Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Asi malware nebo tak něco

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Asi malware nebo tak něco

#1 Příspěvek od jasanek »

Po zapnutí počítače se spustí prohlížeč se hrou world of tanks, případně ruleta nebo nějaké výherní stránky. Otevře se to vždy v prohlížeči, který je výchozí.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by jasan (administrator) on JASAN-PC (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (26-06-2021 20:43:24)
Running from C:\Users\jasan\Desktop
Loaded Profiles: jasan
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Cerberus, LLC -> Cerberus, LLC) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Macrovision Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_291\bin\javaw.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [snp2std] => C:\WINDOWS\vsnp2std.exe [344064 2007-09-28] (SONIX TECHNOLOGY CO. , LTD -> Sonix)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] () [File not signed]
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [270336 2007-05-12] () [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) [File not signed]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475072 2013-10-02] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Discord] => C:\Users\jasan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [jasan] => cmd.exe /c start www.exinariuminix.info
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\MountPoints2: {57771de2-74b5-11ea-a858-1c6f652dda0b} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2020-01-18] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F2D77A-A278-4EEA-8C76-02F5B10A028E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09A89A19-7C90-49CE-8D03-46C604E24660} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1005EC77-363A-43F8-9DBD-EFE75C6DE5FA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {123B28F4-C440-4727-92D5-7A0933537AD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {138D1AFC-B7BC-4F47-96E9-DC079686344B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3061804363-3326323613-1069145852-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {166BECA3-8FA8-4239-B4A4-E24B23AE5A18} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {227A9375-5BBD-4A52-A7D1-2D0212F3B68E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {245037B9-F013-4901-8E99-5630C15C1914} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {2507A576-46AF-49FC-9980-A9B616DE1DB0} - System32\Tasks\Opera scheduled Autoupdate 1582673436 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe
Task: {2C6BB4A3-7968-48DB-AAAD-5DB0121302F6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D062919-E916-49C3-B261-48D693A7B6A5} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {2F89D2F6-E5AB-4624-96E8-7BBF62C2FB66} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {434E9CD5-00A9-4E0C-AAFC-1A074A3E5A82} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4D17A584-B369-44B7-9279-B296DCA6175E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4E6AE4B1-5D62-4220-B9C4-7670E097BD15} - System32\Tasks\jasan => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v jasan /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
Task: {560B7F21-3CE6-4F2D-A480-D42396D2475D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D779BF9-D8BF-4801-92ED-9DF2EFEC3197} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5E01A047-75D5-4D85-BDBA-6629696201E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60BA4F9A-409C-4202-B45F-EEDFCF35B221} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65416C4F-D128-4C13-AE4C-4146D0265D33} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {69524F04-9C82-4A23-ACC0-A68D6D77525E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {72B7F305-29FC-4A99-B78D-5FA6AA1799E7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7676981E-7340-41FB-BEB1-7B663B17A3F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {76FE7E08-113C-4003-A304-0E6CBCAC9B5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {77D16BB6-5F0F-4021-ABBB-0F738220A3B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78FAD5CA-EFA6-4DBB-989A-F5DB68318CEB} - System32\Tasks\{56FDD70A-618C-4699-BB4C-E8261257BF6B} => F:\TRANTYCO.ON\ENGLISH\INSTALL.EXE
Task: {7B2DF944-87E5-4A14-9EE3-9189133AA5D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {916F3E1A-EBEA-47F4-90D9-B7C80B236AB6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {927FD3EB-C5A4-40CC-8499-7966FC86DC3C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {93DE6982-DD71-40C4-8C56-AE88EB1C4E99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9880C5DF-9E50-4B1F-9BAD-8EC0BA3ACDA3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {A8231104-6742-421B-949C-6ACC2FBA7217} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AACFE3E1-BF80-4D77-8B97-C6DDDEF1768E} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {AB452472-0F40-429E-A3D6-771846269DDC} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [513216 2017-12-12] (LG Electronics Inc. -> LG Electronics Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B2D8D0F6-B8E9-414E-AB60-07C2ABC62F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B798433C-7294-4E31-B5D4-4C2C89CDE1F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B82E866A-9E8B-4F1C-A8A7-000C957E5F5C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B96365E7-0AD4-44A2-8015-CED065BFABB0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB1BD0F4-F627-4206-A5BA-B26841C15A18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {BD77CEDA-5902-412A-9EA4-76750E582B0F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {BF8B24C6-C6DD-45ED-BEB3-FD68F0AFEA5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C1EB6948-7A4D-4680-9A80-647825C19CB9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {C59A7950-ACF5-4907-89C9-10B26019245B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D423F539-8645-456A-A50B-7996ED42167A} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {D6E209AF-CD11-429B-9A26-ACCC930C8448} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E2803BF2-2FB9-4B65-8D04-F27E61111CE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {E40ABF5D-F8D5-417C-BEE0-A2A9D21133D5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {E6AEF7DD-BFE4-4213-A4D9-40394CC3DA7C} - System32\Tasks\Opera scheduled assistant Autoupdate 1582673439 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\jasan\AppData\Local\Programs\Opera\assistant" $(Arg0)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CB16339B-9B11-47C5-B456-42DA0E23620C}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge Profile: C:\Users\jasan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-24]

FireFox:
========
FF DefaultProfile: b3mcko8g.default
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\b3mcko8g.default [2020-01-18]
FF NewTab: Mozilla\Firefox\Profiles\b3mcko8g.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release [2021-06-26]
FF NewTab: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF Notifications: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxps://meet.google.com
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-19]
FF Extension: (Easy Screenshot) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-05-19]
FF Extension: (fx_cast) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\fx_cast@matt.tf.xpi [2021-03-17] [UpdateUrl:hxxps://hensm.github.io/fx_cast/updates.json]
FF Extension: (Tab Reloader (page auto refresh)) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\jid0-bnmfwWw2w2w4e4edvcdDbnMhdVg@jetpack.xpi [2021-03-10]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-06-04]
FF Extension: (Gesturefy) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{506e023c-7f2b-40a3-8066-bc5deb40aebe}.xpi [2021-06-23]
FF Extension: (Mercator Studio for Google Meet) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{55ba4b5e-908a-471e-907f-4d0fb7ce9bbb}.xpi [2021-05-31]
FF Extension: (Adblocker for YouTube™) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2019-12-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-06-23]
FF Extension: (Video DownloadHelper) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (No Name) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default [2021-06-13]
CHR Notifications: Default -> hxxps://meet.google.com
CHR Extension: (Prezentace) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-17]
CHR Extension: (Dokumenty) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-17]
CHR Extension: (Disk Google) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-17]
CHR Extension: (YouTube) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-17]
CHR Extension: (Tabulky) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Gmail) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 Cerberus FTP Server; C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [18565624 2019-01-03] (Cerberus, LLC -> Cerberus, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [64512 2009-07-14] (Microsoft Windows -> Hewlett-Packard)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.EXE [48344 2018-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 SNP2STD; C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] (SONIX TECHNOLOGY CO. , LTD -> )
S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12212864 2007-09-05] (SONIX TECHNOLOGY CO. , LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-26 19:21 - 2021-06-26 20:45 - 000025946 _____ C:\Users\jasan\Desktop\FRST.txt
2021-06-26 19:21 - 2021-06-26 20:44 - 000000000 ____D C:\FRST
2021-06-26 19:20 - 2021-06-26 19:20 - 002300416 _____ (Farbar) C:\Users\jasan\Desktop\FRST64.exe
2021-06-26 19:19 - 2021-06-26 19:19 - 000002036 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002026 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002014 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk
2021-06-26 19:18 - 2021-06-26 19:18 - 000002016 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk
2021-06-26 19:12 - 2021-06-26 19:12 - 000000053 _____ C:\WINDOWS\WrpYGF74DrEm.ini
2021-06-26 07:42 - 2021-06-26 07:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Goldberg SteamEmu Saves
2021-06-24 21:47 - 2021-06-24 21:47 - 000000790 _____ C:\Users\jasan\Desktop\Mafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000762 _____ C:\Users\jasan\Desktop\launcherMafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-06-24 19:06 - 2021-06-24 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-24 19:05 - 2021-06-24 19:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\UnrealEngine
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\GSS2
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\CrashReportClient
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-06-23 18:59 - 2021-06-23 18:59 - 000000223 _____ C:\Users\jasan\Desktop\Gas Station Simulator Prologue - Early Days.url
2021-06-23 18:47 - 2021-06-23 18:47 - 000009423 _____ C:\Users\jasan\Documents\projekty.xlsx
2021-06-22 20:29 - 2021-06-22 20:29 - 000000223 _____ C:\Users\jasan\Desktop\OpenTTD.url
2021-06-20 17:03 - 2021-06-20 17:03 - 000160496 _____ C:\Users\jasan\Downloads\ceník.pdf
2021-06-19 20:30 - 2021-06-19 20:30 - 000185168 _____ C:\Users\jasan\Downloads\odpadky-nakladani-201025.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(2).pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(1).pdf
2021-06-13 20:28 - 2021-06-13 20:28 - 000077106 _____ C:\Users\jasan\Desktop\kamyk-nad-vltavou-1985-orig-fotografie-83436171.jpeg
2021-06-13 16:00 - 2021-06-13 16:00 - 000098470 _____ C:\Users\jasan\Downloads\L300073_210613_304114.pdf
2021-06-13 16:00 - 2021-06-13 16:00 - 000098111 _____ C:\Users\jasan\Downloads\L300073_210405_298560.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000440542 _____ C:\Users\jasan\Downloads\U7n4xFnqjrWmOVkQoJAAZ1Gn0P3qbZIx.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000147462 _____ C:\Users\jasan\Downloads\B4bPKo5zt9ijXeND5AIkqoBzOcjQFuuf.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000134191 _____ C:\Users\jasan\Downloads\MVt0itU0Phoifc2JnQz3tjkllXMAaGfm.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000208106 _____ C:\Users\jasan\Downloads\oznameni-110060780102-c2srqqsd3ihheu7458u0.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000151641 _____ C:\Users\jasan\Downloads\oznameni-110060780103-c2qshqsd3ihheu744v50.pdf
2021-06-13 15:30 - 2021-06-13 15:30 - 008798168 _____ C:\Users\jasan\Downloads\dl-letak-app-pidlitacka-cz-final-tiskova-data.pdf
2021-06-11 10:40 - 2021-06-11 10:40 - 000136514 _____ C:\Users\jasan\Downloads\15-zo-24-5-2021.pdf
2021-06-11 07:03 - 2021-06-11 07:03 - 000367015 _____ C:\Users\jasan\Downloads\Cestne_prohlaseni___vzor.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000104893 _____ C:\Users\jasan\Downloads\cestne-prohlaseni-covid.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000092894 _____ C:\Users\jasan\Downloads\320-cestne-prohlaseni.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000400543 _____ C:\Users\jasan\Downloads\Cestne-prohlaseni-samotestovani-posilovna.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000102910 _____ C:\Users\jasan\Downloads\cestne prohlaseni samotest.pdf
2021-06-10 10:39 - 2021-06-10 10:39 - 000017795 _____ C:\Users\jasan\Downloads\300088-12.pdf
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 16:22 - 2021-06-09 16:22 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 16:21 - 2021-06-09 16:21 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 16:21 - 2021-06-09 16:21 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 16:21 - 2021-06-09 16:21 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 16:20 - 2021-06-09 16:20 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 16:20 - 2021-06-09 16:20 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-09 16:20 - 2021-06-09 16:20 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-08 20:49 - 2021-06-08 20:49 - 000132761 _____ C:\Users\jasan\Downloads\priloha_915825092_0_RocniVypisROB.pdf
2021-06-07 20:29 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-06-07 20:29 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-06-07 12:29 - 2021-06-07 12:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-06-07 12:04 - 2021-06-07 12:24 - 350493319 _____ C:\Users\jasan\Desktop\Mark Manson - Důmyslné umění, jak mít všechno u prdele.rar
2021-06-06 18:29 - 2021-06-06 18:29 - 018982239 _____ C:\Users\jasan\Downloads\matomo-latest.zip
2021-06-05 20:25 - 2021-06-05 20:25 - 000689241 _____ C:\Users\jasan\Downloads\1761_cz_L003_sazebnik_platny_od_01012021.pdf
2021-06-05 20:23 - 2021-06-05 20:23 - 000078561 _____ C:\Users\jasan\Downloads\2806-cenik.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air(1).pdf
2021-06-05 17:16 - 2021-06-05 17:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\obs-studio
2021-06-05 17:16 - 2021-06-05 17:16 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-05 17:15 - 2021-06-05 17:16 - 000000000 ____D C:\Program Files\obs-studio
2021-06-05 17:14 - 2021-06-05 17:15 - 076720824 _____ (obsproject.com) C:\Users\jasan\Downloads\OBS-Studio-27.0-Full-Installer-x64.exe
2021-06-05 15:58 - 2021-06-05 15:58 - 000306968 _____ C:\Users\jasan\Documents\817 p. Mareš.pdf
2021-06-05 08:32 - 2021-06-05 11:39 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2021-05-31 21:01 - 2021-06-01 18:18 - 000456141 _____ C:\Users\jasan\Downloads\Zadost-o-DP-placene.pdf
2021-05-31 17:25 - 2021-05-31 17:30 - 001014100 _____ C:\WINDOWS\Minidump\053121-40250-01.dmp
2021-05-30 21:41 - 2021-05-30 21:42 - 000000000 ____D C:\Users\jasan\Downloads\PID

