D8-9B3D-42C8-837C-2041B9C34897} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD0EFB19-EC20-4B0E-A77A-202ABF6E29C8} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-09-29] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {92D48F29-D9F4-4998-95E1-B20F38D627E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [717728 2023-09-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {950E4C3E-27A5-43CD-AF03-8A9EE2F988A0} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2018-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {C0C09605-08A8-4B43-B21A-A89C3DAB91B1} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3354296 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {C1F3810E-29C7-48DD-9E05-F38853D2ED52} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [1068688 2019-08-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {DE9DDD1A-EA8C-4C4A-BF2B-FDFEED4F7575} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {F9EF5362-6764-4133-90EB-C6284C461162} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {3442FC76-4BD1-49C3-984A-3A45C16F2BAA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D23037A4-C09D-4753-B114-D80C586ADE24} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C734BE7D-FEA4-496F-9D1E-CCF29BEB5DA5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3464E0BC-0651-480A-9373-C22BB30AAB56} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {397B0965-AFA8-4DEE-ACC1-0F01C8BA2D10} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {77086BA7-F0EA-4E6A-9FA4-20F30B6BF5F0} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A6DDB181-77DE-45F3-9B8E-A36D7B1562B1} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {00854A74-9825-4247-A38A-9CCFA8029BE9} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ECE4C001-7185-4869-B53F-15A894D73572} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641416 2023-10-03] (Overwolf Ltd -> Overwolf LTD)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\MSILEDKeeper_Host.job => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8964d957-5ab4-46e2-9dd6-778ddad6c01a}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\vitek\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-17]
Edge DownloadDir: Default -> D:\Stažené soubory
Edge HomePage: Default -> hxxps://www.google.com/
Edge StartupUrls: Default -> "hxxps://www.google.com/"
Edge Session Restore: Default -> is enabled.
Edge Extension: (Tipli do prohlížeče) - C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-18]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2023-07-25]
Edge Extension: (BetterTTV) - C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb [2023-07-24]
Edge Extension: (Edge relevant text changes) - C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-17]
Edge Extension: (Twitch Now) - C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2021-12-03]
Edge Extension: (Hlídač Shopů) - C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\plmlonggbfebcjelncogcnclagkmkikk [2023-08-17]

FireFox:
========
FF DefaultProfile: ojfb8ucn.default
FF ProfilePath: C:\Users\vitek\AppData\Roaming\Mozilla\Firefox\Profiles\ojfb8ucn.default [2022-10-09]
FF ProfilePath: C:\Users\vitek\AppData\Roaming\Mozilla\Firefox\Profiles\v6f9g7o7.default-release [2023-06-15]
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2022-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2022-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-09-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default [2023-10-15]
CHR DownloadDir: D:\Stažené soubory
CHR Notifications: Default -> hxxps://steamcommunity.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (BetterTTV) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2023-09-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-08-25]
CHR Extension: (Tipli do prohlížeče) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-16]
CHR Extension: (I don't care about cookies) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2023-09-25]
CHR Extension: (Return YouTube Dislike) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-25]
CHR Extension: (Carbon Blackout) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ialnhggmaghopmhanfnjjneegopfpbdj [2020-01-06]
CHR Extension: (MetaMask) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-10-11]
CHR Extension: (Twitch Now) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2020-07-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Hlídač Shopů) - C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlonggbfebcjelncogcnclagkmkikk [2023-10-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-02-02] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9201848 2023-09-27] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3644008 2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [10994792 2023-09-07] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2023-04-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [943528 2023-07-23] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10209536 2023-02-25] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9316040 2023-10-13] (Malwarebytes Inc. -> Malwarebytes)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343600 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507952 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2740912 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_AppManager_Service; C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe [2055352 2019-01-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2210616 2021-08-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [34976 2018-12-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641416 2023-10-03] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2199024 2023-05-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [37712 2023-09-28] (SteelSeries ApS -> )
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16241056 2022-07-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [524632 2018-03-26] (Western Digital Techologies -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_14c40086f8e718c9\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_14c40086f8e718c9\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-12-23] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-12-23] (Disc Soft Ltd -> Disc Soft Ltd)
R1 EneIo; C:\WINDOWS\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-23] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-23] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-23] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222288 2023-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2018-12-30] (SoftEther Corporation -> SoftEther Corporation)
S3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12464 2022-08-14] (Macrovision Europe Ltd) [File not signed]
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46776 2019-02-01] (SteelSeries ApS -> )
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-17] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-10-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572712 2023-10-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-15 20:34 - 2023-10-15 20:34 - 002383360 _____ (Farbar) C:\Users\vitek\Desktop\FRST64.exe
2023-10-13 16:28 - 2023-10-13 16:28 - 000000000 ____D C:\Users\vitek\AppData\Local\Backup
2023-10-12 14:58 - 2023-10-12 14:58 - 000000000 ____D C:\ProgramData\PLUG
2023-10-12 14:58 - 2023-10-12 14:58 - 000000000 ____D C:\Program Files\RUXIM
2023-10-11 17:40 - 2023-10-11 17:40 - 000016059 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-10-11 17:16 - 2023-10-11 17:16 - 000000000 ___HD C:\$WinREAgent
2023-10-10 18:33 - 2023-10-10 18:33 - 000000000 ____D C:\Users\vitek\AppData\Local\Rocket League
2023-10-10 17:22 - 2023-10-10 17:22 - 000000348 _____ C:\Users\vitek\Desktop\Rocket League®.url
2023-10-10 16:14 - 2023-10-10 16:14 - 000000000 ____D C:\Program Files\Epic Games
2023-09-29 17:54 - 2023-10-04 15:07 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-15 20:36 - 2023-06-15 12:06 - 000036830 _____ C:\Users\vitek\Desktop\FRST.txt
2023-10-15 20:35 - 2020-01-29 14:20 - 000000000 ____D C:\FRST
2023-10-15 20:34 - 2018-10-20 09:47 - 000000000 ____D C:\Users\vitek\AppData\Local\Discord
2023-10-15 20:33 - 2022-08-06 23:20 - 000000000 ____D C:\Program Files\TeamViewer
2023-10-15 20:25 - 2020-08-17 17:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-10-15 20:02 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-15 19:58 - 2021-12-20 00:23 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-10-15 19:58 - 2018-10-19 21:28 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-15 17:36 - 2018-10-20 09:47 - 000000000 ____D C:\Users\vitek\AppData\Roaming\discord
2023-10-15 17:36 - 2018-10-19 20:28 - 000000000 ____D C:\Users\vitek\AppData\Local\D3DSCache
2023-10-15 16:34 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-15 16:34 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-10-15 16:30 - 2018-10-19 20:08 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-15 16:29 - 2020-06-05 12:51 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-15 16:29 - 2020-06-05 12:51 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-10-15 16:28 - 2023-05-09 16:07 - 000000000 ____D C:\Users\vitek\AppData\Local\Malwarebytes
2023-10-15 16:28 - 2020-01-08 17:35 - 000000000 ____D C:\Users\vitek\AppData\Roaming\LGHUB
2023-10-15 16:28 - 2020-01-08 17:35 - 000000000 ____D C:\Users\vitek\AppData\Local\LGHUB
2023-10-15 16:28 - 2019-05-23 13:35 - 000000000 ____D C:\Program Files\CCleaner
2023-10-15 16:28 - 2018-10-25 22:01 - 000000000 ____D C:\Users\vitek\AppData\Local\CrashDumps
2023-10-14 18:26 - 2018-10-20 09:47 - 000002265 _____ C:\Users\vitek\Desktop\Discord.lnk
2023-10-14 11:40 - 2021-12-12 19:55 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-443703425-2946328903-2492468108-1001
2023-10-14 11:40 - 2020-08-17 17:49 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-443703425-2946328903-2492468108-1001
2023-10-14 11:40 - 2020-08-17 17:41 - 000002415 _____ C:\Users\vitek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-13 22:24 - 2022-03-23 21:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-10-13 22:22 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-10-13 16:25 - 2020-08-17 17:47 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-10-13 16:25 - 2019-12-07 16:43 - 000682238 _____ C:\WINDOWS\system32\perfh005.dat
2023-10-13 16:25 - 2019-12-07 16:43 - 000137054 _____ C:\WINDOWS\system32\perfc005.dat
2023-10-13 16:19 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-10-13 16:18 - 2020-08-17 17:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-10-13 16:18 - 2020-08-17 17:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-12 22:05 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-10-12 22:01 - 2020-08-17 17:40 - 000296744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-10-12 21:59 - 2019-12-07 16:47 - 000000000 ___SD C:\WINDOWS\system32\AppV
2023-10-12 21:59 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-10-12 21:59 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-10-12 21:59 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-10-12 21:59 - 2019-12-07 16:43 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2023-10-12 21:59 - 2019-12-07 16:43 - 000000000 ____D C:\WINDOWS\system32\cs
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-10-12 21:59 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-10-12 21:59 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2023-10-12 20:45 - 2018-10-19 21:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-10-12 20:45 - 2018-10-19 21:29 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-10-12 14:58 - 2018-11-16 17:21 - 000000000 ____D C:\Program Files\rempl
2023-10-11 17:57 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-10-11 17:56 - 2019-12-07 16:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-10-11 17:56 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-10-11 17:56 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-10-11 17:39 - 2020-08-17 17:45 - 003014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-10-11 17:09 - 2018-10-19 22:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-10-11 17:02 - 2018-10-19 22:27 - 181553176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-10-10 18:37 - 2021-04-17 13:51 - 000000000 ____D C:\WINDOWS\Minidump
2023-10-10 18:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-10-09 19:08 - 2018-10-21 11:03 - 000000000 ____D C:\SteamLibrary
2023-10-08 14:38 - 2022-11-18 00:21 - 000000806 _____ C:\Users\Public\Desktop\Play Farming Simulator 22.lnk
2023-10-07 14:19 - 2021-03-03 18:19 - 000000000 ____D C:\Program Files (x86)\Overwolf
2023-10-05 15:09 - 2023-09-14 15:34 - 000255592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_3.dll
2023-10-05 15:09 - 2023-06-05 19:13 - 002709096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2023-10-05 15:09 - 2023-06-05 19:13 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2023-10-05 15:09 - 2023-06-05 19:13 - 000210536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2023-10-05 15:09 - 2023-06-05 19:13 - 000181864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2023-10-05 15:09 - 2023-06-05 19:13 - 000145000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2023-10-05 15:09 - 2023-06-05 19:13 - 000095736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2023-10-05 15:09 - 2023-06-05 19:13 - 000075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2023-10-05 15:09 - 2018-10-19 19:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-10-04 20:48 - 2022-12-09 19:02 - 000000000 ____D C:\Users\vitek\AppData\Roaming\steelseries-gg-client
2023-10-04 16:12 - 2020-08-17 17:41 - 000000000 ____D C:\Users\vitek
2023-10-04 15:07 - 2022-07-27 08:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-10-03 15:41 - 2022-02-26 20:47 - 000000000 ____D C:\WINDOWS\system32\SteelSeries
2023-10-01 17:48 - 2020-10-17 13:32 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2023-09-30 16:23 - 2022-07-27 08:50 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-27 20:51 - 2018-10-19 20:17 - 000000000 ____D C:\ProgramData\Packages
2023-09-22 20:05 - 2023-07-23 13:00 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2023-09-21 15:51 - 2018-10-19 20:02 - 000000000 ____D C:\Users\vitek\AppData\Local\PlaceholderTileLogoFolder
2023-09-19 20:40 - 2023-04-11 20:53 - 000003844 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358}
2023-09-19 20:40 - 2023-04-11 20:53 - 000003720 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B}
2023-09-17 12:38 - 2022-09-20 16:20 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-09-15 20:05 - 2023-06-20 15:58 - 000000000 ____D C:\Users\vitek\AppData\Roaming\.tlauncher

