Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by xschi (22-04-2021 09:37:57)
Running from C:\Users\xschi\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2020-11-03 14:16:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3039489114-2094619844-3197177633-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3039489114-2094619844-3197177633-503 - Limited - Disabled)
Guest (S-1-5-21-3039489114-2094619844-3197177633-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3039489114-2094619844-3197177633-504 - Limited - Disabled)
xschi (S-1-5-21-3039489114-2094619844-3197177633-1001 - Administrator - Enabled) => C:\Users\xschi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K YouTube to MP3 (HKLM\...\{516E02FE-F641-4DA4-88B7-A54C85C02212}) (Version: 3.15.0.4160 - Open Media LLC) Hidden
4K YouTube to MP3 (HKLM-x32\...\{2e4d2628-f757-4e9f-928d-e4df69e086ce}) (Version: 3.15.0.4160 - Open Media LLC)
Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Hidden
Application Verifier x64 External Package (HKLM\...\{10CA1677-8F02-3131-F25C-780BAB52E468}) (Version: 10.1.18362.1 - Microsoft) Hidden
Azure Data Studio (HKLM\...\{6591F69E-6588-4980-81ED-C8FCBD7EC4B8}_is1) (Version: 1.23.0 - Microsoft Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.25.1 - Bitwarden Inc.)
Browser for SQL Server 2019 (HKLM-x32\...\{5E366957-8D78-4BB5-A790-96F97A9766BD}) (Version: 15.0.2000.5 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017 (HKLM-x32\...\{A89F4446-3B75-433B-91B3-C88868CA8544}) (Version: 4.8.03928 - Microsoft Corporation)
Color Cop 5.4.3 (HKLM-x32\...\Color Cop_is1) (Version:  - Jay Prall)
CurseForge (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.170.1.2 - Overwolf app)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 2.5.0.0 - Docker Inc.)
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\Flux) (Version:  - f.lux Software LLC)
FortiClient (HKLM\...\{4B553DAB-DE27-4424-B32E-E849A3517AA2}) (Version: 6.4.3.1608 - Fortinet Technologies Inc)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
GDR 2070 for SQL Server 2019 (KB4517790) (64-bit) (HKLM\...\KB4517790) (Version: 15.0.2070.41 - Microsoft Corporation)
GDR 2080 for SQL Server 2019 (KB4583458) (64-bit) (HKLM\...\KB4583458) (Version: 15.0.2080.9 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{CDD0EC5B-EBEE-4822-B994-78AD30D90874}) (Version: 16.8.30607 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{D3902E63-1FC9-4F66-953E-839733B26270}) (Version: 16.8.30607 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{4F864505-C6D3-43A3-BB76-347F5E858E59}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{8A64881A-8735-4C75-91BE-BCE0A45BCDB0}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{0307C98E-AE82-4A4F-A950-A72FBD805338}) (Version: 10.0.04403 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Integration Services (HKLM-x32\...\{1BA4F809-5F3E-4882-8481-861A05921A1A}) (Version: 15.0.2000.128 - Microsoft Corporation) Hidden
Intel(R) Extreme Tuning Utility (HKLM-x32\...\{a52e99c3-4440-4ee8-b9f7-3e0a4033bbc4}) (Version: 7.0.1.4 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
KeePass Password Safe 2.46 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.46 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Memurai Developer (HKLM\...\{A7BF8192-AA43-448A-A39A-EF9B1D2572D9}) (Version: 2.0.2 - Janea Systems)
Microsoft .NET Core Runtime - 2.1.27 (x64) (HKLM-x32\...\{97bb42dd-49e0-4bc8-ad46-8130c8fef79a}) (Version: 2.1.27.29916 - Microsoft Corporation)
Microsoft .NET Core SDK 3.1.408 (x64) (HKLM-x32\...\{7f96e513-2c4b-4650-b9e3-2d1eef62b7c7}) (Version: 3.1.408.15681 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (ENU) (HKLM-x32\...\{A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{BAAF5851-0759-422D-A1E9-90061B597188}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET SDK 5.0.100 (x64) from Visual Studio (HKLM\...\{16D58CBE-8F79-46C3-821C-7534E7218D29}) (Version: 5.1.20.52605 - Microsoft Corporation)
Microsoft .NET SDK 5.0.104 (x64) (HKLM-x32\...\{ffd9c013-1ec9-45ed-8ca2-104e6a0800b7}) (Version: 5.1.421.11822 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13929.20216 - Microsoft Corporation)