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-26 20:43 - 2020-01-08 22:13 - 000037342 _____ C:\Users\jasan\Desktop\note.txt
2021-06-26 20:43 - 2019-12-28 12:54 - 000000000 ____D C:\Users\jasan\AppData\LocalLow\Mozilla
2021-06-26 20:42 - 2020-11-19 00:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-26 20:37 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-26 20:35 - 2021-01-10 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-26 19:49 - 2020-01-04 13:13 - 000890880 _____ C:\Users\jasan\Documents\kamejk návštěvnost.xls
2021-06-26 19:28 - 2020-02-04 21:34 - 000000000 ____D C:\Games
2021-06-26 19:18 - 2019-12-28 19:06 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-26 19:14 - 2021-03-30 18:22 - 000000000 ____D C:\Users\jasan\Desktop\Moje
2021-06-26 14:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-26 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-26 07:12 - 2020-11-19 01:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-25 14:41 - 2021-03-20 10:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Mr.Mine
2021-06-24 22:18 - 2021-02-06 13:09 - 000000000 ____D C:\Users\jasan
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Roaming\discord
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Local\Discord
2021-06-24 20:29 - 2021-04-02 11:31 - 000002231 _____ C:\Users\jasan\Desktop\Discord.lnk
2021-06-24 19:49 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-24 19:06 - 2019-12-28 12:54 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-24 19:06 - 2019-12-28 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-24 10:33 - 2020-11-19 01:55 - 001899856 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-24 10:33 - 2019-12-07 16:43 - 000780030 _____ C:\WINDOWS\system32\perfh005.dat
2021-06-24 10:33 - 2019-12-07 16:43 - 000178016 _____ C:\WINDOWS\system32\perfc005.dat
2021-06-24 10:26 - 2021-02-06 13:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-24 10:26 - 2020-11-19 01:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-24 08:48 - 2020-12-23 17:47 - 000000000 ____D C:\Users\jasan\Desktop\básničky
2021-06-23 19:27 - 2019-12-28 19:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-06-23 18:59 - 2021-01-10 13:26 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-06-22 20:35 - 2020-01-04 13:12 - 000000000 ____D C:\Users\jasan\Documents\OpenTTD
2021-06-21 20:15 - 2020-01-04 13:13 - 003163623 _____ C:\Users\jasan\Documents\FoE.xlsx
2021-06-20 11:27 - 2020-01-04 13:13 - 001140143 _____ C:\Users\jasan\Documents\FoE2.xlsx
2021-06-19 13:54 - 2021-02-20 15:54 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-18 20:50 - 2020-08-14 15:10 - 000000000 ____D C:\RoboZonky
2021-06-18 06:53 - 2020-10-17 16:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-18 06:53 - 2020-10-17 16:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-17 18:24 - 2021-02-06 13:42 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3061804363-3326323613-1069145852-1001
2021-06-17 18:24 - 2021-02-06 13:42 - 000000000 ___RD C:\Users\jasan\OneDrive
2021-06-17 18:24 - 2021-02-06 13:09 - 000002381 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-13 16:17 - 2020-01-28 21:08 - 000000000 ____D C:\Users\jasan\Desktop\kamejk
2021-06-13 15:34 - 2020-01-04 13:13 - 000029057 _____ C:\Users\jasan\Documents\forgedb-idpoints-makro.xlsm
2021-06-12 07:08 - 2020-11-19 01:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 14:08 - 2020-01-03 18:43 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-11 14:07 - 2021-02-06 13:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-11 06:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-10 21:57 - 2020-01-04 13:13 - 000740864 _____ C:\Users\jasan\Documents\Plán příjmů a výdajů.xls
2021-06-10 21:45 - 2020-01-04 13:13 - 000017922 _____ C:\Users\jasan\Documents\Zonky.xlsx
2021-06-10 19:24 - 2021-01-02 23:40 - 000117487 _____ C:\Users\jasan\Documents\Simt.xlsx
2021-06-10 08:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-10 08:13 - 2020-11-19 00:46 - 000450720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 21:33 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 16:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 16:04 - 2020-01-01 04:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 15:59 - 2020-01-01 04:16 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 20:47 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Sipo
2021-06-06 18:27 - 2019-12-28 12:51 - 000000000 ____D C:\Users\jasan\AppData\Local\GHISLER
2021-06-06 12:14 - 2020-01-04 13:11 - 000000000 ____D C:\Users\jasan\Documents\_Vodafone vyúčtování
2021-06-05 17:58 - 2020-10-28 18:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\vlc
2021-06-05 11:39 - 2019-12-31 13:56 - 000000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-04 22:38 - 2020-12-15 19:39 - 000001239 _____ C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk
2021-06-04 14:41 - 2019-12-28 12:54 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-01 19:21 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Hypotéka
2021-05-31 18:17 - 2020-01-04 13:13 - 000000000 ____D C:\Users\jasan\Documents\Sponzoři
2021-05-31 17:30 - 2021-05-21 13:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-31 17:25 - 2021-05-21 13:44 - 816780958 _____ C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories ========

2020-03-26 14:06 - 2020-03-26 14:06 - 000040708 _____ () C:\Users\jasan\AppData\Roaming\d8j_0F1F1C1H1T2Z0F1T1R2Z1F1C2U1V0F0StJ1V1S1F1F1J1L1G1NtF1R1F1H.txt
2020-03-26 14:06 - 2020-03-26 14:06 - 000284010 _____ () C:\Users\jasan\AppData\Roaming\d8j_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2002-08-29 17:33 - 2002-08-29 17:33 - 000319488 ____R () C:\Users\jasan\AppData\Roaming\MafiaSetup.exe
2020-12-17 17:35 - 2020-12-17 17:35 - 000003584 _____ () C:\Users\jasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-04-07 19:04 - 2020-04-07 19:04 - 000000093 _____ () C:\Users\jasan\AppData\Local\fusioncache.dat
2020-09-28 21:49 - 2020-09-28 21:49 - 000000000 _____ () C:\Users\jasan\AppData\Local\{A310FDA0-B978-4215-AC39-A153FFB157B9}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#2 Příspěvek od jasanek »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021
Ran by jasan (26-06-2021 20:48:00)
Running from C:\Users\jasan\Desktop
Windows 10 Pro Version 20H2 19042.1052 (X64) (2021-02-06 11:19:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3061804363-3326323613-1069145852-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3061804363-3326323613-1069145852-1013 - Limited - Enabled)
DefaultAccount (S-1-5-21-3061804363-3326323613-1069145852-503 - Limited - Disabled)
Guest (S-1-5-21-3061804363-3326323613-1069145852-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3061804363-3326323613-1069145852-1019 - Limited - Enabled)
jasan (S-1-5-21-3061804363-3326323613-1069145852-1001 - Administrator - Enabled) => C:\Users\jasan
WDAGUtilityAccount (S-1-5-21-3061804363-3326323613-1069145852-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Antický Řím 1.0 (HKLM-x32\...\{Anticky Rim}_is1) (Version: - Špidla Data Processing, s.r.o.)
Asoftis Burning Studio (HKLM-x32\...\Asoftis Burning Studio_is1) (Version: 1.6 - PS Media s.r.o.)
Avidemux VC++ 64bits (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\{7be00188-bfda-45d5-807a-9c1df216651a}) (Version: 2.7.6 - Mean)
Cerberus FTP Server (HKLM-x32\...\{E655A7C7-9F0A-4136-80F4-0C71EF08EB8C}) (Version: 10.0.8 - Cerberus LLC) Hidden
Cerberus FTP Server (HKLM-x32\...\Cerberus FTP Server 10.0.8) (Version: 10.0.8 - Cerberus LLC)
CODIJY Pro verze 3.7.6 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.7.6 - CODIJY)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CorsixTH 0.63 (HKLM-x32\...\CorsixTH) (Version: 0.63 - CorsixTH Team)
CZ (HKLM-x32\...\{CCF7074B-BE72-44E1-9CAC-3FFAC582C692}) (Version: 13.0 - Corel Corporation) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
Extreme Ride Mod 2 - zima (HKLM-x32\...\Extreme Ride Mod 2 - zima) (Version: - )
Extreme Ride Mod 2 (HKLM-x32\...\Extreme Ride Mod 2) (Version: - )
FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
FontNav (HKLM-x32\...\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}) (Version: 5.0 - Corel Corporation) Hidden
FormatFactory 5.4.5.0 (HKLM-x32\...\FormatFactory) (Version: 5.4.5.0 - Free Time)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.114 - Google LLC)
Homeguardcare version 1.0 (HKLM-x32\...\{33CDAEF0-AD38-44E4-BF34-9EBE8D3100C8}_is1) (Version: 1.0 - Homeguardcare, Inc.)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Mafia Game (HKLM-x32\...\Mafia Game) (Version: - )
Mafia III v.1.010.01 (HKLM-x32\...\Mafia III_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Módní salón (HKLM-x32\...\Módní salón) (Version: - )
Moje cukrárna 2 1.0 (HKLM-x32\...\{Moje cukrárna 2}_is1) (Version: - Špidla Data Processing, s.r.o.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.3.1 - Mozilla)
Mozilla Thunderbird 78.11.0 (x64 cs) (HKLM\...\Mozilla Thunderbird 78.11.0 (x64 cs)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.0 - OBS Project)
OpenTTD 1.10.3 (HKLM-x32\...\OpenTTD) (Version: 1.10.3 - OpenTTD)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.5.1 - pdfforge GmbH)
Rajská zahrádka v1.0 (HKLM-x32\...\{Rajská zahrádka}_is1) (Version: - Špidla Data Processing, s.r.o.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Restaurace Medvěda Míši (HKLM-x32\...\Restaurace Medvěda Míši) (Version: - )
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
Simt Simulator verze 1.5.92 (HKLM-x32\...\{7C5E9B1D-F234-48CB-9F65-C4FB9A2DABFF}_is1) (Version: 1.5.92 - Tomas Faina)
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.3.1712.1201 - LG Electronics Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sweet Home 3D version 6.4.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.4.2 - eTeks)
Tajemství zámku bílého jednorožce (HKLM-x32\...\{Tajemstvi zamku bileho jednorozce}_is1) (Version: - Špidla Data Processing, s.r.o.)
The Sims 4 v.1.56.52.1020 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2018 - Thrustmaster)
Transport Tycoon Deluxe (HKLM-x32\...\ft_Transport Tycoon Deluxe) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Manager (HKLM-x32\...\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}) (Version: 4.60 - Corel Corporation) Hidden
USB2.0 PC Camera (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19104.100 - Sonix)
VBA (HKLM-x32\...\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}) (Version: 6.2 - Corel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Yawcam 0.6.2 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: 0.6.2 - Yawcam)
Záhadné město Zlatá Praha 1.0 (HKLM-x32\...\{Záhadné město Zlatá Praha}_is1) (Version: - Špidla Data Processing, s.r.o.)
Zoo Tycoon 2 - Dino Danger Pack (HKLM-x32\...\InstallShield_{F568B133-170C-4818-B06A-712C6D91B9F7}) (Version: 1.00.0000 - Microsoft Game Studios)
Ztracené štěňátko (HKLM-x32\...\Ztracené štěňátko) (Version: - )
Zvířecí salón krásy (HKLM-x32\...\Zvířecí salón krásy) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
IP CENTCOM -> C:\Program Files\WindowsApps\600CCC33.IPCENTCOM_4.29.838.0_x64__npmv4c3p4dm00 [2021-06-18] (Biyee SciTech Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk -> C:\RoboZonky\6.4.1\robozonky-exec.bat ()
ShortcutWithArgument: C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,OpenURL "hxxps://terra.im/gl/?cid=20885&oid=mZWZvCwR&v=3&utm_campaign=repacks&utm_medium=cpi&trash=" <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2014-05-18 22:32 - 2020-01-02 17:46 - 000200192 _____ (Java(TM) Native Access (JNA)) [File not signed] C:\FreeRapid-0.9u4\lib\jnidispatch64.dll
2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll
2006-10-26 14:40 - 2006-10-26 14:40 - 000192512 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2020-01-18 11:23 - 2020-01-18 11:23 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:810B9F0D [298]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:SummaryInformation [43]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://kamejk.net/
SearchScopes: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001 -> is enabled.