==================== Files in the root of some directories ========

2020-04-17 13:20 - 2021-03-02 18:50 - 053028851 _____ () C:\Users\vitek\AppData\Roaming\gta5_patch.bin
2020-04-17 13:20 - 2020-04-17 13:20 - 000332800 _____ () C:\Users\vitek\AppData\Roaming\patcher.dll
2022-07-30 13:00 - 2022-07-30 13:00 - 000001286 _____ () C:\Users\vitek\AppData\Roaming\Roaming – zástupce.lnk
2023-07-26 22:36 - 2023-07-26 22:36 - 000003854 _____ () C:\Users\vitek\AppData\Local\3301857876
2020-09-24 18:41 - 2020-11-22 13:17 - 000004627 _____ () C:\Users\vitek\AppData\Local\PlariumPlay.log
2022-09-10 18:59 - 2022-09-10 18:59 - 000002220 _____ () C:\Users\vitek\AppData\Local\recently-used.xbel
2020-05-05 00:04 - 2020-05-05 00:04 - 000007605 _____ () C:\Users\vitek\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by vitek (15-10-2023 20:37:17)
Running from C:\Users\vitek\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) (2020-08-17 15:49:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-443703425-2946328903-2492468108-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-443703425-2946328903-2492468108-503 - Limited - Disabled)
Guest (S-1-5-21-443703425-2946328903-2492468108-501 - Limited - Disabled)
vitek (S-1-5-21-443703425-2946328903-2492468108-1001 - Administrator - Enabled) => C:\Users\vitek
WDAGUtilityAccount (S-1-5-21-443703425-2946328903-2492468108-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.006.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Ryzen Master (HKLM\...\{02247819-03CD-414E-AC8D-FD518BFBA445}) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.1.0.1236 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Název společnosti:) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Beyond-All-Reason 1.2124.0 (HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\a5671b31-085d-5fba-830a-66a891c6a4a4) (Version: 1.2124.0 - gajop)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.45.2.51 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.0.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon TS3400 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TS3400_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.16 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.6.607.0 - Piriform Software) Hidden
Command & Conquer™ Remastered Collection (HKLM-x32\...\{CB92A22C-0421-4513-9EE4-00519B4A12CC}) (Version: 1.153.11.25008 - Electronic Arts Inc. (en_US))
CPUID HWMonitor 1.37 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.37 - CPUID, Inc.)
CrystalDiskInfo 8.9.0a (HKLM\...\CrystalDiskInfo_is1) (Version: 8.9.0a - Crystal Dew World)
CurseForge (HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.168.1.9 - Overwolf app)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0677 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.18.0.5531 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{3b7e0236-b3a3-4d97-95bc-0864d521d35d}) (Version: 13.18.0.5531 - Electronic Arts)
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{1E570BD2-E6BC-4CA1-A08C-E9CE483AD022}) (Version: 1.3.79.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
EXPERTool v10.20 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 10.20.0.0 - Gainward Co. Ltd.)
Farming Simulator 22 (HKLM-x32\...\Farming Simulator 22_is1) (Version: 0.0.0 - DODI-Repacks)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 117.0.5938.152 - Google LLC)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{95548B78-8547-4E91-B0DA-1CBB82150917}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.2.376231 - Logitech)
Malwarebytes version 4.6.4.286 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.4.286 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.46 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.60 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2021 - cs-cz (HKLM\...\ProPlus2021Volume - cs-cz) (Version: 16.0.14332.20582 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\OneDriveSetup.exe) (Version: 23.199.0924.0001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 118.0.1 (x64 cs)) (Version: 118.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 103.0 - Mozilla)
MSI Afterburner 4.6.5 (HKLM-x32\...\Afterburner) (Version: 4.6.5 - MSI Co., LTD)
MSI APP Manager (HKLM-x32\...\{00F47104-12BA-4E58-A7E6-F456C1BA338E}}_is1) (Version: 1.0.0.32 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.98 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.76 - MSI)
MSI MysticLight (HKLM-x32\...\{93874B70-6C5E-446A-AF4D-E5AC776A0386}}_is1) (Version: 3.0.0.66 - MSI)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Navitel DVR Player (HKLM-x32\...\Navitel DVR Player) (Version: 1.4.2.1132 - Navitel s.r.o)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA GeForce NOW 2.0.34.132 (HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.34.132 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 536.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.67 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Název společnosti:)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14332.20582 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20565 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20582 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.233.2.2 - Overwolf Ltd.)
Phone Nokia USB Driver (HKLM-x32\...\{7F1C627F-7F07-4B51-B50F-FF8C64881D6E}) (Version: 1.1.0 - Mobile)
Photo Common (HKLM-x32\...\{15BFD731-A10E-43E9-9D18-0F682BC0480F}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.17508 - Kakao Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.9 - Power Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8470 - Realtek Semiconductor Corp.)
Registrace tiskárny (HKLM-x32\...\Canon EISRegistration) (Version: 1.7.5 - Canon Inc.)
RivaTuner Statistics Server 7.3.4 (HKLM-x32\...\RTSS) (Version: 7.3.4 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.72.1513_C - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.8.4 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 48.0.0 (HKLM\...\SteelSeries GG) (Version: 48.0.0 - SteelSeries ApS)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.32.3 - TeamViewer)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.879 - TLauncher Inc.)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version: - Ubisoft)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Twitch (HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 127.1.10616 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Wargaming.net Game Center (HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\Wargaming.net Game Center) (Version: 20.7.2.2851 - Wargaming.net)
WD Drive Agent (HKLM-x32\...\{10BD0B99-6C39-4246-85DA-E4AA34B7707E}) (Version: 1.1.0.18 - Western Digital Technologies, Inc.) Hidden
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{9A470EA9-FF86-4C0E-992C-572BF2B9D6FF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{E100E2B5-F2EF-4955-AB7A-C3F2125A3BCD}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)