Microsoft ASP.NET Core 2.1.27 - Shared Framework (HKLM-x32\...\{7c0c8d9a-9266-429b-8a02-ce7a9b28e435}) (Version: 2.1.27.49112 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.14 - Shared Framework (HKLM-x32\...\{14937385-d104-412c-872e-05ac23a92441}) (Version: 3.1.14.21166 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.5 - Shared Framework (HKLM-x32\...\{2d9c970f-7e49-454b-81bf-6eca1b48fcea}) (Version: 5.0.5.21167 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.5 - Shared Framework (HKLM-x32\...\{5c2e0298-7665-4d5e-8602-52dc3694d24f}) (Version: 5.0.5.21167 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.10 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.10) (Version: 5.10.19227.2113 - Microsoft Corporation)
Microsoft Azure Storage Explorer version 1.16.0 (HKLM-x32\...\{8E14ADF3-1B18-4711-87BD-E3827D395466}_is1) (Version: 1.16.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.42 - Microsoft Corporation)
Microsoft Help Viewer 2.3 (HKLM-x32\...\Microsoft Help Viewer 2.3) (Version: 2.3.28107 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{E36FFC78-D25E-4962-872B-9CE0E50E62CD}) (Version: 17.5.1.1 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{74A97B61-DE37-40DF-9E00-B302E5D3C4CE}) (Version: 18.3.0.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\OneDriveSetup.exe) (Version: 21.067.0404.0001 - Microsoft Corporation)
Microsoft Report Builder (HKLM-x32\...\{A8171ACF-6124-408A-9B0D-5E9773ED90CA}) (Version: 15.0.19210.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2019 (64-bit) (HKLM\...\Microsoft SQL Server SQL2019) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2019 Setup (English) (HKLM\...\{17DCED0E-5B27-453A-B2B4-E487B869B28A}) (Version: 15.0.4013.40 - Microsoft Corporation)
Microsoft SQL Server 2019 T-SQL Language Service  (HKLM\...\{31D27B41-A051-49D8-907A-62E0F4A2188C}) (Version: 15.0.2000.5 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 18.7.1 (HKLM-x32\...\{a83fd35c-47e3-4877-b7aa-427fc7de02c7}) (Version: 15.0.18358.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.9.3365.38425 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}) (Version: 15.0.27520 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2019 (HKLM\...\{2C33F4D4-E9A5-4DE1-ACFE-3A13464E6703}) (Version: 15.0.2000.5 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.14 (x86) (HKLM-x32\...\{910975ce-2379-434d-8e20-b36e068df1a9}) (Version: 3.1.14.29915 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.5 (x64) (HKLM-x32\...\{97a0c33d-cb7d-4cff-8239-c7704b60e698}) (Version: 5.0.5.29917 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.5 (x86) (HKLM-x32\...\{fc569924-0ab1-4665-b4e4-72bbd3fdda97}) (Version: 5.0.5.29917 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 83.0 - Mozilla)
mRemoteNG (HKLM-x32\...\{6CAD3681-0B2E-4B2D-89D0-2DFF4D35A3DE}) (Version: 1.77.1.27654 - Next Generation Software)
MSI Development Tools (HKLM-x32\...\{DB4DB790-64DD-1902-4BF2-833B3B6DBCA1}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 466.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.11 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.168.0.12 - Overwolf Ltd.)
Postman Agent-win64-0.2.5 (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\PostmanAgent) (Version: 0.2.5 - Postman)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 210318 - Kakao Corp.)
RDM (HKLM-x32\...\RDM) (Version: 2020.7.0 - Kany.me)
Roblox Player for xschi (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for xschi (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\roblox-studio) (Version:  - Roblox Corporation)
SDK ARM Additions (HKLM-x32\...\{73681F86-CD86-4208-572F-959B45430B04}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{67EE3804-9642-62BA-EBF1-B1561FB4ECBE}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SQL Server 2019 Batch Parser (HKLM\...\{D459615B-83B0-408F-8F39-6CC07C277BA6}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Common Files (HKLM\...\{0FB552DD-543E-48E7-A6F4-2F8D82723C6A}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Common Files (HKLM\...\{5E4344C9-8B97-4ED9-8760-57E221C240F4}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Connection Info (HKLM\...\{99B940D5-1A49-4B6C-B26C-6A88B2C061CA}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Connection Info (HKLM\...\{FD730873-33D1-4D1F-9AE0-E259586F8827}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Services (HKLM\...\{A60B3D8E-5311-4BF1-AF7A-D1AC15F9152E}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Services (HKLM\...\{E3E84B2C-FCF6-469F-9FE7-5E8934DB69AD}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Shared (HKLM\...\{619F0B6C-C802-422A-B4E5-294E61F68473}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Database Engine Shared (HKLM\...\{DE5B7937-D5B5-4157-BC30-BB87F021CFF0}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 DMF (HKLM\...