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: SmartSwitchPDLR.exe => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe Run Kies4
MSCONFIG\startupreg: snp2std => C:\Windows\vsnp2std.exe
HKLM\...\StartupApproved\Run: => "snp2std"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "FixCamera"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CED81EE2-AB7A-4975-976B-E14545EA6EA7}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{DA88D35D-C6A5-4015-A3F8-FE7FBE92C574}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{44711461-46EF-4497-823E-F7A8555C257F}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8F6FBC90-7CD4-42FE-85AB-E7C68EAC082C}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{9E8EB748-5A94-44E3-A70C-EC0BCD1F49B7}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{87C9F1EF-5661-4095-9133-1BC192C0F229}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{32FD7AFD-C81A-41A3-848D-473C5141499C}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [TCP Query User{0666D087-8D57-4EA0-9EC7-81F1B3F61E18}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [{B17588D0-2754-4C54-9EDC-545657A888A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Simulator 2020\Metro Simulator.exe () [File not signed]
FirewallRules: [{E08A5604-C680-45B2-BF61-63D742C55B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Simulator 2020\Metro Simulator.exe () [File not signed]
FirewallRules: [{B043A2DA-5A90-491B-A62F-FF55CCBAE332}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{AB7B77F2-5BF5-4DFB-B343-B149E5FBBB13}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BA4145FE-8485-4680-841D-12EF01C91EEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4551C93F-5810-456C-87CF-427E5C7BBCBD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4C63728D-A5D4-43C4-A889-829DD1522CA1}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [{20F7C0C5-3803-4B60-AF4E-73247457C845}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [UDP Query User{E2937AC6-5EDC-40B5-88D8-29DF447174A4}C:\program files\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files\ea games\need for speed underground 2\speed2.exe () [File not signed]
FirewallRules: [TCP Query User{86AB7653-6C98-4489-AB96-FD26D602A8A9}C:\program files\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files\ea games\need for speed underground 2\speed2.exe () [File not signed]
FirewallRules: [UDP Query User{F7BBBCDE-5EA9-4EF3-B335-4727E4248CAD}C:\robozonky\6.2.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.2\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{FEFAD5FD-FAF8-4745-A09C-210EEE5D4BD4}C:\robozonky\6.2.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.2\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{C8B0F8B3-F906-41DE-AFD7-8028F919F033}C:\robozonky\6.2.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{013B49F2-C636-4F3F-B816-153F0BA02757}C:\robozonky\6.2.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{EFC9AF49-1AE7-4CF0-A851-819BE60D44CB}C:\robozonky\6.2.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.0\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{89F79E3B-5EF5-45A4-9FB2-0B2A42FC14A6}C:\robozonky\6.2.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.0\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{5FA66D3C-8D34-47D0-8CEA-27D6E23E5612}C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe => No File
FirewallRules: [TCP Query User{B1FA7FD0-7EEA-4423-B30A-036736261F07}C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe => No File
FirewallRules: [{4D496331-D6A1-4441-8D12-E943C4B23EFF}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [{5E68F92D-7D66-4DE3-8CBE-BE72860F26D6}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [UDP Query User{A4319E9A-F2A8-4580-9F3F-981014FDCB9B}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9DCA9D0C-FFCA-4FD1-8974-39D1541CC059}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A1FAACE8-DA9A-46EF-8EDB-1039D44EA8A7}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [TCP Query User{0B5A1EEB-246F-458B-82FF-071C526D9449}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [{6D5BCC78-BBB7-49BA-BBA5-26153A4D1340}] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{EAEBAC90-2AB5-4A51-92A0-017C69C8A8D8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{D905E674-21C8-4CDD-96DE-51CADD0F05DC}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{CAD93F01-725C-4900-9F0F-FBE5247C6B7E}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{3750462A-DBCD-42D0-A295-09A341999691}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{C8211A77-CD97-459B-91A7-EFFEA7CFAD4E}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{62733199-48F0-49F6-8055-184ED734A0F6}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56685A14-41D8-48B0-99B2-99C2E8E9337A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2CA8553F-2C8F-4C3D-B0C9-0FE3A124FDF4}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{675B4FFF-77C6-42F7-B5D9-8569790C946A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{579A4A5B-44C2-4497-9460-E004EB07B39D}C:\robozonky\6.0.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.0.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{D7502F95-D917-43D1-8E29-BBD0AEAED2C5}C:\robozonky\6.0.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.0.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{32378CB4-44FD-4B7C-B479-0AC7536B42D0}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56B1B659-FFB3-4309-94DD-8C8CD6167A49}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{74CE00F2-9D12-4AB3-9DD7-E08C009CAB8F}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [TCP Query User{09C5BC7D-7E2F-4D04-B31B-B1BB96DDA102}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [UDP Query User{25FE21D5-EE7C-4B35-8AD9-03F6982C1C68}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{1496163A-30E6-4A1D-A5CD-656DC77EC8B6}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{B1CB770E-73CB-4328-BA7F-19DBF87FA1F7}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{15CDC272-0E3D-44B7-A2C6-20E4DA3EC7A8}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [UDP Query User{FD648900-D4C1-46A1-B5FF-54B059A077FD}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [TCP Query User{F18865A3-AD8A-40D5-9439-6DF7204A070E}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [UDP Query User{241A2549-9909-4AAD-8873-A018ADDE0991}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{1887D2A8-BEF3-4B22-8947-90F6EFF341C2}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [{B8C74DEA-C549-4D7D-A7BC-1C16F1F44DF9}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{51A75AC1-7839-4EDE-9E91-EB27D11FD9B1}C:\program files\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{C1D977F2-A189-44E3-8CA7-FAFDC79C29BA}C:\program files\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{8334B093-82EA-4541-B6F9-86849FFE7BCB}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{8E016EE9-A406-4304-A3D1-010367D3AE79}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [TCP Query User{42CFB3A5-90A4-4579-A327-E8994EBA24D1}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [UDP Query User{7548D1EC-2CD9-41E0-B3CF-5F6A98E800B6}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [TCP Query User{3CFCCB82-38B7-46D6-BE8D-BE25E5AE56EF}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [{C87224E6-1A09-4721-87CE-D915663290CA}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{87245DE2-AE52-43DC-90E8-A35DB7CD2DD7}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{D1CFE2C0-174E-409F-86A8-A8A43732922A}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{E75B011F-A013-4402-8EA7-E82840D9DA5C}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{08E3C71F-080F-4A13-BCBB-AE24DD470283}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{BC7DC1FF-577A-4DC7-B2DF-E6687E4BCCC7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{3AE0600E-5C96-4D59-9312-A69195C30B7F}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{6E5B41E2-8BBF-47CF-B051-6611DEC2DEE5}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{EE4705DD-5129-44BF-BB29-81C134D19A8D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{D7938BE4-BE72-41BB-9F9D-330398852999}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{D489005A-7F70-4FE9-9D36-73D15E4E68CE}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{6C8B639A-CF6B-4DD2-A16D-30B26BB2999B}C:\program files\the sims 4\game\bin\ts4.exe] => (Block) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{7300DBB1-13B5-49EE-A886-C7ABEBAB22C3}C:\program files\the sims 4\game\bin\ts4.exe] => (Block) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{A8D36C9E-9659-410D-B0C8-C178E9963669}] => (Allow) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe (Cerberus, LLC -> Cerberus, LLC)
FirewallRules: [{89C8E4DA-FD7B-4FDA-93A7-66995720C2A7}] => (Allow) C:\Users\jasan\AppData\Local\Programs\Opera\67.0.3575.31\opera.exe => No File
FirewallRules: [UDP Query User{8A7773EC-BDB4-4D01-8943-FE0175E700B4}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{704FB8F9-441C-4D58-B172-B1344BB980DE}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3AB75215-9E8E-4E7B-B371-20F3933EEBAE}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{EF297B9D-ECD4-469F-B551-40DAFF8D3785}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{7A52AC3B-8659-403D-8B77-6FFA87E456E8}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{23B49FD9-6291-49EB-AD2C-DE0101F885E6}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{EB2E7767-65B6-4FA2-B2FE-7096F75BC5AE}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{56D8FC05-9576-41DE-92AF-680E01DC753D}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{DB7F0E10-5588-43D6-8F53-27D0A8FE89F2}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3E4668A2-E39F-4BDB-A46D-3D4739A56F12}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [{56F23E65-D9AE-4106-8EB4-F9799D3462BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{69A5F6CD-210C-46BA-98BF-7C65A60EE5A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A45753D8-76DE-4A9A-BC79-93760B5C438A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DFC4C1C2-A5D9-413E-8FDA-074D874356C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{14B91582-4109-4B26-8798-11140D1C92B3}C:\robozonky\6.3.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.2\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{7E891546-8669-43B1-A94A-66D89AAC4E49}C:\robozonky\6.3.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.2\dist\runtime\bin\java.exe
FirewallRules: [{C8C0ED50-1D2F-4C46-A89E-E767DD87ED3C}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{0B9B5B75-2E2B-4774-841A-53938ED93D55}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{F1734BB3-E5EF-4B2D-A5A9-CC720EB3D315}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [{CAB4846B-31AC-4C28-B4A3-CED0FB63A4F1}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [TCP Query User{4DEB090D-D738-419A-BCA3-4282657062E2}C:\robozonky\6.3.4\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.4\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{AC66831E-6AD7-4D97-87E5-11C2BBECD9DB}C:\robozonky\6.3.4\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.4\dist\runtime\bin\java.exe
FirewallRules: [{BF52FFDE-B1A7-4E20-83F7-A5AA7AB8E9C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Top Burger\Top Burger.exe () [File not signed]
FirewallRules: [{49DCE2D2-2A0F-4DDC-AB87-CA51B779A69E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Top Burger\Top Burger.exe () [File not signed]
FirewallRules: [{E4F222C7-2F58-4B38-9EB1-ED4DF29729EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{6EFE40EE-C680-4083-BF88-DAAA88194AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{A0173484-9C56-480C-977E-B031938A95D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MyFreeZoo\MyFreeZoo.exe () [File not signed]
FirewallRules: [{6FD4410A-F12C-404B-BE73-478D85BD7D38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MyFreeZoo\MyFreeZoo.exe () [File not signed]
FirewallRules: [TCP Query User{ECABC904-A050-4978-B2F9-D51BDA1850C9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{175C9A9D-8638-4CC8-9368-97F444740864}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E7DE603B-C8E2-4B88-81FE-2CAD09E58DBA}C:\robozonky\6.4.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.0\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{A6B4C3C6-B671-4DC6-852E-DBCBBF5D8DB0}C:\robozonky\6.4.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.0\dist\runtime\bin\java.exe
FirewallRules: [{7200DF07-D387-4293-963B-C5B43B4D3EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farstorm\Farstorm.exe () [File not signed]
FirewallRules: [{44A2DD30-28DA-4CC3-A6C4-F55A4520A3A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farstorm\Farstorm.exe () [File not signed]
FirewallRules: [TCP Query User{C7DBA5AF-2996-4572-9EC5-791260846BC5}C:\robozonky\6.4.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{32884D96-C21F-42BA-AA74-21A984CC7306}C:\robozonky\6.4.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{561029D2-7FF3-4CFC-9038-CBC002498DBB}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [UDP Query User{B2BDA0D5-CE97-4D82-804A-7BCC7E556276}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [TCP Query User{536875A2-B532-435D-89BB-FD5065DB6FF7}C:\robozonky\6.4.1a\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1a\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{DD4C6F8A-D332-460A-ABFA-C453B12972E8}C:\robozonky\6.4.1a\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1a\dist\runtime\bin\java.exe
FirewallRules: [{52824300-0662-4158-8849-3111E2FE1F73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{76BCA58A-A6BE-413D-A836-BA8AF4DBCB6A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{058998AF-6A9C-44DB-AC8D-C6D22B3A565D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ABCFF441-E898-4758-A46E-683CA0C2E5E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46CF507A-E25A-4BE1-B8D2-56A9734DA301}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EBCA8418-E7DD-4A86-81F4-73A5870E8137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe (Oblouk LLC) [File not signed]
FirewallRules: [{E6A21324-205A-400F-8006-FCCD93C7FF03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe (Oblouk LLC) [File not signed]
FirewallRules: [{B1559CC8-AAD2-443D-845B-278C06590754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{68677D5E-A4D7-4F64-B882-2943552C1E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{C11D0B39-6866-434B-AB31-AC14CE71B04F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{3ABC228E-DFE0-4F92-A398-D0E3B88A659C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{670E5A62-4613-43C8-8990-621E4135F849}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File
FirewallRules: [UDP Query User{C9D05946-E15C-4B93-95E0-B2BAD8A1EFF8}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File