Packages:
=========
Back 4 Blood -> C:\Program Files\WindowsApps\WarnerBros.Interactive.e172091a-6630-4ff3-959f-830_1.314.5975.0_x64__ktmk1xygcecda [2023-07-17] (Warner Bros. Interactive)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2022-06-18] (Canon Inc.)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.18.1011.0_x64__rz1tebttyb220 [2023-09-30] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-20] (Microsoft Corporation)
Free MP3 Cutter Joiner -> C:\Program Files\WindowsApps\808dvdvideomedia.FreeMP3CutterJoiner_1.0.0.0_x86__yjscgq3q1n9ft [2023-07-11] (dvdvideomedia)
Grounded -> C:\Program Files\WindowsApps\Microsoft.Maine_2.2.164.0_x64__8wekyb3d8bbwe [2023-09-22] (Microsoft Studios)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-07-20] (Instagram)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-07-30] (NVIDIA Corp.)
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.920.900_x64__8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2019-10-25] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0 [2023-10-12] (Spotify AB) [Startup Task]
Video Editor & Slideshow Maker -> C:\Program Files\WindowsApps\23140Kinderjoy.VideoEditorSlideshowMaker_1.1.160.0_x64__4k9s1t26vykqt [2019-06-28] (Video Apps Mechanic) [MS Ad]
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.930.722.582_neutral__8wekyb3d8bbwe [2023-09-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-03-08] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-03-08] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_14c40086f8e718c9\nvshext.dll [2023-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-03-08] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-06-05 09:53 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\APP Manager\unrar.dll
2023-05-12 22:03 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2023-05-12 22:01 - 2016-04-20 14:12 - 000772608 _____ () [File not signed] C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2018-10-19 23:08 - 2017-08-02 14:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\MysticLight\LEDControl.dll
2019-06-19 10:25 - 2019-06-19 10:25 - 000209920 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 14:34 - 2018-03-20 14:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2023-02-25 18:34 - 2023-02-25 15:21 - 000164864 _____ () [File not signed] C:\Program Files\LGHUB\resources\app.asar.unpacked\keytar.node
2021-05-06 20:55 - 2013-03-24 05:00 - 000393728 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMXLMBX.DLL
2018-12-28 17:50 - 2018-11-14 23:08 - 002200784 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files (x86)\MSI\MysticLight\IcMSIDll.dll
2023-05-12 22:01 - 2015-06-23 16:41 - 000082432 _____ (Fintek) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2023-06-05 19:13 - 2023-10-05 15:09 - 000503808 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\SYSTEM32\gameplatformservices.dll
2019-10-02 10:30 - 2016-10-03 13:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MysticLight\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2022-01-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2022-01-10] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-23] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2022-10-10 22:38 - 000001683 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vitek\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\arsenal gaming.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "PlariumPlay"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_910C094A1AA0C198BEB50DA792973C5E"
HKU\S-1-5-21-443703425-2946328903-2492468108-1001\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4C41F899-DD27-4A7E-9856-9EEF54B191B6}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{E3F41E29-C89E-4C40-B9B2-BD408CFED815}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{C67E59BB-33CA-4BC1-B998-5E45CD8FC9D0}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{B23035C9-5CD6-4A19-B19C-1D594ED16AED}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{A269FB7A-2FE4-4143-804E-26A4EAA55339}D:\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{693B2E1C-05D5-4A90-B4AA-8F5111BCF089}D:\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{20B8B1F3-B6D9-4355-8E24-2946B7F14FCB}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C8B158D4-E8F0-4724-A95C-3F0D88AE3D52}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3D0CB6E3-7577-42B2-B13B-EA654B98003C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{140C1630-FA84-4FD0-953A-E5D016A27708}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{12ED78E6-458F-4193-9E87-A5567A1A8900}] => (Allow) D:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment Inc.)
FirewallRules: [{88F5D4F2-639A-46B5-9DE7-1344CF9F0FE1}] => (Allow) D:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment Inc.)
FirewallRules: [{027530CF-AF7B-4729-8CF9-D786C78697AD}] => (Allow) D:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed]
FirewallRules: [{AB76F19D-1CA0-4BDA-A1D7-C46DC673BBCE}] => (Allow) D:\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe () [File not signed]
FirewallRules: [{27008868-1E3A-4223-BFCF-F0DB0E1B1044}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6F1CD4AD-CFCE-46EB-89FF-D489F34D8FB4}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E7F8AE30-94E4-4FEB-A79F-16205AC90964}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{1A2C4577-A22C-444C-8B1C-DF30ED7A091E}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{F1CEDEC9-B489-4B98-84E1-2ED96CD9A573}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B7A86D72-FD65-4CCB-9A93-58D8F744E938}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{626C4AB3-C9BB-4DC2-8D46-22F231251B6C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06868809-F83D-46ED-8D53-04F92F2FE507}] => (Allow) LPort=2869
FirewallRules: [{FB117FB9-4943-4386-971D-5FF73DA2AE61}] => (Allow) LPort=1900
FirewallRules: [{5D1EAACE-C933-4060-91FE-0EE2047FDED2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{8D7AF6F5-9F22-4BC5-836E-0974808997B6}D:\utorrent\utorrent.exe] => (Allow) D:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{74CF6D0C-D549-4020-AED1-967C3BD166B6}D:\utorrent\utorrent.exe] => (Allow) D:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{689790E4-7576-4ACF-8921-1BB2750D8094}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{123DA1AD-EE3C-4A48-8C79-1EF7EE847780}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{6E212CD1-7BC7-4914-8AF3-2FDC97E0BAA9}D:\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{2A283338-F67F-45F7-8C4E-062C3770E6E9}D:\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{40CA2B74-CC8E-432D-AFE3-8883A605E0E9}D:\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{0EE6B7D8-BD62-493A-BABC-DB9E60FFBAB9}D:\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{03432824-2736-495E-8792-815D24632215}D:\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{27A1496B-E2D5-4B53-9803-47AB074F79DE}D:\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{54B3AA0B-1505-406F-9293-B936DDA80F5D}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe => No File
FirewallRules: [UDP Query User{D40FD1B5-31C6-454A-837B-8C9B88B7C558}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe => No File
FirewallRules: [TCP Query User{00B975BB-21EF-43E7-AF64-E36DC93F7F48}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe => No File
FirewallRules: [UDP Query User{ACFC6685-3268-4DC5-913F-CE1DB977F883}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe => No File
FirewallRules: [TCP Query User{AF3B261B-59A7-424D-91A4-41E214E9EE30}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe => No File
FirewallRules: [UDP Query User{74B853A9-1A44-427E-A4A4-68462F035E78}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe => No File
FirewallRules: [{DAA4184F-B1F1-45B2-8309-300FBC7C69B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{20C5D7BB-E0CC-4E02-AF46-ECD72D7AD279}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{165EC16A-C265-400B-B2BD-23A0DB049D00}C:\users\vitek\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\vitek\downloads\downloader_diablo2_enus.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{0576B0BF-623B-487E-8A3A-EB7702DE98AE}C:\users\vitek\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\vitek\downloads\downloader_diablo2_enus.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{2AC9A6F1-E96B-4716-BB28-C4D30AD00292}C:\users\vitek\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\vitek\downloads\downloader_diablo2_lord_of_destruction_enus.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{A0E406C8-B41A-4849-9553-C770546CB1F3}C:\users\vitek\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\vitek\downloads\downloader_diablo2_lord_of_destruction_enus.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{49981A61-2B71-4BAF-A886-77326654EBBF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F7C070F1-BAB1-4E7E-B800-3BB93EC20A34}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FC790247-2AC0-48AF-A91D-2676E8FB41E4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3C8DE835-783B-4CC9-B8D4-5E3DFBA3D1F2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{7B6EBDAA-4A4E-47C2-B416-29EA6A201630}D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{D58B6F16-85B1-4BCE-B83C-EBB43560DF52}D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{BD04BCD9-8082-4BB7-BB1A-F584786640C9}D:0\start.exe] => (Allow) D:0\start.exe => No File
FirewallRules: [UDP Query User{AB67A869-E346-4AC1-ACD4-252EED3EF8BD}D:0\start.exe] => (Allow) D:0\start.exe => No File
FirewallRules: [{826F5DEA-5661-4622-95F1-FE2DB8C4931E}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{FD69516A-E852-4EBB-A748-48210962075B}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{85E4E0E7-B927-4AAD-A8A5-F50F27FBF3F8}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{585B395C-67F3-4911-AA86-32C09F679556}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [TCP Query User{C99003BC-9F0A-4375-A262-5AE42E18198B}D:\utorrent\utorrent.exe] => (Allow) D:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CFAB5667-49E5-4BB8-A9F8-A3DFB4D0587C}D:\utorrent\utorrent.exe] => (Allow) D:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{629B8979-93F8-4389-BDB7-0C357E0FE683}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CB9D1A74-0D30-4B56-A248-459875F25CA5}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{7009D902-EA5B-42E8-9715-B3FE07DB70B5}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{ECEFB003-8FFB-4C80-93B8-343452166673}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [TCP Query User{DF897B47-B711-453C-94B2-8F6FAA63C380}D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{20A24598-9775-466C-943A-ED52178E976A}D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) D:\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{37DB40FE-6D69-4042-92BF-BB652FE9CD43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{379988C8-A728-4717-885C-B90DB205951F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{E563F867-C5B1-4EBA-BB6F-534C43481B83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{27653C55-42A7-4F9E-B222-401B668AB418}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{06A5F1EE-8479-422A-990B-F3E98F4E07AE}] => (Allow) D:\Tom Clancy's Ghost Recon Wildlands\GRW_Upp.exe (Blue Byte GmbH -> )
FirewallRules: [TCP Query User{6FDDAE01-5222-4F1B-A414-0FE39E9BA390}D:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> )
FirewallRules: [UDP Query User{AC5A3BBE-0DB1-4C17-B1AE-E084910DB33D}D:\tom clancy's ghost recon wildlands\grw.exe] => (Allow) D:\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> )
FirewallRules: [{E7B796B3-FD86-49DF-87E9-B53F055FE178}] => (Allow) LPort=26789
FirewallRules: [TCP Query User{0874A4AC-59D3-49F8-8B92-FAB6CE16DF5C}D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{4A13F06C-0188-495E-8D41-19307F703123}D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{65C92FA0-0B2C-4719-91AE-63543904E5A1}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{F6604065-A3FB-4F8E-81B9-8A66AF009729}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{4DC8A9D6-DD8D-4A82-A54E-519A7966C37A}D:\games\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe] => (Allow) D:\games\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{BBA42370-884F-4CD8-BB00-897B9124EDF7}D:\games\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe] => (Allow) D:\games\grounded\content\maine\binaries\wingdk\maine-wingdk-shipping.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{DC7A22B0-81F5-46F4-A0ED-36132AB2A816}C:\users\vitek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\vitek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{8BF9BEE9-4703-4190-8656-5A8616CE91AD}C:\users\vitek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\vitek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{C85540A6-D191-422C-BAC7-5E07646DFDB7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C493020E-1087-4494-8537-949C170A03AF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B82413EB-6632-4C67-B0DE-6A4A3D740D63}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B1DF65BD-B2D6-4612-BAED-BC5CB4279CD3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{58829ACA-A3AC-4E56-93C0-D42130FB15EB}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E79ACFD1-135B-43A2-85DE-5747E0676751}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{803C0AB5-2A49-4457-9838-16E09C1B76D1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{837AFCA3-9D34-4DFF-9FCA-F6F0C6A2373F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{637EDE1B-D1E1-43C7-8BF4-4EC9F945A3BB}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F69E1A2B-4646-4307-A02D-DA11111201BF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E684842A-BD96-48FD-91E2-08B9BDBC0078}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{14315271-CF95-40D6-8D0F-D6A6C2DBE06B}C:\users\vitek\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\vitek\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{C941C513-93F8-44D0-9DA4-99C4DA5F7454}C:\users\vitek\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\vitek\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{122AA25F-3FA1-4104-93D1-BD00A7806CF7}C:\program files\java\jre1.8.0_311\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_311\bin\javaw.exe
FirewallRules: [UDP Query User{1AB5B722-396D-4714-A51F-48ECFA7E20F9}C:\program files\java\jre1.8.0_311\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_311\bin\javaw.exe
FirewallRules: [TCP Query User{AE3D29A6-B6E9-49CC-B965-3ED2E3D422FF}C:\users\vitek\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe] => (Allow) C:\users\vitek\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{692E3562-494A-4400-804B-7088C3335D3B}C:\users\vitek\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe] => (Allow) C:\users\vitek\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe
FirewallRules: [{786A405C-8986-4D99-B330-C6794F13CE9E}] => (Allow) C:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{6F9F34F4-6D14-42AE-B8F8-59EC7072FDF6}] => (Allow) C:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [TCP Query User{8C8CD1C3-5D17-483F-B7C1-07A49F0F7553}C:\xboxgames\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) C:\xboxgames\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{9359BC67-28D7-450B-BA9D-1DE6D466521C}C:\xboxgames\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe] => (Allow) C:\xboxgames\back 4 blood\content\gobi\binaries\wingdk\back4blood.exe (Access Denied) [File not signed]
FirewallRules: [{D0491F00-D5C7-4F12-8F42-2B7F72263BC2}] => (Allow) D:\Steam\steamapps\common\Stronghold Definitive Edition Demo\Stronghold 1 Definitive Edition.exe () [File not signed]
FirewallRules: [{68CF84CF-3453-487D-AA06-387CFA140CB1}] => (Allow) D:\Steam\steamapps\common\Stronghold Definitive Edition Demo\Stronghold 1 Definitive Edition.exe () [File not signed]
FirewallRules: [{07D7FA39-B0F8-467D-8F7B-7C9C867C4CEA}] => (Allow) D:\Steam\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe (Focus Entertainment SA -> Focus Home Interactive)
FirewallRules: [{4A88B654-78C4-443D-8255-2648B7FD34D3}] => (Allow) D:\Steam\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe (Focus Entertainment SA -> Focus Home Interactive)
FirewallRules: [TCP Query User{5AE74C9B-944A-4567-8303-E2F3D4BC5335}C:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [UDP Query User{436C33D3-4B38-40E3-BE15-8E01DD9C3F4C}C:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [{AF408980-27A9-453D-80B6-93856021CA3F}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{77146554-9B9F-4D51-A87C-F645A6572A7D}] => (Allow) C:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{AF5AD9AD-B19A-4EF7-B7CB-544656E2EC9E}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{D53A2950-B59E-4271-9236-095E45DCB2B7}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{D9834C80-8268-4407-888F-5536EDC7FAAE}] => (Block) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{ADD030CE-1408-42F5-8D30-7A088FC6B5AD}] => (Block) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{3C69EEB9-DB59-4B97-BC55-A60DC3AF1DC1}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3D8365AA-1DF2-41C5-B902-925FE690271E}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [TCP Query User{23289889-D7B3-4490-A653-23EBC2EAECFF}D:\farming simulator 22\x64\farmingsimulator2022game.exe] => (Allow) D:\farming simulator 22\x64\farmingsimulator2022game.exe (GIANTS Software GmbH) [File not signed]
FirewallRules: [UDP Query User{BE29EF5D-8EA0-4371-84DC-35F41CE9817A}D:\farming simulator 22\x64\farmingsimulator2022game.exe] => (Allow) D:\farming simulator 22\x64\farmingsimulator2022game.exe (GIANTS Software GmbH) [File not signed]
FirewallRules: [{4D24EDF9-3E33-4746-8AFA-408EC460D298}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.60\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FBF52A45-FFFA-4C59-884E-536E0FB10784}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1FACF9B5-1F49-404B-86EC-CB2A195ED3F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{105838DA-D505-444F-997F-2AD638E17794}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{66F8F510-2214-4DA5-9690-801A3EAE6346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E4D4A522-843F-4BA4-9826-A63655FAD468}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2CFCCA31-4370-450B-8FC9-AD333B6A33ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EC7E6500-10C6-4A44-B393-B926258DE229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F1F249E5-B939-4A11-A4C6-3902FABDE52D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CB84A1D5-7B0D-4CBA-A7F8-330A9C24B2B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{139B1B6E-646D-4156-B103-7391967D4E91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.222.982.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B31DB245-4A2E-4D71-A810-F750687D518F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4931DBCF-2F04-4600-A7B7-B79B05175139}] => (Allow) LPort=26820
FirewallRules: [{24A9A0C6-E85E-48BF-B9BD-E29AD135AE03}] => (Allow) LPort=26822