\{814D5077-C93F-42E2-B875-717007C186B9}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 DMF (HKLM\...\{FC8DC283-4A85-467F-8D0E-2FE4606DCCA1}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Full text search (HKLM\...\{BFF9440C-BC5B-4326-A861-916CC3788A4A}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects (HKLM\...\{6213D6CB-D258-47A3-B1A0-EE1E5C080DCF}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects (HKLM\...\{A8581199-F913-443B-B058-8E8BF317E71C}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects Extensions (HKLM\...\{8DDAEBCA-4267-4E16-9FE0-D87F21D36891}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 Shared Management Objects Extensions (HKLM\...\{C7E6D4B7-CB10-4239-BA04-D9339B39D0BD}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 SQL Diagnostics (HKLM\...\{28ED6838-D8E5-454C-A813-12C5EB447CAB}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 XEvent (HKLM\...\{2129312E-5204-4F3A-9039-B6D34DBB00FB}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server 2019 XEvent (HKLM\...\{228C3DC2-695E-4FC7-87E4-6A9CE905DA9B}) (Version: 15.0.2000.5 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{66C26B42-AE10-45D8-A105-3DACBE959F3A}) (Version: 15.0.18358.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{E98F3E26-D9C6-41B7-9004-90E06D45807B}) (Version: 15.0.18358.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{690C4976-A775-41F7-88B1-F67677DE05F1}) (Version: 15.0.18358.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{1A77173C-B256-4063-9EC1-CCBD9C42DF64}) (Version: 15.0.18358.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{1E3117FE-AB81-4155-8CA1-58C467652C79}) (Version: 15.0.18358.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.11.6 - TeamViewer)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Twitch (HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
TypeScript SDK (HKLM-x32\...\{873B2737-D587-4FC9-993D-086DBF507461}) (Version: 4.0.3.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{13952D7A-B7B3-F4F8-5F29-5CD18E8168B7}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{74CBC330-ED16-31B9-E8BE-0C6A8E67DE32}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{847D4DAF-0182-265B-324F-406462E8A90D}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{54FE4D23-11A2-F1C4-76E9-79C8FB40A4A1}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{9F7B0D96-881D-8850-C303-43F3A08E6902}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6F54BF87-2EE6-FA6D-431D-33A665992D49}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{10D9FDCA-0D16-4C80-91DD-EDDA62A0F29D}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{7C6166AB-7B4D-47A1-840D-723D2B6A1DAC}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Visual Studio Professional 2019 (HKLM-x32\...\74ec209c) (Version: 16.8.30717.126 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{E90279BA-36B4-4477-A1B7-C81B571172F2}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{72E86320-AFF2-44F8-9C8B-0BD51E5B14DE}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{4A143624-67D1-42E7-BADA-E3574DB7157E}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DE982ACB-A44E-44A5-BEA5-F0816490312C}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsires (HKLM-x32\...\{1E54D106-5773-4D9E-AEDF-AC5AFEAF1395}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{8E3AE0EF-D067-700C-BDB4-10D5552155DC}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.18362.1 (HKLM-x32\...\{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 - Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM\...\{8D646799-DB00-4000-AE7A-756A05A4F1D8}) (Version: 5.4.72 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{E67F1F03-FB4A-3D61-8999-E6A4C4B26F34}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{7EF010FF-7800-28BA-FF49-2D219EC7BA82}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{36AE12FB-4349-6EAA-B6E4-5F4E06FA8AE8}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{6B03A6A4-643C-57CE-CA6F-4E19BF47497A}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{918A448F-59E8-FBF5-B087-D3F07160C7E0}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{66483041-F590-EC46-4AF0-EE39C62FB680}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{9C61E6D2-C43E-6746-B519-6185558C4A24}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{6B37CC5B-78DF-5050-2215-68479716A587}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{250D5341-0879-4016-399C-BBCD87B80E95}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version:  - Blizzard Entertainment)