==================== Restore Points =========================

18-06-2021 19:07:07 Naplánovaný kontrolní bod
23-06-2021 19:25:24 Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/26/2021 07:27:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 26.6.2021.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2714

Čas spuštění: 01d76aafa382f048

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\jasan\Desktop\FRST64.exe

ID hlášení: df71311a-3f53-4577-ae5d-f76dbdef2ad1

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (06/26/2021 07:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x1d24
Čas spuštění chybující aplikace: 0x01d76aaf661531e0
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 1b590418-da2d-4159-bbe8-4004ac91dd9d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x114c
Čas spuštění chybující aplikace: 0x01d76aaf64da12f9
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 811c4a99-a9ac-44cc-9d11-0b77e7f0434f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x710
Čas spuštění chybující aplikace: 0x01d76aaf63acbd8c
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 4582eb54-de60-42f1-a60b-49a968f30565
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x2244
Čas spuštění chybující aplikace: 0x01d76aaf628acf1b
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 00452fd2-9780-4f87-ac21-5dfe4d4a4ddf
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0xcf0
Čas spuštění chybující aplikace: 0x01d76aaf61956742
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 9d452c62-e388-444c-b49f-90cbe3f8da46
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x2e8
Čas spuštění chybující aplikace: 0x01d76aaf6082dd81
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: d06d72a5-cb50-411a-a861-f5972d078d64
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x2680
Čas spuštění chybující aplikace: 0x01d76aaf5d79116d
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: a88244cf-f592-47d7-82b1-79c511871c3c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (06/24/2021 10:18:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/24/2021 10:26:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (9:51:51, ‎24.‎06.‎2021) bylo neočekávané.

Error: (06/24/2021 09:11:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:45:25, ‎24.‎06.‎2021) bylo neočekávané.

Error: (06/24/2021 08:45:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:03:11, ‎24.‎06.‎2021) bylo neočekávané.

Error: (06/24/2021 05:35:41 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (06/24/2021 05:35:28 AM) (Source: DCOM) (EventID: 10010) (User: jasan-PC)
Description: Server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/24/2021 05:35:27 AM) (Source: DCOM) (EventID: 10010) (User: jasan-PC)
Description: Server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/24/2021 05:35:27 AM) (Source: DCOM) (EventID: 10010) (User: jasan-PC)
Description: Server {7966B4D8-4FDC-4126-A10B-39A3209AD251} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2021-06-26 07:49:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FF1F89E1-7105-4D5A-BCCB-06BE40B297FD}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-24 08:38:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {9B9B055C-8DB7-4252-8E0E-D54D6FB3C596}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-23 08:04:00
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BC9DF2FD-4D1D-480B-BA1E-E41C091166C5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-22 09:10:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0BF21274-867B-488C-ADD2-E0840F93E5C8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-21 08:45:16
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FA5B1549-5CE2-4250-BD11-98DE27D3363D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-24 09:22:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.341.1311.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-06-24 08:56:01
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.341.1311.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-06-05 08:17:17
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.42.0
Předchozí verze bezpečnostních informací: 1.339.1950.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-06-05 08:17:17
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.42.0
Předchozí verze bezpečnostních informací: 1.339.1950.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-06-05 08:17:17
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===============
Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F6 06/29/2010
Motherboard: Gigabyte Technology Co., Ltd. GA-MA770T-UD3
Processor: AMD Athlon(tm) II X4 635 Processor
Percentage of memory in use: 34%
Total physical RAM: 12285.55 MB
Available physical RAM: 8054.09 MB
Total Virtual: 24573.55 MB
Available Virtual: 19809.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.43 GB) (Free:321.59 GB) NTFS
Drive d: () (Fixed) (Total:1276.98 GB) (Free:208.45 GB) NTFS

\\?\Volume{830cec24-295e-11ea-b481-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{693c94a5-0000-0000-0000-206292000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 693C94A5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=514 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1277 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Asi malware nebo tak něco

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#4 Příspěvek od jasanek »

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-27-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1780 octets] - [27/06/2021 11:46:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Asi malware nebo tak něco

#5 Příspěvek od Rudy »

Dejte n ové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#6 Příspěvek od jasanek »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by jasan (administrator) on JASAN-PC (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (27-06-2021 21:52:40)
Running from C:\Users\jasan\Desktop
Loaded Profiles: jasan
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Cerberus, LLC -> Cerberus, LLC) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(LG Electronics Inc. -> ) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\DMC\Aggregation.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
(Macrovision Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [snp2std] => C:\WINDOWS\vsnp2std.exe [344064 2007-09-28] (SONIX TECHNOLOGY CO. , LTD -> Sonix)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] () [File not signed]
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [270336 2007-05-12] () [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) [File not signed]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475072 2013-10-02] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Discord] => C:\Users\jasan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [jasan] => cmd.exe /c start www.exinariuminix.info
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\jasan\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\jasan\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\RunOnce: [Uninstall 21.099.0516.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jasan\AppData\Local\Microsoft\OneDrive\21.099.0516.0003"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\MountPoints2: {57771de2-74b5-11ea-a858-1c6f652dda0b} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2020-01-18] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F2D77A-A278-4EEA-8C76-02F5B10A028E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09A89A19-7C90-49CE-8D03-46C604E24660} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1005EC77-363A-43F8-9DBD-EFE75C6DE5FA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {123B28F4-C440-4727-92D5-7A0933537AD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {138D1AFC-B7BC-4F47-96E9-DC079686344B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3061804363-3326323613-1069145852-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {166BECA3-8FA8-4239-B4A4-E24B23AE5A18} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {227A9375-5BBD-4A52-A7D1-2D0212F3B68E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {245037B9-F013-4901-8E99-5630C15C1914} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {2507A576-46AF-49FC-9980-A9B616DE1DB0} - System32\Tasks\Opera scheduled Autoupdate 1582673436 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe
Task: {2C6BB4A3-7968-48DB-AAAD-5DB0121302F6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D062919-E916-49C3-B261-48D693A7B6A5} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {2F89D2F6-E5AB-4624-96E8-7BBF62C2FB66} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {434E9CD5-00A9-4E0C-AAFC-1A074A3E5A82} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4D17A584-B369-44B7-9279-B296DCA6175E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4E6AE4B1-5D62-4220-B9C4-7670E097BD15} - System32\Tasks\jasan => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v jasan /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
Task: {560B7F21-3CE6-4F2D-A480-D42396D2475D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D779BF9-D8BF-4801-92ED-9DF2EFEC3197} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5E01A047-75D5-4D85-BDBA-6629696201E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60BA4F9A-409C-4202-B45F-EEDFCF35B221} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65416C4F-D128-4C13-AE4C-4146D0265D33} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {69524F04-9C82-4A23-ACC0-A68D6D77525E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {72B7F305-29FC-4A99-B78D-5FA6AA1799E7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7676981E-7340-41FB-BEB1-7B663B17A3F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {76FE7E08-113C-4003-A304-0E6CBCAC9B5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {77D16BB6-5F0F-4021-ABBB-0F738220A3B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78FAD5CA-EFA6-4DBB-989A-F5DB68318CEB} - System32\Tasks\{56FDD70A-618C-4699-BB4C-E8261257BF6B} => F:\TRANTYCO.ON\ENGLISH\INSTALL.EXE
Task: {7B2DF944-87E5-4A14-9EE3-9189133AA5D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {916F3E1A-EBEA-47F4-90D9-B7C80B236AB6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {927FD3EB-C5A4-40CC-8499-7966FC86DC3C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {93DE6982-DD71-40C4-8C56-AE88EB1C4E99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9880C5DF-9E50-4B1F-9BAD-8EC0BA3ACDA3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {A8231104-6742-421B-949C-6ACC2FBA7217} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AACFE3E1-BF80-4D77-8B97-C6DDDEF1768E} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {AB452472-0F40-429E-A3D6-771846269DDC} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [513216 2017-12-12] (LG Electronics Inc. -> LG Electronics Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B2D8D0F6-B8E9-414E-AB60-07C2ABC62F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B798433C-7294-4E31-B5D4-4C2C89CDE1F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B82E866A-9E8B-4F1C-A8A7-000C957E5F5C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B96365E7-0AD4-44A2-8015-CED065BFABB0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB1BD0F4-F627-4206-A5BA-B26841C15A18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {BD77CEDA-5902-412A-9EA4-76750E582B0F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {BF8B24C6-C6DD-45ED-BEB3-FD68F0AFEA5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C1EB6948-7A4D-4680-9A80-647825C19CB9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {C59A7950-ACF5-4907-89C9-10B26019245B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D423F539-8645-456A-A50B-7996ED42167A} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {D6E209AF-CD11-429B-9A26-ACCC930C8448} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E2803BF2-2FB9-4B65-8D04-F27E61111CE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {E40ABF5D-F8D5-417C-BEE0-A2A9D21133D5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {E6AEF7DD-BFE4-4213-A4D9-40394CC3DA7C} - System32\Tasks\Opera scheduled assistant Autoupdate 1582673439 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\jasan\AppData\Local\Programs\Opera\assistant" $(Arg0)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CB16339B-9B11-47C5-B456-42DA0E23620C}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge Profile: C:\Users\jasan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-24]