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/15/2023 04:28:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MSI_LED.exe, verze: 6.2.0.96, časové razítko: 0xf3f2611b
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.3570, časové razítko: 0xfaa05682
Kód výjimky: 0xe0434352
Posun chyby: 0x0013d982
ID chybujícího procesu: 0x77c
Čas spuštění chybující aplikace: 0x01d9ff73c8df8c2b
Cesta k chybující aplikaci: C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 10fb6ae4-3ee7-4b71-bb27-1b429d657188
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/15/2023 04:28:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: MSI_LED.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentOutOfRangeException
na System.ThrowHelper.ThrowArgumentOutOfRangeException(System.ExceptionArgument, System.ExceptionResource)
na System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Item(Int32)
na MSI_LED.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
na System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
na System.Windows.Application.<.ctor>b__1_0(System.Object)
na System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
na System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
na System.Windows.Threading.DispatcherOperation.InvokeImpl()
na System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Windows.Threading.DispatcherOperation.Invoke()
na System.Windows.Threading.Dispatcher.ProcessQueue()
na System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
na MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
na MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
na System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
na System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
na System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
na MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
na MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
na System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
na System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
na System.Windows.Application.RunDispatcher(System.Object)
na System.Windows.Application.RunInternal(System.Windows.Window)
na System.Windows.Application.Run(System.Windows.Window)
na System.Windows.Application.Run()
na MSI_LED.App.Main()