Packages:
=========
Bang ＆ Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.3.181.0_x64__v10z8vjag6ke6 [2021-03-26] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.276.0_x64__v10z8vjag6ke6 [2021-03-20] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-11-03] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1015.0_x64__8j3eq9eme6ctt [2021-03-26] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-17] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-11-03] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-21] (NVIDIA Corp.)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2021-03-02] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]
Thunderbolt Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.30.0_x64__8j3eq9eme6ctt [2021-01-05] (INTEL CORP)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3039489114-2094619844-3197177633-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-3039489114-2094619844-3197177633-1001_Classes\CLSID\{04271989-C4D2-1B52-E51C-C84295F60CA2} -> [Lotraco s.r.o] => C:\Users\xschi\Lotraco s.r.o [2020-11-03 17:30]
CustomCLSID: HKU\S-1-5-21-3039489114-2094619844-3197177633-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\xschi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2021-02-08] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_a15bbc31588a3c38\nvshext.dll [2021-04-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [FortiClient] -> {1935F098-AF3C-4AFC-ADA2-12C74B452DF1} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll [2021-02-08] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-04-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-10 08:14 - 2021-04-10 08:14 - 000282112 _____ () [File not signed] [File is in use] c:\program files (x86)\microsoft visual studio\2019\professional\common7\ide\extensions\microsoft\liveshare\Agent\MessagePack.dll
2021-03-17 17:08 - 2021-03-17 17:08 - 001716224 _____ () [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V0980bc02#\c48441787a306ce709f98845f73197c5\Microsoft.VisualStudio.ExtensionEngine.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 002772480 _____ () [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V317d5f2e#\ecfbb89fb7a73478146675bc49c5f6ca\Microsoft.VisualStudio.ProjectServices.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 000233472 _____ () [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V3880418d#\6b94a86cc87b3f51ba823b830c054f74\Microsoft.VisualStudio.CodingConventions.ni.dll
2021-03-17 17:09 - 2021-03-17 17:09 - 000050688 _____ () [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd5d72abf#\6ef8148e48aa1b9786b8e14817cab428\Microsoft.VisualStudio.ExtensionManager.ni.dll
2021-03-17 17:09 - 2021-03-17 17:09 - 001721856 _____ () [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf617de63#\7cf8a65d83abd79b1917e6ee44008e24\Microsoft.VisualStudio.ExtensionManager.Implementation.ni.dll
2021-04-10 08:14 - 2021-04-10 08:14 - 000092672 _____ (Andrew Arnott) [File not signed] [File is in use] c:\program files (x86)\microsoft visual studio\2019\professional\common7\ide\extensions\microsoft\liveshare\Agent\Nerdbank.Streams.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 001335296 _____ (Andrew Arnott) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Nerdbank.Streams\12f5db8397ee024a30ea9af05cabc207\Nerdbank.Streams.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 001335808 _____ (Andrew Arnott) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Nerdbank.Streams\f5a91b5c679319bca284ee3cd5c4148a\Nerdbank.Streams.ni.dll
2021-03-17 17:17 - 2021-03-17 17:17 - 001605120 _____ (Andrew Arnott) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Nerdbank.Streams\6b2876368fb7cff33836434ad5a7271d\Nerdbank.Streams.ni.dll
2021-02-08 21:14 - 2021-02-08 21:14 - 001813010 _____ (Fortinet Inc.) [File not signed] C:\Program Files\Fortinet\FortiClient\utilsdll.dll
2020-11-03 17:04 - 2020-11-03 17:04 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-11-03 17:04 - 2020-11-03 17:04 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-03-17 17:08 - 2021-03-17 17:08 - 000498176 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.D487c049b#\bf65b4837f10b781023c873aca0d1188\Microsoft.Developer.IdentityService.Client.ni.dll
2021-03-17 17:08 - 2021-03-17 17:08 - 000521728 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Df9554d34#\d00f63cc3b7c28e378c23a5f0d25f1ab\Microsoft.Developer.IdentityService.GitHubProvider.UI.ni.dll
2021-03-17 17:07 - 2021-03-17 17:07 - 002667520 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P7b1c56a8#\74cef729b47396cf92a0fd23d05a6ebc\Microsoft.ProgramSynthesis.Transformation.Tree.ni.dll
2021-03-17 17:07 - 2021-03-17 17:07 - 016932352 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pc1a5b57c#\b13a547066c2456911e62119d40d686e\Microsoft.ProgramSynthesis.Common.ni.dll
2021-03-17 17:07 - 2021-03-17 17:07 - 001234944 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Pfefc6aed#\e2e8aecaf92ad305c097add60a60293b\Microsoft.ProgramSynthesis.Suggestions.Code.Engine.ni.dll
2021-03-17 17:06 - 2021-03-17 17:06 - 001368064 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S0b6afd4f#\8cdbc6a19770c6a946071e2da9c8feea\Microsoft.ServiceHub.Framework.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 001366528 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S0b6afd4f#\f433c8178ab92b5079854923608c2de7\Microsoft.ServiceHub.Framework.ni.dll
2021-03-17 17:06 - 2021-03-17 17:06 - 000478208 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.S5aeb222a#\77d77b7506b292d078eba097743109b0\Microsoft.ServiceHub.Client.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 000226816 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sb88c8854#\bf3e988581579a61d3339b5d885477b3\Microsoft.ServiceHub.HostLib.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 000459264 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Sca0cfb83#\45a51f80455b2a858b1d57506f5fa413\Microsoft.ServiceHub.HostStub.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 000182272 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V2f43c8ea#\a93b16163cc80dee5ba5b0dc64af029c\Microsoft.VisualStudio.Workspace.VSIntegration.Contracts.ni.dll