FireFox:
========
FF DefaultProfile: b3mcko8g.default
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\b3mcko8g.default [2020-01-18]
FF NewTab: Mozilla\Firefox\Profiles\b3mcko8g.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release [2021-06-27]
FF NewTab: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF Notifications: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxps://meet.google.com
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-19]
FF Extension: (Easy Screenshot) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-05-19]
FF Extension: (fx_cast) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\fx_cast@matt.tf.xpi [2021-03-17] [UpdateUrl:hxxps://hensm.github.io/fx_cast/updates.json]
FF Extension: (Tab Reloader (page auto refresh)) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\jid0-bnmfwWw2w2w4e4edvcdDbnMhdVg@jetpack.xpi [2021-03-10]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-06-04]
FF Extension: (Gesturefy) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{506e023c-7f2b-40a3-8066-bc5deb40aebe}.xpi [2021-06-23]
FF Extension: (Mercator Studio for Google Meet) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{55ba4b5e-908a-471e-907f-4d0fb7ce9bbb}.xpi [2021-05-31]
FF Extension: (Adblocker for YouTube™) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2019-12-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-06-23]
FF Extension: (Video DownloadHelper) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (No Name) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default [2021-06-13]
CHR Notifications: Default -> hxxps://meet.google.com
CHR Extension: (Prezentace) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-17]
CHR Extension: (Dokumenty) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-17]
CHR Extension: (Disk Google) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-17]
CHR Extension: (YouTube) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-17]
CHR Extension: (Tabulky) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Gmail) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 Cerberus FTP Server; C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [18565624 2019-01-03] (Cerberus, LLC -> Cerberus, LLC)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [64512 2009-07-14] (Microsoft Windows -> Hewlett-Packard)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.EXE [48344 2018-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 SNP2STD; C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] (SONIX TECHNOLOGY CO. , LTD -> )
S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12212864 2007-09-05] (SONIX TECHNOLOGY CO. , LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-27 21:52 - 2021-06-27 21:54 - 000026055 _____ C:\Users\jasan\Desktop\FRST.txt
2021-06-27 11:45 - 2021-06-27 11:47 - 000000000 ____D C:\AdwCleaner
2021-06-27 11:44 - 2021-06-27 11:44 - 008534696 _____ (Malwarebytes) C:\Users\jasan\Desktop\adwcleaner_8.2.exe
2021-06-26 19:21 - 2021-06-27 21:54 - 000000000 ____D C:\FRST
2021-06-26 19:20 - 2021-06-26 19:20 - 002300416 _____ (Farbar) C:\Users\jasan\Desktop\FRST64.exe
2021-06-26 19:19 - 2021-06-26 19:19 - 000002036 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002026 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002014 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk
2021-06-26 19:18 - 2021-06-26 19:18 - 000002016 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk
2021-06-26 19:12 - 2021-06-26 19:12 - 000000053 _____ C:\WINDOWS\WrpYGF74DrEm.ini
2021-06-26 07:42 - 2021-06-26 07:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Goldberg SteamEmu Saves
2021-06-24 21:47 - 2021-06-24 21:47 - 000000790 _____ C:\Users\jasan\Desktop\Mafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000762 _____ C:\Users\jasan\Desktop\launcherMafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-06-24 19:06 - 2021-06-24 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-24 19:05 - 2021-06-27 11:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\UnrealEngine
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\GSS2
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\CrashReportClient
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-06-23 18:59 - 2021-06-23 18:59 - 000000223 _____ C:\Users\jasan\Desktop\Gas Station Simulator Prologue - Early Days.url
2021-06-23 18:47 - 2021-06-23 18:47 - 000009423 _____ C:\Users\jasan\Documents\projekty.xlsx
2021-06-22 20:29 - 2021-06-22 20:29 - 000000223 _____ C:\Users\jasan\Desktop\OpenTTD.url
2021-06-20 17:03 - 2021-06-20 17:03 - 000160496 _____ C:\Users\jasan\Downloads\ceník.pdf
2021-06-19 20:30 - 2021-06-19 20:30 - 000185168 _____ C:\Users\jasan\Downloads\odpadky-nakladani-201025.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(2).pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(1).pdf
2021-06-13 20:28 - 2021-06-13 20:28 - 000077106 _____ C:\Users\jasan\Desktop\kamyk-nad-vltavou-1985-orig-fotografie-83436171.jpeg
2021-06-13 16:00 - 2021-06-13 16:00 - 000098470 _____ C:\Users\jasan\Downloads\L300073_210613_304114.pdf
2021-06-13 16:00 - 2021-06-13 16:00 - 000098111 _____ C:\Users\jasan\Downloads\L300073_210405_298560.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000440542 _____ C:\Users\jasan\Downloads\U7n4xFnqjrWmOVkQoJAAZ1Gn0P3qbZIx.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000147462 _____ C:\Users\jasan\Downloads\B4bPKo5zt9ijXeND5AIkqoBzOcjQFuuf.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000134191 _____ C:\Users\jasan\Downloads\MVt0itU0Phoifc2JnQz3tjkllXMAaGfm.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000208106 _____ C:\Users\jasan\Downloads\oznameni-110060780102-c2srqqsd3ihheu7458u0.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000151641 _____ C:\Users\jasan\Downloads\oznameni-110060780103-c2qshqsd3ihheu744v50.pdf
2021-06-13 15:30 - 2021-06-13 15:30 - 008798168 _____ C:\Users\jasan\Downloads\dl-letak-app-pidlitacka-cz-final-tiskova-data.pdf
2021-06-11 10:40 - 2021-06-11 10:40 - 000136514 _____ C:\Users\jasan\Downloads\15-zo-24-5-2021.pdf
2021-06-11 07:03 - 2021-06-11 07:03 - 000367015 _____ C:\Users\jasan\Downloads\Cestne_prohlaseni___vzor.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000104893 _____ C:\Users\jasan\Downloads\cestne-prohlaseni-covid.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000092894 _____ C:\Users\jasan\Downloads\320-cestne-prohlaseni.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000400543 _____ C:\Users\jasan\Downloads\Cestne-prohlaseni-samotestovani-posilovna.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000102910 _____ C:\Users\jasan\Downloads\cestne prohlaseni samotest.pdf
2021-06-10 10:39 - 2021-06-10 10:39 - 000017795 _____ C:\Users\jasan\Downloads\300088-12.pdf
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 16:22 - 2021-06-09 16:22 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 16:21 - 2021-06-09 16:21 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 16:21 - 2021-06-09 16:21 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 16:21 - 2021-06-09 16:21 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 16:20 - 2021-06-09 16:20 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 16:20 - 2021-06-09 16:20 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-09 16:20 - 2021-06-09 16:20 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-08 20:49 - 2021-06-08 20:49 - 000132761 _____ C:\Users\jasan\Downloads\priloha_915825092_0_RocniVypisROB.pdf
2021-06-07 20:29 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-06-07 20:29 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-06-07 12:29 - 2021-06-07 12:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-06-07 12:04 - 2021-06-07 12:24 - 350493319 _____ C:\Users\jasan\Desktop\Mark Manson - Důmyslné umění, jak mít všechno u prdele.rar
2021-06-06 18:29 - 2021-06-06 18:29 - 018982239 _____ C:\Users\jasan\Downloads\matomo-latest.zip
2021-06-05 20:25 - 2021-06-05 20:25 - 000689241 _____ C:\Users\jasan\Downloads\1761_cz_L003_sazebnik_platny_od_01012021.pdf
2021-06-05 20:23 - 2021-06-05 20:23 - 000078561 _____ C:\Users\jasan\Downloads\2806-cenik.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air(1).pdf
2021-06-05 17:16 - 2021-06-05 17:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\obs-studio
2021-06-05 17:16 - 2021-06-05 17:16 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-05 17:15 - 2021-06-05 17:16 - 000000000 ____D C:\Program Files\obs-studio
2021-06-05 17:14 - 2021-06-05 17:15 - 076720824 _____ (obsproject.com) C:\Users\jasan\Downloads\OBS-Studio-27.0-Full-Installer-x64.exe
2021-06-05 15:58 - 2021-06-05 15:58 - 000306968 _____ C:\Users\jasan\Documents\817 p. Mareš.pdf
2021-06-05 08:32 - 2021-06-05 11:39 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2021-05-31 21:01 - 2021-06-01 18:18 - 000456141 _____ C:\Users\jasan\Downloads\Zadost-o-DP-placene.pdf
2021-05-31 17:25 - 2021-05-31 17:30 - 001014100 _____ C:\WINDOWS\Minidump\053121-40250-01.dmp
2021-05-30 21:41 - 2021-05-30 21:42 - 000000000 ____D C:\Users\jasan\Downloads\PID

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-27 21:52 - 2019-12-28 12:54 - 000000000 ____D C:\Users\jasan\AppData\LocalLow\Mozilla
2021-06-27 21:48 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-27 21:40 - 2020-11-19 00:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-27 21:28 - 2021-02-06 13:42 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3061804363-3326323613-1069145852-1001
2021-06-27 21:28 - 2021-02-06 13:42 - 000000000 ___RD C:\Users\jasan\OneDrive
2021-06-27 21:28 - 2021-02-06 13:09 - 000002381 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-27 14:26 - 2020-01-04 13:13 - 003164641 _____ C:\Users\jasan\Documents\FoE.xlsx
2021-06-27 13:41 - 2020-01-04 13:13 - 001140791 _____ C:\Users\jasan\Documents\FoE2.xlsx
2021-06-27 11:56 - 2020-11-19 01:55 - 001899856 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-27 11:56 - 2019-12-07 16:43 - 000780030 _____ C:\WINDOWS\system32\perfh005.dat
2021-06-27 11:56 - 2019-12-07 16:43 - 000178016 _____ C:\WINDOWS\system32\perfc005.dat
2021-06-27 11:56 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-27 11:49 - 2021-02-06 13:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-27 11:49 - 2020-11-19 01:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-27 11:49 - 2019-12-28 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-27 11:48 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-27 11:45 - 2021-01-10 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-27 09:29 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-27 09:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-27 09:04 - 2021-03-20 10:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Mr.Mine
2021-06-26 20:43 - 2020-01-08 22:13 - 000037342 _____ C:\Users\jasan\Desktop\note.txt
2021-06-26 19:49 - 2020-01-04 13:13 - 000890880 _____ C:\Users\jasan\Documents\kamejk návštěvnost.xls
2021-06-26 19:28 - 2020-02-04 21:34 - 000000000 ____D C:\Games
2021-06-26 19:18 - 2019-12-28 19:06 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-26 19:14 - 2021-03-30 18:22 - 000000000 ____D C:\Users\jasan\Desktop\Moje
2021-06-26 07:12 - 2020-11-19 01:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-24 22:18 - 2021-02-06 13:09 - 000000000 ____D C:\Users\jasan
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Roaming\discord
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Local\Discord
2021-06-24 20:29 - 2021-04-02 11:31 - 000002231 _____ C:\Users\jasan\Desktop\Discord.lnk
2021-06-24 19:06 - 2019-12-28 12:54 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-24 08:48 - 2020-12-23 17:47 - 000000000 ____D C:\Users\jasan\Desktop\básničky
2021-06-23 19:27 - 2019-12-28 19:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-06-23 18:59 - 2021-01-10 13:26 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-06-22 20:35 - 2020-01-04 13:12 - 000000000 ____D C:\Users\jasan\Documents\OpenTTD
2021-06-19 13:54 - 2021-02-20 15:54 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-18 20:50 - 2020-08-14 15:10 - 000000000 ____D C:\RoboZonky
2021-06-18 06:53 - 2020-10-17 16:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-18 06:53 - 2020-10-17 16:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-13 16:17 - 2020-01-28 21:08 - 000000000 ____D C:\Users\jasan\Desktop\kamejk
2021-06-13 15:34 - 2020-01-04 13:13 - 000029057 _____ C:\Users\jasan\Documents\forgedb-idpoints-makro.xlsm
2021-06-12 07:08 - 2020-11-19 01:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 14:08 - 2020-01-03 18:43 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-11 14:07 - 2021-02-06 13:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-10 21:57 - 2020-01-04 13:13 - 000740864 _____ C:\Users\jasan\Documents\Plán příjmů a výdajů.xls
2021-06-10 21:45 - 2020-01-04 13:13 - 000017922 _____ C:\Users\jasan\Documents\Zonky.xlsx
2021-06-10 19:24 - 2021-01-02 23:40 - 000117487 _____ C:\Users\jasan\Documents\Simt.xlsx
2021-06-10 08:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-10 08:13 - 2020-11-19 00:46 - 000450720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 21:33 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 16:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 16:04 - 2020-01-01 04:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 15:59 - 2020-01-01 04:16 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 20:47 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Sipo
2021-06-06 18:27 - 2019-12-28 12:51 - 000000000 ____D C:\Users\jasan\AppData\Local\GHISLER
2021-06-06 12:14 - 2020-01-04 13:11 - 000000000 ____D C:\Users\jasan\Documents\_Vodafone vyúčtování
2021-06-05 17:58 - 2020-10-28 18:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\vlc
2021-06-05 11:39 - 2019-12-31 13:56 - 000000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-04 22:38 - 2020-12-15 19:39 - 000001239 _____ C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk
2021-06-04 14:41 - 2019-12-28 12:54 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-01 19:21 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Hypotéka
2021-05-31 18:17 - 2020-01-04 13:13 - 000000000 ____D C:\Users\jasan\Documents\Sponzoři
2021-05-31 17:30 - 2021-05-21 13:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-31 17:25 - 2021-05-21 13:44 - 816780958 _____ C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories ========