Error: (10/14/2023 10:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.19041.1266, časové razítko: 0x0cca0ab4
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x41f0
Čas spuštění chybující aplikace: 0x01d9fed88a998124
Cesta k chybující aplikaci: C:\Users\vitek\AppData\Roaming\Adobe\Headlights\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: e40d052d-debd-4652-bb47-e81a5875838d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2023 09:56:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.19041.1266, časové razítko: 0x0cca0ab4
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2f64
Čas spuštění chybující aplikace: 0x01d9fed025197337
Cesta k chybující aplikaci: C:\Users\vitek\AppData\Roaming\Adobe\Headlights\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 58e9efe2-51f5-4633-9e0e-17304eb51652
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2023 08:56:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.19041.1266, časové razítko: 0x0cca0ab4
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x35e4
Čas spuštění chybující aplikace: 0x01d9fec7beab3ec3
Cesta k chybující aplikaci: C:\Users\vitek\AppData\Roaming\Adobe\Headlights\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 849a394c-4e0d-4b8c-ad7a-f4494646cc08
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2023 07:56:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.19041.1266, časové razítko: 0x0cca0ab4
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3458
Čas spuštění chybující aplikace: 0x01d9febf5924a6ad
Cesta k chybující aplikaci: C:\Users\vitek\AppData\Roaming\Adobe\Headlights\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 4e7748e3-dc6a-4397-86c2-eb71b6bbf7e2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2023 06:56:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MXWTPTTTYKDUYVXJ.exe, verze: 10.0.19041.1266, časové razítko: 0x0cca0ab4
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3ddc
Čas spuštění chybující aplikace: 0x01d9feb6f301644d
Cesta k chybující aplikaci: C:\Users\vitek\AppData\Roaming\Adobe\Headlights\MXWTPTTTYKDUYVXJ.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: fb339001-47f6-42eb-a6b1-2eefb7dd594c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2023 05:56:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MSI_LED.exe, verze: 6.2.0.96, časové razítko: 0xf3f2611b
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.3570, časové razítko: 0xfaa05682
Kód výjimky: 0xe0434352
Posun chyby: 0x0013d982
ID chybujícího procesu: 0x1314
Čas spuštění chybující aplikace: 0x01d9feb6ee809f55
Cesta k chybující aplikaci: C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: cda867e9-7ff1-4004-bbdb-67bc84517d96
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (10/15/2023 08:28:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (10/15/2023 05:56:21 PM) (Source: volsnap) (EventID: 25) (User: )
Description: Stínové kopie svazku C: byly smazány, protože úložiště stínové kopie nebylo možné včas zvětšit. Zvažte možnost snížení vstupně-výstupního zatížení systému nebo zvolte svazek úložiště stínové kopie, pro který není vytvářena stínová kopie.