2021-03-17 17:07 - 2021-03-17 17:07 - 002667008 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V43ea1027#\d346a0193b44fff7b66291b13e99044c\Microsoft.VisualStudio.IntelliCode.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 006623744 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V4922f139#\d666d3a6a1496d5ef3bc3f52008ead4d\Microsoft.VisualStudio.ProjectSystem.Implementation.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 000567808 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V624a2f90#\cc6eda15e2cd22c475a30914896eb9a6\Microsoft.VisualStudio.Workspace.ni.dll
2021-03-17 17:09 - 2021-03-17 17:09 - 001968128 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V64f73072#\ed793a34b3c6d202d0522a897be9db2d\Microsoft.VisualStudio.Setup.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 000031744 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V6bd7fe9f#\16724cff0b6e456418720cbf0a345488\Microsoft.VisualStudio.Workspace.Extensions.VS.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 000139264 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbe54ab74#\4d63876b89e6914c3132b6fe3714d613\Microsoft.VisualStudio.Workspace.Extensions.ni.dll
2021-03-17 17:09 - 2021-03-17 17:09 - 000269824 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbea50588#\311ffbcd1d0cead92f1f1bcf07fb7039\Microsoft.VisualStudio.Setup.Download.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 001656320 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbeb7089b#\1e65bc020a0c0f494abf03e59add0641\Microsoft.VisualStudio.Threading.ni.dll
2021-03-17 17:04 - 2021-03-17 17:04 - 001620480 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbeb7089b#\39a3d494a2c428ff629104b3aa27a0c2\Microsoft.VisualStudio.Threading.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 000536576 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd21cd7ee#\92b02520515cbd0d819fcdd12cfa018d\Microsoft.VisualStudio.ProjectSystem.VS.ni.dll
2021-03-17 17:09 - 2021-03-17 17:09 - 000054784 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd43b287e#\f4510c30c0aeb2fa2287cdabbb08e7ae\Microsoft.VisualStudio.Validation.ni.dll
2021-03-17 17:04 - 2021-03-17 17:04 - 000048640 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd43b287e#\f92258ede144e0523ecc7b667692a792\Microsoft.VisualStudio.Validation.ni.dll
2021-03-17 17:09 - 2021-03-17 17:09 - 000803840 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd873e1f1#\602621651e35bd1324c119325c514134\Microsoft.VisualStudio.Setup.Common.ni.dll
2021-03-17 17:05 - 2021-03-17 17:05 - 006157824 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vf3bd3225#\6c322c7d8eb948d58c1b923e3cb88d97\Microsoft.VisualStudio.ProjectSystem.ni.dll
2021-03-17 17:08 - 2021-03-17 17:08 - 001092096 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vfd40090d#\159cf2ac176afefe3f0db7038f5cca98\Microsoft.VisualStudio.Composition.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 000926208 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\StreamJsonRpc\5f9d36afd51b88fed638907089ea8d24\StreamJsonRpc.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 000439808 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\StreamJsonRpc\655dcfe7509052f3b17d5f35a2c848e0\StreamJsonRpc.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 001502208 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\StreamJsonRpc\664116402003b4158de39d01ee2cda44\StreamJsonRpc.ni.dll
2021-03-17 17:17 - 2021-03-17 17:17 - 001760768 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0b6afd4f#\26d5a70c1a4c4fdee2dda69232403cbc\Microsoft.ServiceHub.Framework.ni.dll
2021-03-17 17:16 - 2021-03-17 17:16 - 001761792 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S0b6afd4f#\3d64684824181880889feda758330ef0\Microsoft.ServiceHub.Framework.ni.dll
2021-03-17 17:16 - 2021-03-17 17:16 - 000610816 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.S5aeb222a#\1b19a21959c7dde35f0bab01f3fcf377\Microsoft.ServiceHub.Client.ni.dll
2021-03-17 17:17 - 2021-03-17 17:17 - 000283648 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sb88c8854#\f4138d5fd50be7ff83c9d051e134d5b9\Microsoft.ServiceHub.HostLib.ni.dll
2021-03-17 17:17 - 2021-03-17 17:17 - 000577024 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sca0cfb83#\f8ebfa03200a82820746e9d1e23f690b\Microsoft.ServiceHub.HostStub.ni.dll
2021-03-17 17:15 - 2021-03-17 17:15 - 002100224 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vbeb7089b#\22e87174662eaa49532c627805879041\Microsoft.VisualStudio.Threading.ni.dll
2021-03-17 17:15 - 2021-03-17 17:15 - 000058880 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Vd43b287e#\7c5b9d5fb5f07eff0afc65a37b7b8f8d\Microsoft.VisualStudio.Validation.ni.dll
2021-03-17 17:17 - 2021-03-17 17:17 - 001221120 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\StreamJsonRpc\ec47d8668d02e0c1a36fd1a157c0f808\StreamJsonRpc.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 002050560 _____ (neuecc,aarnott) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\MessagePack\9457fdd3d13429add76ffc8c8a3b2af3\MessagePack.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 000016384 _____ (neuecc,aarnott) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\MessagePack311884ad#\0f00adfc438d0dc251eaae936ae8da70\MessagePack.Annotations.ni.dll
2021-03-17 17:04 - 2021-03-17 17:04 - 003060736 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\e5e20eaa3bfed45a3478e203cc62209b\Newtonsoft.Json.ni.dll
2021-03-17 17:10 - 2021-03-17 17:10 - 003061248 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\ecfad3167d913e1734dc783d4af99b69\Newtonsoft.Json.ni.dll
2021-03-17 17:17 - 2021-03-17 17:17 - 003834368 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\12fc93eaddbac39b7d00714db8597b3a\Newtonsoft.Json.ni.dll
2021-03-17 17:18 - 2021-03-17 17:18 - 003923456 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\956845921c93e054065d978f97bdf320\Newtonsoft.Json.ni.dll
2020-11-03 16:32 - 2020-11-03 16:32 - 000023040 _____ (Synaptics Incorporated.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.3.181.0_x64__v10z8vjag6ke6\SynAudSrvDll.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2020-12-26] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2020-12-26] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\sharepoint.com -> hxxps://lotraco-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2021-04-21 15:26 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