2020-03-26 14:06 - 2020-03-26 14:06 - 000040708 _____ () C:\Users\jasan\AppData\Roaming\d8j_0F1F1C1H1T2Z0F1T1R2Z1F1C2U1V0F0StJ1V1S1F1F1J1L1G1NtF1R1F1H.txt
2020-03-26 14:06 - 2020-03-26 14:06 - 000284010 _____ () C:\Users\jasan\AppData\Roaming\d8j_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2002-08-29 17:33 - 2002-08-29 17:33 - 000319488 ____R () C:\Users\jasan\AppData\Roaming\MafiaSetup.exe
2020-12-17 17:35 - 2020-12-17 17:35 - 000003584 _____ () C:\Users\jasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-04-07 19:04 - 2020-04-07 19:04 - 000000093 _____ () C:\Users\jasan\AppData\Local\fusioncache.dat
2020-09-28 21:49 - 2020-09-28 21:49 - 000000000 _____ () C:\Users\jasan\AppData\Local\{A310FDA0-B978-4215-AC39-A153FFB157B9}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#7 Příspěvek od jasanek »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021
Ran by jasan (27-06-2021 21:57:23)
Running from C:\Users\jasan\Desktop
Windows 10 Pro Version 20H2 19042.1052 (X64) (2021-02-06 11:19:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3061804363-3326323613-1069145852-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3061804363-3326323613-1069145852-1013 - Limited - Enabled)
DefaultAccount (S-1-5-21-3061804363-3326323613-1069145852-503 - Limited - Disabled)
Guest (S-1-5-21-3061804363-3326323613-1069145852-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3061804363-3326323613-1069145852-1019 - Limited - Enabled)
jasan (S-1-5-21-3061804363-3326323613-1069145852-1001 - Administrator - Enabled) => C:\Users\jasan
WDAGUtilityAccount (S-1-5-21-3061804363-3326323613-1069145852-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Antický Řím 1.0 (HKLM-x32\...\{Anticky Rim}_is1) (Version: - Špidla Data Processing, s.r.o.)
Asoftis Burning Studio (HKLM-x32\...\Asoftis Burning Studio_is1) (Version: 1.6 - PS Media s.r.o.)
Avidemux VC++ 64bits (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\{7be00188-bfda-45d5-807a-9c1df216651a}) (Version: 2.7.6 - Mean)
Cerberus FTP Server (HKLM-x32\...\{E655A7C7-9F0A-4136-80F4-0C71EF08EB8C}) (Version: 10.0.8 - Cerberus LLC) Hidden
Cerberus FTP Server (HKLM-x32\...\Cerberus FTP Server 10.0.8) (Version: 10.0.8 - Cerberus LLC)
CODIJY Pro verze 3.7.6 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.7.6 - CODIJY)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CorsixTH 0.63 (HKLM-x32\...\CorsixTH) (Version: 0.63 - CorsixTH Team)
CZ (HKLM-x32\...\{CCF7074B-BE72-44E1-9CAC-3FFAC582C692}) (Version: 13.0 - Corel Corporation) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
Extreme Ride Mod 2 - zima (HKLM-x32\...\Extreme Ride Mod 2 - zima) (Version: - )
Extreme Ride Mod 2 (HKLM-x32\...\Extreme Ride Mod 2) (Version: - )
FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
FontNav (HKLM-x32\...\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}) (Version: 5.0 - Corel Corporation) Hidden
FormatFactory 5.4.5.0 (HKLM-x32\...\FormatFactory) (Version: 5.4.5.0 - Free Time)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.114 - Google LLC)
Homeguardcare version 1.0 (HKLM-x32\...\{33CDAEF0-AD38-44E4-BF34-9EBE8D3100C8}_is1) (Version: 1.0 - Homeguardcare, Inc.)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Mafia Game (HKLM-x32\...\Mafia Game) (Version: - )
Mafia III v.1.010.01 (HKLM-x32\...\Mafia III_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\OneDriveSetup.exe) (Version: 21.109.0530.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Módní salón (HKLM-x32\...\Módní salón) (Version: - )
Moje cukrárna 2 1.0 (HKLM-x32\...\{Moje cukrárna 2}_is1) (Version: - Špidla Data Processing, s.r.o.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.3.1 - Mozilla)
Mozilla Thunderbird 78.11.0 (x64 cs) (HKLM\...\Mozilla Thunderbird 78.11.0 (x64 cs)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.0 - OBS Project)
OpenTTD 1.10.3 (HKLM-x32\...\OpenTTD) (Version: 1.10.3 - OpenTTD)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.5.1 - pdfforge GmbH)
Rajská zahrádka v1.0 (HKLM-x32\...\{Rajská zahrádka}_is1) (Version: - Špidla Data Processing, s.r.o.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Restaurace Medvěda Míši (HKLM-x32\...\Restaurace Medvěda Míši) (Version: - )
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
Simt Simulator verze 1.5.92 (HKLM-x32\...\{7C5E9B1D-F234-48CB-9F65-C4FB9A2DABFF}_is1) (Version: 1.5.92 - Tomas Faina)
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.3.1712.1201 - LG Electronics Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sweet Home 3D version 6.4.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.4.2 - eTeks)
Tajemství zámku bílého jednorožce (HKLM-x32\...\{Tajemstvi zamku bileho jednorozce}_is1) (Version: - Špidla Data Processing, s.r.o.)
The Sims 4 v.1.56.52.1020 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2018 - Thrustmaster)
Transport Tycoon Deluxe (HKLM-x32\...\ft_Transport Tycoon Deluxe) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Manager (HKLM-x32\...\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}) (Version: 4.60 - Corel Corporation) Hidden
USB2.0 PC Camera (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19104.100 - Sonix)
VBA (HKLM-x32\...\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}) (Version: 6.2 - Corel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Yawcam 0.6.2 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: 0.6.2 - Yawcam)
Záhadné město Zlatá Praha 1.0 (HKLM-x32\...\{Záhadné město Zlatá Praha}_is1) (Version: - Špidla Data Processing, s.r.o.)
Zoo Tycoon 2 - Dino Danger Pack (HKLM-x32\...\InstallShield_{F568B133-170C-4818-B06A-712C6D91B9F7}) (Version: 1.00.0000 - Microsoft Game Studios)
Ztracené štěňátko (HKLM-x32\...\Ztracené štěňátko) (Version: - )
Zvířecí salón krásy (HKLM-x32\...\Zvířecí salón krásy) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
IP CENTCOM -> C:\Program Files\WindowsApps\600CCC33.IPCENTCOM_4.29.838.0_x64__npmv4c3p4dm00 [2021-06-18] (Biyee SciTech Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk -> C:\RoboZonky\6.4.1\robozonky-exec.bat ()
ShortcutWithArgument: C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,OpenURL "hxxps://terra.im/gl/?cid=20885&oid=mZWZvCwR&v=3&utm_campaign=repacks&utm_medium=cpi&trash=" <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2021-02-28 19:23 - 2015-07-28 19:02 - 000903168 _____ () [File not signed] [File is in use] C:\Program Files (x86)\LG Software\LG Smart Share\DMR\LibMediaRenderer.dll
2021-02-28 19:23 - 2013-12-06 23:06 - 000642016 _____ () [File not signed] C:\Program Files (x86)\LG Software\LG Smart Share\DMS\sqlite3.dll
2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll
2006-10-26 14:40 - 2006-10-26 14:40 - 000192512 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2021-02-28 19:23 - 2011-11-30 16:52 - 000086071 _____ (Open Source Software community project) [File not signed] C:\Program Files (x86)\LG Software\LG Smart Share\DMS\pthreadVSE2.dll
2020-01-18 11:23 - 2020-01-18 11:23 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:810B9F0D [298]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:SummaryInformation [43]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://kamejk.net/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001 -> is enabled.