Error: (10/15/2023 05:56:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (10/13/2023 04:18:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SecDrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (10/13/2023 04:18:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

Error: (10/12/2023 10:01:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SecDrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (10/12/2023 10:01:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

Error: (10/12/2023 09:58:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby UsoSvc s argumenty Není k dispozici za účelem spuštění serveru:
{B91D5831-B1BD-4608-8198-D72E155020F7}


Windows Defender:
================
Date: 2023-10-15 16:38:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7A5BEE0D-23F4-4B39-B552-1B5AF7F87D22}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-10-14 23:04:51
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {65EA5F28-2EE9-4C99-BC97-0155FDEFB56F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-10-12 15:25:38
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {4A33B36E-4E29-4351-92DE-C69B3467B479}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-10-11 17:02:01
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3B3EE31A-1ECD-4F90-A634-61056296528D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-10-10 15:25:49
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BDCAE2EE-E408-4F46-956F-3433F65820BF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2023-08-25 00:26:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.1211.0;1.395.1211.0
Verze modulu: 1.1.23070.1005

Date: 2023-08-23 22:37:21
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: V systému chybí aktualizace potřebné ke spuštění systému kontroly sítě. Nainstalujte potřebné aktualizace a restartujte zařízení.

CodeIntegrity:
===============
Date: 2023-10-13 16:35:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-04 21:19:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-01 17:18:39
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\vitek\AppData\Roaming\Adobe\Headlights\MXWTPTTTYKDUYVXJ.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-08-25 11:26:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.00 07/02/2018
Motherboard: Micro-Star International Co., Ltd B450 TOMAHAWK (MS-7C02)
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 65%
Total physical RAM: 8146.24 MB
Available physical RAM: 2812.36 MB
Total Virtual: 13669.49 MB
Available Virtual: 3541.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.28 GB) (Free:17.92 GB) (Model: Samsung SSD 860 EVO 250GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.51 GB) (Free:51.98 GB) (Model: ST1000DM010-2EP102) NTFS

\\?\Volume{a0806901-c8f2-438e-9b1f-6fcc1d4e3528}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{0ad3927e-b681-4d8e-8b7e-934856e286a9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nalezen mallware

#2 Příspěvek od Rudy »

Zdravím!
Otevřte opoznámkový blok aq zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: CNMLMBX.DLL (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {7B608357-3AA3-48DF-BC49-E5C35C64C3C8} - System32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-19] (Google Inc -> Google Inc.)
Task: {5BD3D8C2-DBF1-4327-AFD5-9610D49C5955} - System32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-19] (Google Inc -> Google Inc.)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358}
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B}
FirewallRules: [TCP Query User{54B3AA0B-1505-406F-9293-B936DDA80F5D}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe => No File
FirewallRules: [UDP Query User{D40FD1B5-31C6-454A-837B-8C9B88B7C558}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe => No File
FirewallRules: [TCP Query User{00B975BB-21EF-43E7-AF64-E36DC93F7F48}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe => No File
FirewallRules: [UDP Query User{ACFC6685-3268-4DC5-913F-CE1DB977F883}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe => No File
FirewallRules: [TCP Query User{AF3B261B-59A7-424D-91A4-41E214E9EE30}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe => No File
FirewallRules: [UDP Query User{74B853A9-1A44-427E-A4A4-68462F035E78}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe => No File
FirewallRules: [TCP Query User{BD04BCD9-8082-4BB7-BB1A-F584786640C9}D:0\start.exe] => (Allow) D:0\start.exe => No File
FirewallRules: [UDP Query User{AB67A869-E346-4AC1-ACD4-252EED3EF8BD}D:0\start.exe] => (Allow) D:0\start.exe => No File
FirewallRules: [TCP Query User{65C92FA0-0B2C-4719-91AE-63543904E5A1}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{F6604065-A3FB-4F8E-81B9-8A66AF009729}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [{AF5AD9AD-B19A-4EF7-B7CB-544656E2EC9E}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{D53A2950-B59E-4271-9236-095E45DCB2B7}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{D9834C80-8268-4407-888F-5536EDC7FAAE}] => (Block) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{ADD030CE-1408-42F5-8D30-7A088FC6B5AD}] => (Block) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Vitek
Návštěvník
Návštěvník
Příspěvky: 115
Registrován: 07 led 2016 22:54

Re: Nalezen mallware

#3 Příspěvek od Vitek »