2020-11-04 23:42 - 2020-11-09 09:34 - 000000436 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.30.128.1 nbhorak.mshome.net # 2025 11 6 8 7 34 2 62
24

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xschi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 10.35.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) 
Ethernet 2: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) 
Ethernet: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "TechSmithSnagit"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\StartupApproved\Run: => "Docker Desktop"
HKU\S-1-5-21-3039489114-2094619844-3197177633-1001\...\StartupApproved\Run: => "TSMApplication"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C9E05E41-E8AE-4C2F-A958-3D616B3B3E77}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E63202D7-B551-48E7-B86F-4CDED1B51261}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB4D7F03-7967-4D72-AC2A-857B110670C3}] => (Allow) D:\Games\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7075969E-3573-4016-BA36-8CFBF0CE6CB6}] => (Allow) D:\Games\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{95B0BCB2-5D14-42AE-9A77-886E17F6C95C}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{22ACC426-ECDE-4478-9389-957E38D13380}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6158ABB7-3C70-47C6-B960-7EB40439383C}] => (Allow) C:\Program Files\Memurai\memurai.exe (Janea Systems, Inc. -> Janea Systems, Inc.)
FirewallRules: [TCP Query User{2A2BC52C-034E-49BB-A69F-E4E7A9A9954E}C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{870F1D59-FA36-402A-8DF8-4E96E5553F01}C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{77FE288E-8E4A-4E60-BE1C-70ACC066B6B6}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> )
FirewallRules: [UDP Query User{36809422-4659-449C-AAC5-10D363C1F298}C:\program files\docker\docker\resources\com.docker.backend.exe] => (Allow) C:\program files\docker\docker\resources\com.docker.backend.exe (Docker Inc -> )
FirewallRules: [{B224E10F-857D-4147-B536-9B179AE6CDAB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3DF4C6B1-B06A-4F2A-96A0-4F4424F657AA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5F1ED673-2FEF-40D3-B05C-2511C9D4C852}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AB9B0EA3-FA87-4024-AA03-851827F5926E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{ED3D5D5F-3ABC-41D6-B851-C7CB64BB1EB8}] => (Allow) D:\Games\Steam\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5A89A069-CDFA-4211-9D21-160421B4CF5C}] => (Allow) D:\Games\Steam\steamapps\common\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{59CF2490-35C6-49A2-927B-541EDC2C5757}C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{ED300E49-31B1-4CA1-A473-48171ED92A25}C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{61A4688A-E398-411D-96D7-5FEDACA0CDE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{27A4302C-9E5D-4BD4-848D-48D12CB74CC5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{08693775-69B6-4DED-9E64-DC466C5CDB41}D:\games\epic\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) D:\games\epic\darkestdungeon\_windowsnosteam\darkest.exe () [File not signed]
FirewallRules: [UDP Query User{F7890613-9620-4B15-B3E6-C2386E8D06CB}D:\games\epic\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) D:\games\epic\darkestdungeon\_windowsnosteam\darkest.exe () [File not signed]
FirewallRules: [TCP Query User{F1940AC3-6194-46A1-9900-32E63EFBA083}C:\program files (x86)\microsoft visual studio\2019\professional\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\professional\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{7F10D26B-627F-4AD6-B49F-02E63237AA69}C:\program files (x86)\microsoft visual studio\2019\professional\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\professional\common7\ide\extensions\microsoft\liveshare\agent\vsls-agent.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{57D7B1CD-B726-4D8D-AEED-EC99B421DCA9}D:\games\call of duty 2\cod2mp_s.exe] => (Allow) D:\games\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{8197C53B-98E0-4B4E-B3AB-244E47EECED0}D:\games\call of duty 2\cod2mp_s.exe] => (Allow) D:\games\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [{F259F5F0-5BCE-47C0-A2FB-BFB0F2516F9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5EE34F44-70EB-4DB7-8290-8DAE0F4849B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AE828DA-DA26-43A3-872A-0A7FA8400F1B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE988A6B-91CE-491A-B4C8-30996E33E890}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{97DFD32D-CE9D-4350-B15A-100EC15132EA}] => (Allow) D:\Games\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{51D421C7-E3D7-47B1-908A-F262E68E30F6}] => (Allow) D:\Games\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{35FF294E-066E-45B0-88B5-6C95C5E5E9FA}] => (Allow) D:\Games\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{BAA64E19-30F5-4A7F-AA32-757DFBED5C71}] => (Allow) D:\Games\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [TCP Query User{11A7628E-34ED-4422-970B-B1A7169C633B}C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{A82BD145-8021-46F0-92D8-82744F2D83EE}C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\professional\msbuild\microsoft\visualstudio\nodejs\win-x64\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [TCP Query User{700535D4-BF5E-4763-B5ED-9F3162412C41}C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F5D2E904-EA9C-474C-9F7E-034B7123CAEB}C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\xschi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D3CE443D-2792-43AC-9C6F-99A4279C349C}D:\games\call of duty 2\cod2mp_s.exe] => (Allow) D:\games\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [UDP Query User{39E77DFB-3D1F-45F0-AD74-782CA67DCEAC}D:\games\call of duty 2\cod2mp_s.exe] => (Allow) D:\games\call of duty 2\cod2mp_s.exe () [File not signed]
FirewallRules: [TCP Query User{D759582E-D047-45BB-AD7E-17FA96D71511}D:\programs\utorrent\utorrent.exe] => (Allow) D:\programs\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{4657D8D6-3927-4556-8844-1DAACE394A77}D:\programs\utorrent\utorrent.exe] => (Allow) D:\programs\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{530D9175-A873-480B-A8FB-24AE9367AE58}] => (Allow) D:\Games\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{8C14AE81-6FBD-438D-A479-757F6B6904A3}] => (Allow) D:\Games\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{8542A2D2-0071-4F9A-8A6C-A41CE710440B}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{50187F2C-E62F-40F2-979B-959A82E5F915}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{4D18595B-A51A-4B4A-BB48-CBDF3F218D77}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F652F862-8FC7-4F0B-B1A2-DB47DC90E646}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{20F245E8-C572-460C-A2C7-CFA09BAC5E2E}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{DEAC6432-58AE-4D8C-8AA5-CB394564F12A}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{569E0CE2-FA11-4A3E-A067-7E1C0DAD31B6}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{C24362E8-A2ED-4633-9283-51C4B476643C}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{C79AF64C-2D2B-4D0B-A3E0-02FADFBA4818}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{EDFA1814-D694-48FF-BA4A-469F24BC2885}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5D25CE5C-83D8-45F3-904E-8CB28FDD06F3}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{22D071C8-AFF4-4537-8BA2-1DDFA2CE2058}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{1694FFAA-38AC-4B28-B91C-2CEEE68C9569}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{AC70EF1A-6A99-4194-9701-D6F1DBC95406}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{601107A3-AC23-42A7-BBB7-E11D2897FB06}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F1DB1DE7-82ED-42C4-B2D1-DD9B6486F64A}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{C3F5B87C-9632-47F9-B23D-3E5CF4DA7845}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{55847996-643D-4D06-8F14-D88B695ED6C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94426B71-B800-4FE3-A468-B3B48A0588CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D418ED83-4E06-4922-A5CC-68AFC2BE4E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2858709D-D0D5-4DE4-9C92-7FA7D3753E64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{09BFC2EE-D022-4E56-A52B-E3572530243C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2DE51C43-066B-4960-AA83-C613608732A2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7BF75D77-DA29-4E4E-9AC0-0FEF20AB7AAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{504D2867-375F-43FB-B07D-51B241A4F089}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D49636B4-B441-469A-9782-439A048BD241}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59D75FD5-052F-4059-B146-D5559A4475E1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3BC657F-64D2-4F45-9159-407FAD87C90F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4733AB53-3231-4B03-BA13-919532529D46}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