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: SmartSwitchPDLR.exe => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe Run Kies4
MSCONFIG\startupreg: snp2std => C:\Windows\vsnp2std.exe
HKLM\...\StartupApproved\Run: => "snp2std"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "FixCamera"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CED81EE2-AB7A-4975-976B-E14545EA6EA7}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{DA88D35D-C6A5-4015-A3F8-FE7FBE92C574}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{44711461-46EF-4497-823E-F7A8555C257F}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8F6FBC90-7CD4-42FE-85AB-E7C68EAC082C}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{9E8EB748-5A94-44E3-A70C-EC0BCD1F49B7}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{87C9F1EF-5661-4095-9133-1BC192C0F229}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{32FD7AFD-C81A-41A3-848D-473C5141499C}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [TCP Query User{0666D087-8D57-4EA0-9EC7-81F1B3F61E18}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [{B17588D0-2754-4C54-9EDC-545657A888A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Simulator 2020\Metro Simulator.exe () [File not signed]
FirewallRules: [{E08A5604-C680-45B2-BF61-63D742C55B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Simulator 2020\Metro Simulator.exe () [File not signed]
FirewallRules: [{B043A2DA-5A90-491B-A62F-FF55CCBAE332}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{AB7B77F2-5BF5-4DFB-B343-B149E5FBBB13}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BA4145FE-8485-4680-841D-12EF01C91EEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4551C93F-5810-456C-87CF-427E5C7BBCBD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4C63728D-A5D4-43C4-A889-829DD1522CA1}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [{20F7C0C5-3803-4B60-AF4E-73247457C845}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [UDP Query User{E2937AC6-5EDC-40B5-88D8-29DF447174A4}C:\program files\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files\ea games\need for speed underground 2\speed2.exe () [File not signed]
FirewallRules: [TCP Query User{86AB7653-6C98-4489-AB96-FD26D602A8A9}C:\program files\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files\ea games\need for speed underground 2\speed2.exe () [File not signed]
FirewallRules: [UDP Query User{F7BBBCDE-5EA9-4EF3-B335-4727E4248CAD}C:\robozonky\6.2.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.2\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{FEFAD5FD-FAF8-4745-A09C-210EEE5D4BD4}C:\robozonky\6.2.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.2\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{C8B0F8B3-F906-41DE-AFD7-8028F919F033}C:\robozonky\6.2.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{013B49F2-C636-4F3F-B816-153F0BA02757}C:\robozonky\6.2.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{EFC9AF49-1AE7-4CF0-A851-819BE60D44CB}C:\robozonky\6.2.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.0\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{89F79E3B-5EF5-45A4-9FB2-0B2A42FC14A6}C:\robozonky\6.2.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.0\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{5FA66D3C-8D34-47D0-8CEA-27D6E23E5612}C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe => No File
FirewallRules: [TCP Query User{B1FA7FD0-7EEA-4423-B30A-036736261F07}C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe => No File
FirewallRules: [{4D496331-D6A1-4441-8D12-E943C4B23EFF}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [{5E68F92D-7D66-4DE3-8CBE-BE72860F26D6}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [UDP Query User{A4319E9A-F2A8-4580-9F3F-981014FDCB9B}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9DCA9D0C-FFCA-4FD1-8974-39D1541CC059}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A1FAACE8-DA9A-46EF-8EDB-1039D44EA8A7}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [TCP Query User{0B5A1EEB-246F-458B-82FF-071C526D9449}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [{6D5BCC78-BBB7-49BA-BBA5-26153A4D1340}] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{EAEBAC90-2AB5-4A51-92A0-017C69C8A8D8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{D905E674-21C8-4CDD-96DE-51CADD0F05DC}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{CAD93F01-725C-4900-9F0F-FBE5247C6B7E}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{3750462A-DBCD-42D0-A295-09A341999691}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{C8211A77-CD97-459B-91A7-EFFEA7CFAD4E}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{62733199-48F0-49F6-8055-184ED734A0F6}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56685A14-41D8-48B0-99B2-99C2E8E9337A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2CA8553F-2C8F-4C3D-B0C9-0FE3A124FDF4}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{675B4FFF-77C6-42F7-B5D9-8569790C946A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{579A4A5B-44C2-4497-9460-E004EB07B39D}C:\robozonky\6.0.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.0.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{D7502F95-D917-43D1-8E29-BBD0AEAED2C5}C:\robozonky\6.0.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.0.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{32378CB4-44FD-4B7C-B479-0AC7536B42D0}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56B1B659-FFB3-4309-94DD-8C8CD6167A49}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{74CE00F2-9D12-4AB3-9DD7-E08C009CAB8F}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [TCP Query User{09C5BC7D-7E2F-4D04-B31B-B1BB96DDA102}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [UDP Query User{25FE21D5-EE7C-4B35-8AD9-03F6982C1C68}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{1496163A-30E6-4A1D-A5CD-656DC77EC8B6}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{B1CB770E-73CB-4328-BA7F-19DBF87FA1F7}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{15CDC272-0E3D-44B7-A2C6-20E4DA3EC7A8}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [UDP Query User{FD648900-D4C1-46A1-B5FF-54B059A077FD}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [TCP Query User{F18865A3-AD8A-40D5-9439-6DF7204A070E}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [UDP Query User{241A2549-9909-4AAD-8873-A018ADDE0991}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{1887D2A8-BEF3-4B22-8947-90F6EFF341C2}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [{B8C74DEA-C549-4D7D-A7BC-1C16F1F44DF9}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{51A75AC1-7839-4EDE-9E91-EB27D11FD9B1}C:\program files\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{C1D977F2-A189-44E3-8CA7-FAFDC79C29BA}C:\program files\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{8334B093-82EA-4541-B6F9-86849FFE7BCB}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{8E016EE9-A406-4304-A3D1-010367D3AE79}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [TCP Query User{42CFB3A5-90A4-4579-A327-E8994EBA24D1}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [UDP Query User{7548D1EC-2CD9-41E0-B3CF-5F6A98E800B6}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [TCP Query User{3CFCCB82-38B7-46D6-BE8D-BE25E5AE56EF}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [{C87224E6-1A09-4721-87CE-D915663290CA}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{87245DE2-AE52-43DC-90E8-A35DB7CD2DD7}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{D1CFE2C0-174E-409F-86A8-A8A43732922A}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{E75B011F-A013-4402-8EA7-E82840D9DA5C}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{08E3C71F-080F-4A13-BCBB-AE24DD470283}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{BC7DC1FF-577A-4DC7-B2DF-E6687E4BCCC7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{3AE0600E-5C96-4D59-9312-A69195C30B7F}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{6E5B41E2-8BBF-47CF-B051-6611DEC2DEE5}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{EE4705DD-5129-44BF-BB29-81C134D19A8D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{D7938BE4-BE72-41BB-9F9D-330398852999}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{D489005A-7F70-4FE9-9D36-73D15E4E68CE}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{6C8B639A-CF6B-4DD2-A16D-30B26BB2999B}C:\program files\the sims 4\game\bin\ts4.exe] => (Block) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{7300DBB1-13B5-49EE-A886-C7ABEBAB22C3}C:\program files\the sims 4\game\bin\ts4.exe] => (Block) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{A8D36C9E-9659-410D-B0C8-C178E9963669}] => (Allow) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe (Cerberus, LLC -> Cerberus, LLC)
FirewallRules: [{89C8E4DA-FD7B-4FDA-93A7-66995720C2A7}] => (Allow) C:\Users\jasan\AppData\Local\Programs\Opera\67.0.3575.31\opera.exe => No File
FirewallRules: [UDP Query User{8A7773EC-BDB4-4D01-8943-FE0175E700B4}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{704FB8F9-441C-4D58-B172-B1344BB980DE}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3AB75215-9E8E-4E7B-B371-20F3933EEBAE}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{EF297B9D-ECD4-469F-B551-40DAFF8D3785}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{7A52AC3B-8659-403D-8B77-6FFA87E456E8}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{23B49FD9-6291-49EB-AD2C-DE0101F885E6}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{EB2E7767-65B6-4FA2-B2FE-7096F75BC5AE}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{56D8FC05-9576-41DE-92AF-680E01DC753D}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{DB7F0E10-5588-43D6-8F53-27D0A8FE89F2}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3E4668A2-E39F-4BDB-A46D-3D4739A56F12}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [{56F23E65-D9AE-4106-8EB4-F9799D3462BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{69A5F6CD-210C-46BA-98BF-7C65A60EE5A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A45753D8-76DE-4A9A-BC79-93760B5C438A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DFC4C1C2-A5D9-413E-8FDA-074D874356C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{14B91582-4109-4B26-8798-11140D1C92B3}C:\robozonky\6.3.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.2\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{7E891546-8669-43B1-A94A-66D89AAC4E49}C:\robozonky\6.3.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.2\dist\runtime\bin\java.exe
FirewallRules: [{C8C0ED50-1D2F-4C46-A89E-E767DD87ED3C}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{0B9B5B75-2E2B-4774-841A-53938ED93D55}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{F1734BB3-E5EF-4B2D-A5A9-CC720EB3D315}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [{CAB4846B-31AC-4C28-B4A3-CED0FB63A4F1}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [TCP Query User{4DEB090D-D738-419A-BCA3-4282657062E2}C:\robozonky\6.3.4\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.4\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{AC66831E-6AD7-4D97-87E5-11C2BBECD9DB}C:\robozonky\6.3.4\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.4\dist\runtime\bin\java.exe
FirewallRules: [{BF52FFDE-B1A7-4E20-83F7-A5AA7AB8E9C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Top Burger\Top Burger.exe () [File not signed]
FirewallRules: [{49DCE2D2-2A0F-4DDC-AB87-CA51B779A69E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Top Burger\Top Burger.exe () [File not signed]
FirewallRules: [{E4F222C7-2F58-4B38-9EB1-ED4DF29729EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{6EFE40EE-C680-4083-BF88-DAAA88194AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{A0173484-9C56-480C-977E-B031938A95D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MyFreeZoo\MyFreeZoo.exe () [File not signed]
FirewallRules: [{6FD4410A-F12C-404B-BE73-478D85BD7D38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MyFreeZoo\MyFreeZoo.exe () [File not signed]
FirewallRules: [TCP Query User{ECABC904-A050-4978-B2F9-D51BDA1850C9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{175C9A9D-8638-4CC8-9368-97F444740864}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E7DE603B-C8E2-4B88-81FE-2CAD09E58DBA}C:\robozonky\6.4.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.0\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{A6B4C3C6-B671-4DC6-852E-DBCBBF5D8DB0}C:\robozonky\6.4.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.0\dist\runtime\bin\java.exe
FirewallRules: [{7200DF07-D387-4293-963B-C5B43B4D3EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farstorm\Farstorm.exe () [File not signed]
FirewallRules: [{44A2DD30-28DA-4CC3-A6C4-F55A4520A3A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farstorm\Farstorm.exe () [File not signed]
FirewallRules: [TCP Query User{C7DBA5AF-2996-4572-9EC5-791260846BC5}C:\robozonky\6.4.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{32884D96-C21F-42BA-AA74-21A984CC7306}C:\robozonky\6.4.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{561029D2-7FF3-4CFC-9038-CBC002498DBB}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [UDP Query User{B2BDA0D5-CE97-4D82-804A-7BCC7E556276}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [TCP Query User{536875A2-B532-435D-89BB-FD5065DB6FF7}C:\robozonky\6.4.1a\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1a\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{DD4C6F8A-D332-460A-ABFA-C453B12972E8}C:\robozonky\6.4.1a\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1a\dist\runtime\bin\java.exe
FirewallRules: [{52824300-0662-4158-8849-3111E2FE1F73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{76BCA58A-A6BE-413D-A836-BA8AF4DBCB6A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{058998AF-6A9C-44DB-AC8D-C6D22B3A565D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ABCFF441-E898-4758-A46E-683CA0C2E5E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46CF507A-E25A-4BE1-B8D2-56A9734DA301}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EBCA8418-E7DD-4A86-81F4-73A5870E8137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe (Oblouk LLC) [File not signed]
FirewallRules: [{E6A21324-205A-400F-8006-FCCD93C7FF03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe (Oblouk LLC) [File not signed]
FirewallRules: [{B1559CC8-AAD2-443D-845B-278C06590754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{68677D5E-A4D7-4F64-B882-2943552C1E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{C11D0B39-6866-434B-AB31-AC14CE71B04F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{3ABC228E-DFE0-4F92-A398-D0E3B88A659C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{670E5A62-4613-43C8-8990-621E4135F849}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File
FirewallRules: [UDP Query User{C9D05946-E15C-4B93-95E0-B2BAD8A1EFF8}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/27/2021 03:23:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/27/2021 03:18:26 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/27/2021 02:39:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/27/2021 02:30:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/26/2021 07:27:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 26.6.2021.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2714

Čas spuštění: 01d76aafa382f048

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\jasan\Desktop\FRST64.exe

ID hlášení: df71311a-3f53-4577-ae5d-f76dbdef2ad1

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (06/26/2021 07:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x1d24
Čas spuštění chybující aplikace: 0x01d76aaf661531e0
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 1b590418-da2d-4159-bbe8-4004ac91dd9d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x114c
Čas spuštění chybující aplikace: 0x01d76aaf64da12f9
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 811c4a99-a9ac-44cc-9d11-0b77e7f0434f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x710
Čas spuštění chybující aplikace: 0x01d76aaf63acbd8c
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 4582eb54-de60-42f1-a60b-49a968f30565
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Řízení front zpráv byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SAMSUNG Mobile Connectivity Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Cerberus FTP Server byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/27/2021 11:47:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Thrustmaster® General Accessories Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2021-06-27 09:25:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C3257E62-5ED9-4C79-8E34-9E701317066C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-26 07:49:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FF1F89E1-7105-4D5A-BCCB-06BE40B297FD}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-24 08:38:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {9B9B055C-8DB7-4252-8E0E-D54D6FB3C596}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-23 08:04:00
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BC9DF2FD-4D1D-480B-BA1E-E41C091166C5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-22 09:10:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0BF21274-867B-488C-ADD2-E0840F93E5C8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-24 09:22:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.341.1311.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-06-24 08:56:01
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.341.1311.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-06-05 08:17:17
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.42.0
Předchozí verze bezpečnostních informací: 1.339.1950.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-06-05 08:17:17
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.42.0
Předchozí verze bezpečnostních informací: 1.339.1950.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-06-05 08:17:17
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===============
Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F6 06/29/2010
Motherboard: Gigabyte Technology Co., Ltd. GA-MA770T-UD3
Processor: AMD Athlon(tm) II X4 635 Processor
Percentage of memory in use: 26%
Total physical RAM: 12285.55 MB
Available physical RAM: 8976.75 MB
Total Virtual: 24573.55 MB
Available Virtual: 20575.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.43 GB) (Free:330.17 GB) NTFS
Drive d: () (Fixed) (Total:1276.98 GB) (Free:208.47 GB) NTFS

\\?\Volume{830cec24-295e-11ea-b481-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{693c94a5-0000-0000-0000-206292000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 693C94A5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=514 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1277 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Asi malware nebo tak něco

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:810B9F0D [298]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:SummaryInformation [43]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{CED81EE2-AB7A-4975-976B-E14545EA6EA7}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{DA88D35D-C6A5-4015-A3F8-FE7FBE92C574}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{44711461-46EF-4497-823E-F7A8555C257F}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8F6FBC90-7CD4-42FE-85AB-E7C68EAC082C}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{9E8EB748-5A94-44E3-A70C-EC0BCD1F49B7}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{87C9F1EF-5661-4095-9133-1BC192C0F229}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{32FD7AFD-C81A-41A3-848D-473C5141499C}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [TCP Query User{0666D087-8D57-4EA0-9EC7-81F1B3F61E18}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [UDP Query User{A4319E9A-F2A8-4580-9F3F-981014FDCB9B}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9DCA9D0C-FFCA-4FD1-8974-39D1541CC059}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A1FAACE8-DA9A-46EF-8EDB-1039D44EA8A7}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [TCP Query User{0B5A1EEB-246F-458B-82FF-071C526D9449}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [{6D5BCC78-BBB7-49BA-BBA5-26153A4D1340}] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{62733199-48F0-49F6-8055-184ED734A0F6}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56685A14-41D8-48B0-99B2-99C2E8E9337A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2CA8553F-2C8F-4C3D-B0C9-0FE3A124FDF4}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{675B4FFF-77C6-42F7-B5D9-8569790C946A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{32378CB4-44FD-4B7C-B479-0AC7536B42D0}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56B1B659-FFB3-4309-94DD-8C8CD6167A49}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B1CB770E-73CB-4328-BA7F-19DBF87FA1F7}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{15CDC272-0E3D-44B7-A2C6-20E4DA3EC7A8}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [UDP Query User{FD648900-D4C1-46A1-B5FF-54B059A077FD}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [TCP Query User{F18865A3-AD8A-40D5-9439-6DF7204A070E}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [UDP Query User{241A2549-9909-4AAD-8873-A018ADDE0991}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{1887D2A8-BEF3-4B22-8947-90F6EFF341C2}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [UDP Query User{7548D1EC-2CD9-41E0-B3CF-5F6A98E800B6}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [TCP Query User{3CFCCB82-38B7-46D6-BE8D-BE25E5AE56EF}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [{C87224E6-1A09-4721-87CE-D915663290CA}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{87245DE2-AE52-43DC-90E8-A35DB7CD2DD7}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{D1CFE2C0-174E-409F-86A8-A8A43732922A}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{E75B011F-A013-4402-8EA7-E82840D9DA5C}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{89C8E4DA-FD7B-4FDA-93A7-66995720C2A7}] => (Allow) C:\Users\jasan\AppData\Local\Programs\Opera\67.0.3575.31\opera.exe => No File
FirewallRules: [UDP Query User{8A7773EC-BDB4-4D01-8943-FE0175E700B4}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{704FB8F9-441C-4D58-B172-B1344BB980DE}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DB7F0E10-5588-43D6-8F53-27D0A8FE89F2}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3E4668A2-E39F-4BDB-A46D-3D4739A56F12}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{670E5A62-4613-43C8-8990-621E4135F849}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File
FirewallRules: [UDP Query User{C9D05946-E15C-4B93-95E0-B2BAD8A1EFF8}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\MountPoints2: {57771de2-74b5-11ea-a858-1c6f652dda0b} - "F:\setup.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {7B2DF944-87E5-4A14-9EE3-9189133AA5D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {D423F539-8645-456A-A50B-7996ED42167A} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {E2803BF2-2FB9-4B65-8D04-F27E61111CE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
U3 idsvc; no ImagePath
C:\DumpStack.log.tmp
C:\Users\jasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\jasan\AppData\Local\{A310FDA0-B978-4215-AC39-A153FFB157B9}