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by vitek (15-10-2023 21:13:23) Run:3
Running from C:\Users\vitek\Desktop
Loaded Profiles: vitek
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: CNMLMBX.DLL (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {7B608357-3AA3-48DF-BC49-E5C35C64C3C8} - System32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-19] (Google Inc -> Google Inc.)
Task: {5BD3D8C2-DBF1-4327-AFD5-9610D49C5955} - System32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-19] (Google Inc -> Google Inc.)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358}
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B}
FirewallRules: [TCP Query User{54B3AA0B-1505-406F-9293-B936DDA80F5D}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe => No File
FirewallRules: [UDP Query User{D40FD1B5-31C6-454A-837B-8C9B88B7C558}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe => No File
FirewallRules: [TCP Query User{00B975BB-21EF-43E7-AF64-E36DC93F7F48}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe => No File
FirewallRules: [UDP Query User{ACFC6685-3268-4DC5-913F-CE1DB977F883}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe => No File
FirewallRules: [TCP Query User{AF3B261B-59A7-424D-91A4-41E214E9EE30}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe => No File
FirewallRules: [UDP Query User{74B853A9-1A44-427E-A4A4-68462F035E78}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe] => (Allow) D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe => No File
FirewallRules: [TCP Query User{BD04BCD9-8082-4BB7-BB1A-F584786640C9}D:0\start.exe] => (Allow) D:0\start.exe => No File
FirewallRules: [UDP Query User{AB67A869-E346-4AC1-ACD4-252EED3EF8BD}D:0\start.exe] => (Allow) D:0\start.exe => No File
FirewallRules: [TCP Query User{65C92FA0-0B2C-4719-91AE-63543904E5A1}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{F6604065-A3FB-4F8E-81B9-8A66AF009729}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [{AF5AD9AD-B19A-4EF7-B7CB-544656E2EC9E}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{D53A2950-B59E-4271-9236-095E45DCB2B7}] => (Allow) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{D9834C80-8268-4407-888F-5536EDC7FAAE}] => (Block) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File
FirewallRules: [{ADD030CE-1408-42F5-8D30-7A088FC6B5AD}] => (Block) C:\Program Files (x86)\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\System\CurrentControlSet\Control\Print\Monitors\Canon BJ Language Monitor MG2500 series => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B608357-3AA3-48DF-BC49-E5C35C64C3C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B608357-3AA3-48DF-BC49-E5C35C64C3C8}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BD3D8C2-DBF1-4327-AFD5-9610D49C5955}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BD3D8C2-DBF1-4327-AFD5-9610D49C5955}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358}" => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{272B6B26-2990-4DC5-AFE1-EBEDC9611358}" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{7F0694C9-5EC9-4B45-81A6-CA4B8884859B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{54B3AA0B-1505-406F-9293-B936DDA80F5D}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D40FD1B5-31C6-454A-837B-8C9B88B7C558}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\setupapplication soviet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{00B975BB-21EF-43E7-AF64-E36DC93F7F48}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ACFC6685-3268-4DC5-913F-CE1DB977F883}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AF3B261B-59A7-424D-91A4-41E214E9EE30}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{74B853A9-1A44-427E-A4A4-68462F035E78}D:\stažené soubory\workers.and.resources.soviet.republic.v0.8.7.7\workers.and.resources.soviet.republic.v0.8.7.7\game\soviet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BD04BCD9-8082-4BB7-BB1A-F584786640C9}D:0\start.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AB67A869-E346-4AC1-ACD4-252EED3EF8BD}D:0\start.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{65C92FA0-0B2C-4719-91AE-63543904E5A1}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6604065-A3FB-4F8E-81B9-8A66AF009729}C:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF5AD9AD-B19A-4EF7-B7CB-544656E2EC9E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D53A2950-B59E-4271-9236-095E45DCB2B7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9834C80-8268-4407-888F-5536EDC7FAAE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADD030CE-1408-42F5-8D30-7A088FC6B5AD}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 178288420 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 533420239 B
Windows/system/drivers => 31052870 B
Edge => 0 B
Chrome => 708970810 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 116930 B
vitek => 11722361 B

RecycleBin => 26105648 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-10-2023 21:15:15)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 21:15:15 ====
Nahoru
Vitek
Návštěvník
Návštěvník
Příspěvky: 115
Registrován: 07 led 2016 22:54

Re: Nalezen mallware

#4 Příspěvek od Vitek »

Ještě mám jeden problém. Po zapnutí PC mi vyskočí:
https://ctrlv.cz/mAYp
a vždy musím překliknout na druhý profil (s obrázkem)
https://ctrlv.cz/I1NI
je to asi od doby co jsem zkoušel kopírovat data přes síť a nějak se mi nepodařilo :D
Jak prosím smažu ten druhý profil?
(pardon za kvalitu obrázků)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nalezen mallware

#5 Příspěvek od Rudy »

Bylo smazáno. Z těch obrázků je patrné pouze to, že k profilu nebylo zadáno správné heslo. Pokud máte jeden z těch profilů normálně přístupný a je administrátorský, můžete druhý profil běžným způsobem smazat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Vitek
Návštěvník
Návštěvník
Příspěvky: 115
Registrován: 07 led 2016 22:54

Re: Nalezen mallware

#6 Příspěvek od Vitek »

Vyskočila na mě tato tabulka - https://ctrlv.cz/SOh2
nevím při čem vyskočila. objevil jsem jí na ploše pod prohližečem. Co znamená?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nalezen mallware

#7 Příspěvek od Rudy »

Nejspíše vyskočila při nějakém otevírání skriptu prohlížečem. Pokud se problém nebude opakovat ignorujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Vitek
Návštěvník
Návštěvník
Příspěvky: 115
Registrován: 07 led 2016 22:54

Re: Nalezen mallware

#8 Příspěvek od Vitek »

Stále mám problém s tím účtem.. nikde v nastavení není jiný účet ale při zapnutí furt vyběhne viz. nahoře. https://ctrlv.cz/aDOH
Pokud dám přepnout uživatele nebo odhlásit tak je tam jen můj hlavní účet a ten druhý co vyskočí při zapnutí ne.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nalezen mallware

#9 Příspěvek od Rudy »

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

Junkware:
Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Vitek
Návštěvník
Návštěvník
Příspěvky: 115
Registrován: 07 led 2016 22:54

Re: Nalezen mallware

#10 Příspěvek od Vitek »

Zoek vysledek mi nelze vlozit :D zprava ma o 100000 vice znaku.
vlozim zkraceny..
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by vitek on 22.10.2023 at 12:50:30,38.
Microsoft Windows 10 Pro 10.0.19045 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\vitek\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.10.2023 12:52:28 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Grinding Gear Games deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\EA Games deleted successfully
C:\Program Files\Wondershare deleted successfully
C:\PROGRA~3\CanonIJPLM deleted successfully
C:\PROGRA~3\Foxit Software deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\SolidDocuments deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\vitek\AppData\Local\Blizzard deleted successfully
C:\Users\vitek\AppData\Local\DBG deleted successfully
C:\Users\vitek\AppData\Local\PeerDistRepub deleted successfully
C:\Users\vitek\AppData\Local\Saber deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\vitek\AppData\Roaming\Mozilla\Firefox\Profiles\v6f9g7o7.default-release\prefs.js:

Added to C:\Users\vitek\AppData\Roaming\Mozilla\Firefox\Profiles\v6f9g7o7.default-release\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Grinding Gear Games not found
C:\Users\vitek\AppData\Roaming\.technic deleted
C:\Users\vitek\AppData\Roaming\.tlauncher deleted
C:\Users\vitek\AppData\Roaming\7DaysToDie deleted
C:\Users\vitek\AppData\Roaming\discord deleted
C:\Users\vitek\AppData\Roaming\TuneFab Spotify Music Converter deleted
C:\Users\vitek\AppData\Roaming\Twitch deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\vitek\AppData\Local\PlariumPlay.log deleted
C:\Users\vitek\AppData\Local\cache deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tpm-34e8-11a4-e2e47a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1050-3850-35eb17.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1050-3850-35eb29.tmp deleted
SPOUSTA PODOBNÝCH - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\...
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ff8-1520-fd1e8ed.tmp deleted
"C:\Users\vitek\AppData\Local\3301857876" deleted
"C:\ProgramData\mntemp" deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\lockfile" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\000003.log" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\LOCK" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\LOG" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\MANIFEST-000001" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage" not deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\vitek\AppData\Roaming\Mozilla\Firefox\Profiles\v6f9g7o7.default-release
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================


Tipli do prohlížeče - vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp
Carbon Blackout - vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ialnhggmaghopmhanfnjjneegopfpbdj
Twitch Now - vitek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk
Tipli do prohlížeče - vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp
Edge relevant text changes - vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha
Twitch Now - vitek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk

==== Chromium Startpages ======================

C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Preferences
14AC03BDCB65AB8F1","pjkljhegncpnkpknbcohdijeoejaedia":"D2333DADE9BEC4ABDE46A0EFCC28EA0E53F76DD8478B25DBA0D458DE2C8705F1","plmlonggbfebcjelncogcnclagkmkikk":"81AF45C4E38442CBDECF0C5FBDEB73BF5E276A0E94294E47AF9412B70AFDD38C"}},"google":{"services":{"account_id":"B21A61C704C061D866920C27E1ACF24A8D7B1F77DFD751955C91C6486C0EE473","last_account_id":"70C1EE5D3DEE884204C9CBC253C88E1DCA8A48956320C053B1C0D50DBB0BDDC5","last_username":"1643DD57C66D863F17D62B6C89830115DE65116B4737AB74160F067609B39F87","username":"8A6B405F55BF8FAC8DB032B90831998E1D5E0BC1B61CA794E82EDEF379160B41"}},"homepage":"C46ED0AFD4F3B870EF6FF5A29ACCD3FC482FCB22AB888681DA17FF210739447B","homepage_is_newtabpage":"29016B3B962BA58EFC038EF34E739C80ABC17E52EDB817F6D6C78A2E57A07EEA","media":{"cdm":{"origin_data":"E4D653A9A1E9E13F8D298C808C073F02568521072BFFFEB1DE75532A693093E7","origins":"BD13916E3640759AFF6584F6E0AA9F6BB3580E3B5017745EFED86B0A57737311"},"storage_id_salt":"7A53A56F103AE416820ECFCE4504A4C23BC67AADFB6386FD36431115E666C997"},"module_blocklist_cache_md5_digest":"A09B3D6B43F3A11E7919077532E8DCE30F82AF5224B99FE3AE3D8EF5CE911A31","pinned_tabs":"20517767B96B12CFC52CF44ADE71B72CF7D1AE220FBC65AB497FFF61DBF6BA3D","prefs":{"preference_reset_time":"1EA94A72A9C58D5727A06456574BC7F857153701CBBFDC3DCEAE4ACD2503DC5E"},"safebrowsing":{"incidents_sent":"B41642AF7DC91A00CAFA0A45D51F64FF7D62967FC6888FAFFC2BE0C92635B105"},"search_provider_overrides":"DBF813A58E7FA18844FAA7DE297E13C889F371D1F587DDC719F91DDA2E1C038E","session":{"restore_on_startup":"1470D1CDAF2FDD561AC38AE3B234A31DF0DD7578848ED71D84D1395E44153D87","startup_urls":"1DCC7FF8D84F1D296EF496822817992B799B087B07433DD622D14D780CC6FE07"},"settings_reset_prompt":{"last_triggered_for_default_search":"27A3C1169E95B99EC8D6C8A063BAEC44637AF044A56D2C71D26BC7347EC2293A","last_triggered_for_homepage":"EA4627B3840043EDF196FA52C1B04BB6F35DBEB74F4B1C888C0197A4B99155EB","last_triggered_for_startup_urls":"368876282367AABEB5C76A233D47CF0327D0975B01D342795BFA54F285DDD6A6","prompt_wave":"35ACBCAE2085F02ED4386EA6F4E2C0C47DDC7742ED205AE29EBB864957EC20DE"},"software_reporter":{"prompt_seed":"364CC41C1E9FBA7B4452D982A425BE172C21FF84E0D865DDB0D5B8F66EF68046","prompt_version":"9D63644B72046DF37B9DDEDDB27100ED5CCE42DC40D3901482F5126DF0698DE5","reporting":"E41DE60C2712B12405FFD619E4EBA369D7874CACF67F68087BD6B251D302CC30"}},"super_mac":"CEBBCD207BA167DB845607591A08A10BD366C80673DC0005A00AB12EF291C51B"},"session":{"restore_on_startup":1,"startup_urls":["https://www.google.com/"]},"settings_reset_prompt":{"prompt_wave":20190606}}

C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
ebcjelncogcnclagkmkikk":"8E0CDB93B0FFE4B65A0A88B294EDEE6814FE281D950D9317E79FA2AB3B524B65"}},"homepage":"9CF83D3F3F16133763210114499B77E7989FBD458CD6AAB4E961D75BF5E81EE6","homepage_is_newtabpage":"424C52DF317D8BA772597900B73A05E1C93E402F71F410CFEA9A234C2BA34D9D","media":{"cdm":{"origin_data":"8A2F81D692BB96D409E1FA7051D2470D570BEB1E7C8F933B2EEAF14835DBFABC","origins":"7EE78C8CC2A8D5DDD19F1DF695FEC406780234DEB96E528611D16928524807D6"},"storage_id_salt":"8C3455D22E510750450230A966B29B8BE05C3CCC55A6C32C44D1A1311A49FBB3"},"pinned_tabs":"9412A5547539CD9512FD9ACD63A2F19D9F1543EB8135E2664465AD9DBD4E7A46","prefs":{"preference_reset_time":"333B377110709831C5546CDBC9A7DEEE04ADE0AA357217D5C38D674749DE808E"},"safebrowsing":{"incidents_sent":"3141C7546A06E7EA331CC7C22762C1B78243707E8CAF27061B54775E2F526296"},"search_provider_overrides":"457071D51313BC9687F7BC68F197A7F27BFB5E18BA660BA415029F5FB5F33A64","session":{"restore_on_startup":"B408A6BC42DEFFD6204926388EC6ECE4CB2D888D24A3662EE6B2D17A496A0E96","startup_urls":"6FF44D50F921113F60FD30506C311464E4D8950095406BEA6159EE3BF93D4A25"},"settings_reset_prompt":{"last_triggered_for_default_search":"7BCCD8AC4F55EAC92871F5516440AACCB074B378DBE6F789147A3C44DABE4412","last_triggered_for_homepage":"6631C40E7D3B22D98939600954334DB668388B0B596B3C51675E2B6EF9064553","last_triggered_for_startup_urls":"EB328E7100D008F527C675A24DC754014C01B05EF5F87F12895089DA05FD828A","prompt_wave":"944A69B33389B3EB498084FACBAFD476CF48A7305C6FC38AA2C15A3DFDD66AE4"},"software_reporter":{"prompt_seed":"6D59D906F72BDE0252077F62575238F75BBDD114457DA59543CC8D4A3ABDECB4","prompt_version":"77AF0AA1D93C05F46417280EE85AC5A8130BB8BF7B414DB65217287CABCC99C8","reporting":"7AA75A4E7011091F8F719B34D5528FABC7F85DC4615CF5BE4A3E4D8D7F617D58"}},"super_mac":"5C0797FADE6514CD9A53FF9C6634ACD38EB4E58A9B921CBD04CFE50C071EA696"},"session":{"restore_on_startup":1,"startup_urls":["https://www.google.com/"]}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\vitek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\vitek\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\vitek\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5617 folders=3656 4008767494 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\vitek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" deleted
"C:\Users\vitek\AppData\Roaming\LGHUB\lockfile" not found
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\000003.log" not found
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\LOCK" not found
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\LOG" not found
"C:\Users\vitek\AppData\Roaming\LGHUB\Local Storage\leveldb\MANIFEST-000001" not found
"C:\Users\vitek\AppData\Roaming\LGHUB" not found

==== EOF on 22.10.2023 at 14:06:21,84 ======================



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by vitek (Administrator) on 22.10.2023 at 14:18:21,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.10.2023 at 14:22:27,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nalezen mallware

#11 Příspěvek od Rudy »

Jak to vypadá teď?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Vitek
Návštěvník
Návštěvník
Příspěvky: 115
Registrován: 07 led 2016 22:54

Re: Nalezen mallware

#12 Příspěvek od Vitek »

Stále po zapnutí vyskočí tabulka a musím přepnout učet a dat pin.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nalezen mallware

#13 Příspěvek od Rudy »

Virový problém to zřejmě není. Zkuste tento postup: https://support.microsoft.com/cs-cz/top ... b9fbbd152b .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“