16-04-2021 16:13:11 Microsoft ASP.NET Core 2.1.27 - Shared Framework

==================== Faulty Device Manager Devices ============

Name: Detection Verification
Description: Detection Verification
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Fortinet SSL VPN Virtual Ethernet Adapter
Description: Fortinet SSL VPN Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Fortinet Inc.
Service: ftsvnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/22/2021 08:30:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WUDFHost.exe, verze: 10.0.19041.1, časové razítko: 0xe092f869
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.928, časové razítko: 0x9bed63d6
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000ff0b9
ID chybujícího procesu: 0x1180
Čas spuštění chybující aplikace: 0x01d736b1e1cd6e38
Cesta k chybující aplikaci: C:\Windows\System32\WUDFHost.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 7720a5df-c580-4ca8-8d2b-792d9944db32
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (04/22/2021 08:30:20 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (04/21/2021 03:25:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/21/2021 03:25:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/21/2021 03:25:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/21/2021 03:25:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/21/2021 01:29:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/21/2021 01:29:31 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (04/22/2021 08:30:20 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Na miniportu Microsoft Wi-Fi Direct Virtual Adapter #2, {49cbe4ae-c06a-4272-aee2-0f7fa6d0eb79}, došlo k události 74.

Error: (04/21/2021 03:25:33 PM) (Source: DCOM) (EventID: 10010) (User: NBHORAK)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/21/2021 03:25:32 PM) (Source: DCOM) (EventID: 10010) (User: NBHORAK)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/21/2021 03:18:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Memurai byla ukončena s následující chybou: 
Systém nenalezl zadanou možnost prostředí.

Error: (04/21/2021 03:17:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\IntelIHVRouter08.dll

Error: (04/21/2021 03:17:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\IntelIHVRouter08.dll

Error: (04/21/2021 03:17:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\IntelIHVRouter08.dll

Error: (04/21/2021 03:14:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SQL Server VSS Writer byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2021-04-22 08:54:03
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {61795C9F-8002-4EB1-BE91-5253C8BDE860}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-21 13:10:56
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win64/CoinMiner&threatid=238862&enterprise=0
Název: PUA:Win64/CoinMiner
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\NiceHash Miner\miner_plugins\f683f550-94eb-11ea-a64d-17be303ea466\bins\16.0\NBMiner_Win\nbminer.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NBHORAK\xschi
Název procesu: D:\NiceHash Miner\app_3.0.6.5\app_nhm.exe
Verze bezpečnostních informací: AV: 1.335.1322.0, AS: 1.335.1322.0, NIS: 1.335.1322.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-21 13:10:54
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win64/NiceHashMiner&threatid=258400&enterprise=0
Název: PUA:Win64/NiceHashMiner
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: amsi:_D:\NiceHash Miner\app_3.0.6.5\app_nhm.exe; file:_C:\Users\xschi\Desktop\NiceHashQuickMinerInstaller.exe; file:_D:\NiceHashQuickMinerInstaller.exe; webfile:_C:\Users\xschi\Desktop\NiceHashQuickMinerInstaller.exe|https://github-releases.githubusercontent.com/335101508/756dba80-a1da-11eb-9502-ad48982ece5e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A4.18.2103.7F202104214.18.2103.7Fus-east-14.18.2103.7Fs34.18.2103.7Faws4_request&X-Amz-Date=20210421T102541Z&X-Amz-Expires=300&X-Amz-Signature=ca59783c011863fa9d5fb73dd5391a2c0dd40ca7523786967eb289790c8310e7&X-Amz-SignedHeaders=host&actor_id=47105957&key_id=0&repo_id=335101508&response-content-disposition=attachment{556CDDA5-FC57-4397-B67F-C774E03ADB67}BNBHORAK\xschifilename{556CDDA5-FC57-4397-B67F-C774E03ADB67}DNiceHashQuickMinerInstaller.exe&response-content-type=application4.18.2103.7Foctet-stream|pid:7564,ProcessStart:132634743439839667; webfile:_D:\NiceHashQuickMinerInstaller.exe|https://github-releases.githubusercontent.com/335101508/756dba80-a1da-11eb-9502-ad48982ece5e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A4.18.2103.7F202104214.18.2103.7Fus
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: NBHORAK\xschi
Název procesu: D:\NiceHash Miner\app_3.0.6.5\app_nhm.exe
Verze bezpečnostních informací: AV: 1.335.1322.0, AS: 1.335.1322.0, NIS: 1.335.1322.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-21 13:10:54
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win64/NiceHashMiner&threatid=258400&enterprise=0
Název: PUA:Win64/NiceHashMiner
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: amsi:_D:\NiceHash Miner\app_3.0.6.5\app_nhm.exe; file:_C:\Users\xschi\Desktop\NiceHashQuickMinerInstaller.exe; file:_D:\NiceHashQuickMinerInstaller.exe; webfile:_C:\Users\xschi\Desktop\NiceHashQuickMinerInstaller.exe|https://github-releases.githubusercontent.com/335101508/756dba80-a1da-11eb-9502-ad48982ece5e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A4.18.2103.7F202104214.18.2103.7Fus-east-14.18.2103.7Fs34.18.2103.7Faws4_request&X-Amz-Date=20210421T102541Z&X-Amz-Expires=300&X-Amz-Signature=ca59783c011863fa9d5fb73dd5391a2c0dd40ca7523786967eb289790c8310e7&X-Amz-SignedHeaders=host&actor_id=47105957&key_id=0&repo_id=335101508&response-content-disposition=attachment{556CDDA5-FC57-4397-B67F-C774E03ADB67}BNBHORAK\xschifilename{556CDDA5-FC57-4397-B67F-C774E03ADB67}DNiceHashQuickMinerInstaller.exe&response-content-type=application4.18.2103.7Foctet-stream|pid:7564,ProcessStart:132634743439839667; webfile:_D:\NiceHashQuickMinerInstaller.exe|https://github-releases.githubusercontent.com/335101508/756dba80-a1da-11eb-9502-ad48982ece5e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A4.18.2103.7F202104214.18.2103.7Fus
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: NBHORAK\xschi
Název procesu: D:\NiceHash Miner\app_3.0.6.5\app_nhm.exe
Verze bezpečnostních informací: AV: 1.335.1322.0, AS: 1.335.1322.0, NIS: 1.335.1322.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-21 13:10:53
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win64/NiceHashMiner&threatid=258400&enterprise=0
Název: PUA:Win64/NiceHashMiner
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: amsi:_D:\NiceHash Miner\app_3.0.6.5\app_nhm.exe; file:_C:\Users\xschi\Desktop\NiceHashQuickMinerInstaller.exe; file:_D:\NiceHashQuickMinerInstaller.exe; webfile:_C:\Users\xschi\Desktop\NiceHashQuickMinerInstaller.exe|https://github-releases.githubusercontent.com/335101508/756dba80-a1da-11eb-9502-ad48982ece5e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A4.18.2103.7F202104214.18.2103.7Fus-east-14.18.2103.7Fs34.18.2103.7Faws4_request&X-Amz-Date=20210421T102541Z&X-Amz-Expires=300&X-Amz-Signature=ca59783c011863fa9d5fb73dd5391a2c0dd40ca7523786967eb289790c8310e7&X-Amz-SignedHeaders=host&actor_id=47105957&key_id=0&repo_id=335101508&response-content-disposition=attachment{556CDDA5-FC57-4397-B67F-C774E03ADB67}BNBHORAK\xschifilename{556CDDA5-FC57-4397-B67F-C774E03ADB67}DNiceHashQuickMinerInstaller.exe&response-content-type=application4.18.2103.7Foctet-stream|pid:7564,ProcessStart:132634743439839667; webfile:_D:\NiceHashQuickMinerInstaller.exe|https://github-releases.githubusercontent.com/335101508/756dba80-a1da-11eb-9502-ad48982ece5e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A4.18.2103.7F202104214.18.2103.7Fus
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: NBHORAK\xschi
Název procesu: D:\NiceHash Miner\app_3.0.6.5\app_nhm.exe
Verze bezpečnostních informací: AV: 1.335.1322.0, AS: 1.335.1322.0, NIS: 1.335.1322.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5
﻿
CodeIntegrity:
===============
Date: 2021-03-23 12:54:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\xschi\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.166.1.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-03-20 08:53:22
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-03-20 08:53:22
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-03-12 09:07:59
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-03-10 11:25:10
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.


==================== Memory info =========================== 

BIOS: AMI F.23 08/13/2020
Motherboard: HP 863E
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 71%
Total physical RAM: 16088.96 MB
Available physical RAM: 4659.49 MB
Total Virtual: 29912.96 MB
Available Virtual: 12325.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.27 GB) (Free:82.85 GB) (Protected) NTFS
Drive d: () (Fixed) (Total:244.14 GB) (Free:102.02 GB) (Protected) NTFS

\\?\Volume{9f55ba7a-803a-4afe-bf9a-567d5f6e019c}\ () (Fixed) (Total:0.77 GB) (Free:0.37 GB) NTFS
\\?\Volume{188225e1-0e0c-4760-9408-2517fe0c99c4}\ () (Fixed) (Total:0.48 GB) (Free:0.47 GB) NTFS
\\?\Volume{3f479e33-4871-4270-b12a-39fc497ff7da}\ () (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: DE5656AA)

Partition: GPT.

==================== End of Addition.txt =======================