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#9 Příspěvek od jasanek »

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021
Ran by jasan (28-06-2021 11:52:09) Run:1
Running from C:\Users\jasan\Desktop
Loaded Profiles: jasan
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:810B9F0D [298]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:SummaryInformation [43]
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{CED81EE2-AB7A-4975-976B-E14545EA6EA7}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{DA88D35D-C6A5-4015-A3F8-FE7FBE92C574}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{44711461-46EF-4497-823E-F7A8555C257F}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8F6FBC90-7CD4-42FE-85AB-E7C68EAC082C}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{9E8EB748-5A94-44E3-A70C-EC0BCD1F49B7}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{87C9F1EF-5661-4095-9133-1BC192C0F229}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{32FD7AFD-C81A-41A3-848D-473C5141499C}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [TCP Query User{0666D087-8D57-4EA0-9EC7-81F1B3F61E18}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe] => (Block) C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe => No File
FirewallRules: [UDP Query User{A4319E9A-F2A8-4580-9F3F-981014FDCB9B}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9DCA9D0C-FFCA-4FD1-8974-39D1541CC059}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A1FAACE8-DA9A-46EF-8EDB-1039D44EA8A7}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [TCP Query User{0B5A1EEB-246F-458B-82FF-071C526D9449}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe => No File
FirewallRules: [{6D5BCC78-BBB7-49BA-BBA5-26153A4D1340}] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{62733199-48F0-49F6-8055-184ED734A0F6}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56685A14-41D8-48B0-99B2-99C2E8E9337A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2CA8553F-2C8F-4C3D-B0C9-0FE3A124FDF4}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{675B4FFF-77C6-42F7-B5D9-8569790C946A}C:\program files\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{32378CB4-44FD-4B7C-B479-0AC7536B42D0}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{56B1B659-FFB3-4309-94DD-8C8CD6167A49}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B1CB770E-73CB-4328-BA7F-19DBF87FA1F7}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{15CDC272-0E3D-44B7-A2C6-20E4DA3EC7A8}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [UDP Query User{FD648900-D4C1-46A1-B5FF-54B059A077FD}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [TCP Query User{F18865A3-AD8A-40D5-9439-6DF7204A070E}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe] => (Allow) C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe => No File
FirewallRules: [UDP Query User{241A2549-9909-4AAD-8873-A018ADDE0991}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [TCP Query User{1887D2A8-BEF3-4B22-8947-90F6EFF341C2}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe => No File
FirewallRules: [UDP Query User{7548D1EC-2CD9-41E0-B3CF-5F6A98E800B6}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [TCP Query User{3CFCCB82-38B7-46D6-BE8D-BE25E5AE56EF}C:\program files\active webcam\webcam.exe] => (Block) C:\program files\active webcam\webcam.exe => No File
FirewallRules: [{C87224E6-1A09-4721-87CE-D915663290CA}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{87245DE2-AE52-43DC-90E8-A35DB7CD2DD7}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe => No File
FirewallRules: [{D1CFE2C0-174E-409F-86A8-A8A43732922A}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{E75B011F-A013-4402-8EA7-E82840D9DA5C}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe => No File
FirewallRules: [{89C8E4DA-FD7B-4FDA-93A7-66995720C2A7}] => (Allow) C:\Users\jasan\AppData\Local\Programs\Opera\67.0.3575.31\opera.exe => No File
FirewallRules: [UDP Query User{8A7773EC-BDB4-4D01-8943-FE0175E700B4}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{704FB8F9-441C-4D58-B172-B1344BB980DE}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DB7F0E10-5588-43D6-8F53-27D0A8FE89F2}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{3E4668A2-E39F-4BDB-A46D-3D4739A56F12}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{670E5A62-4613-43C8-8990-621E4135F849}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File
FirewallRules: [UDP Query User{C9D05946-E15C-4B93-95E0-B2BAD8A1EFF8}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe] => (Allow) D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe => No File
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\MountPoints2: {57771de2-74b5-11ea-a858-1c6f652dda0b} - "F:\setup.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {7B2DF944-87E5-4A14-9EE3-9189133AA5D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {D423F539-8645-456A-A50B-7996ED42167A} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {E2803BF2-2FB9-4B65-8D04-F27E61111CE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
U3 idsvc; no ImagePath
C:\DumpStack.log.tmp
C:\Users\jasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\jasan\AppData\Local\{A310FDA0-B978-4215-AC39-A153FFB157B9}

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
C:\ProgramData\TEMP => ":810B9F0D" ADS removed successfully
C:\Users\jasan\Desktop\note.txt => ":SummaryInformation" ADS could not remove.
C:\Users\jasan\Desktop\note.txt => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CED81EE2-AB7A-4975-976B-E14545EA6EA7}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DA88D35D-C6A5-4015-A3F8-FE7FBE92C574}C:\program files (x86)\kingdom come deliverance a womans lot\bin\win64\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{44711461-46EF-4497-823E-F7A8555C257F}C:\program files\java\jre1.8.0_281\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8F6FBC90-7CD4-42FE-85AB-E7C68EAC082C}C:\program files\java\jre1.8.0_281\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9E8EB748-5A94-44E3-A70C-EC0BCD1F49B7}C:\program files\java\jre1.8.0_271\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{87C9F1EF-5661-4095-9133-1BC192C0F229}C:\program files\java\jre1.8.0_271\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{32FD7AFD-C81A-41A3-848D-473C5141499C}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0666D087-8D57-4EA0-9EC7-81F1B3F61E18}C:\program files (x86)\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A4319E9A-F2A8-4580-9F3F-981014FDCB9B}C:\program files\java\jre1.8.0_271\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9DCA9D0C-FFCA-4FD1-8974-39D1541CC059}C:\program files\java\jre1.8.0_271\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A1FAACE8-DA9A-46EF-8EDB-1039D44EA8A7}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0B5A1EEB-246F-458B-82FF-071C526D9449}C:\program files (x86)\common files\oracle\java\javapath_target_9598647\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D5BCC78-BBB7-49BA-BBA5-26153A4D1340}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{62733199-48F0-49F6-8055-184ED734A0F6}C:\program files\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{56685A14-41D8-48B0-99B2-99C2E8E9337A}C:\program files\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2CA8553F-2C8F-4C3D-B0C9-0FE3A124FDF4}C:\program files\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{675B4FFF-77C6-42F7-B5D9-8569790C946A}C:\program files\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{32378CB4-44FD-4B7C-B479-0AC7536B42D0}C:\program files\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{56B1B659-FFB3-4309-94DD-8C8CD6167A49}C:\program files\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B1CB770E-73CB-4328-BA7F-19DBF87FA1F7}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{15CDC272-0E3D-44B7-A2C6-20E4DA3EC7A8}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FD648900-D4C1-46A1-B5FF-54B059A077FD}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F18865A3-AD8A-40D5-9439-6DF7204A070E}C:\program files\ozeki\ozeki sdk\demo\ozekiipcameramanagerdemo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{241A2549-9909-4AAD-8873-A018ADDE0991}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1887D2A8-BEF3-4B22-8947-90F6EFF341C2}C:\program files (x86)\common files\oracle\java\javapath_target_7028749\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7548D1EC-2CD9-41E0-B3CF-5F6A98E800B6}C:\program files\active webcam\webcam.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3CFCCB82-38B7-46D6-BE8D-BE25E5AE56EF}C:\program files\active webcam\webcam.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C87224E6-1A09-4721-87CE-D915663290CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87245DE2-AE52-43DC-90E8-A35DB7CD2DD7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1CFE2C0-174E-409F-86A8-A8A43732922A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E75B011F-A013-4402-8EA7-E82840D9DA5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89C8E4DA-FD7B-4FDA-93A7-66995720C2A7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8A7773EC-BDB4-4D01-8943-FE0175E700B4}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{704FB8F9-441C-4D58-B172-B1344BB980DE}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DB7F0E10-5588-43D6-8F53-27D0A8FE89F2}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3E4668A2-E39F-4BDB-A46D-3D4739A56F12}C:\program files\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{670E5A62-4613-43C8-8990-621E4135F849}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9D05946-E15C-4B93-95E0-B2BAD8A1EFF8}D:\hry\workers.&.resources.soviet.republic.v0.8.2.27\soviet64.exe" => removed successfully
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57771de2-74b5-11ea-a858-1c6f652dda0b} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B2DF944-87E5-4A14-9EE3-9189133AA5D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B2DF944-87E5-4A14-9EE3-9189133AA5D9}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D423F539-8645-456A-A50B-7996ED42167A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D423F539-8645-456A-A50B-7996ED42167A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2803BF2-2FB9-4B65-8D04-F27E61111CE5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2803BF2-2FB9-4B65-8D04-F27E61111CE5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\Users\jasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\jasan\AppData\Local\{A310FDA0-B978-4215-AC39-A153FFB157B9} => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 579382127 B
Java, Flash, Steam htmlcache => 508970309 B
Windows/system/drivers => 4033950 B
Edge => 0 B
Chrome => 63725058 B
Firefox => 1481707640 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33058 B
ProgramData => 33058 B
Public => 33058 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 193772 B
NetworkService => 574010 B
jasan => 250798350 B

RecycleBin => 796827476 B
EmptyTemp: => 3.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-06-2021 12:05:37)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 12:05:38 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Asi malware nebo tak něco

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#11 Příspěvek od jasanek »

Dobrý den, děkuji. Problém přetrvává. Po startu opravdu jen problikne okno cmd.exe, viz. odkaz https://ctrlv.cz/9oai a pak se zapne prohlížeč a jako první se objeví tato adresa http://www.exinariuminix.info/ a pak adresy různě přeskakují až to skončí u casina, případně wot, či jiné stránky. Okno s cmd problikávalo už předtím, ale je to jen chvilička, takže jsem si nevzpomněl to zmínit.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Asi malware nebo tak něco

#12 Příspěvek od Rudy »

Dejte ještě jednou oba logy (FRST+Addition).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#13 Příspěvek od jasanek »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by jasan (administrator) on JASAN-PC (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (28-06-2021 15:57:00)
Running from C:\Users\jasan\Desktop
Loaded Profiles: jasan
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Cerberus, LLC -> Cerberus, LLC) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(LG Electronics Inc. -> ) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\DMC\Aggregation.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
(LG Electronics Inc. -> LG Electronics Inc.) C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
(Macrovision Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [snp2std] => C:\WINDOWS\vsnp2std.exe [344064 2007-09-28] (SONIX TECHNOLOGY CO. , LTD -> Sonix)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] () [File not signed]
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [270336 2007-05-12] () [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) [File not signed]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475072 2013-10-02] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Discord] => C:\Users\jasan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [jasan] => cmd.exe /c start www.exinariuminix.info
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2020-01-18] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02F2D77A-A278-4EEA-8C76-02F5B10A028E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09A89A19-7C90-49CE-8D03-46C604E24660} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1005EC77-363A-43F8-9DBD-EFE75C6DE5FA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {123B28F4-C440-4727-92D5-7A0933537AD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {138D1AFC-B7BC-4F47-96E9-DC079686344B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3061804363-3326323613-1069145852-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {166BECA3-8FA8-4239-B4A4-E24B23AE5A18} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {227A9375-5BBD-4A52-A7D1-2D0212F3B68E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {245037B9-F013-4901-8E99-5630C15C1914} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {2507A576-46AF-49FC-9980-A9B616DE1DB0} - System32\Tasks\Opera scheduled Autoupdate 1582673436 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe
Task: {2C6BB4A3-7968-48DB-AAAD-5DB0121302F6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D062919-E916-49C3-B261-48D693A7B6A5} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {2F89D2F6-E5AB-4624-96E8-7BBF62C2FB66} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {434E9CD5-00A9-4E0C-AAFC-1A074A3E5A82} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4D17A584-B369-44B7-9279-B296DCA6175E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4E6AE4B1-5D62-4220-B9C4-7670E097BD15} - System32\Tasks\jasan => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v jasan /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
Task: {560B7F21-3CE6-4F2D-A480-D42396D2475D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D779BF9-D8BF-4801-92ED-9DF2EFEC3197} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5E01A047-75D5-4D85-BDBA-6629696201E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60BA4F9A-409C-4202-B45F-EEDFCF35B221} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65416C4F-D128-4C13-AE4C-4146D0265D33} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {69524F04-9C82-4A23-ACC0-A68D6D77525E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {72B7F305-29FC-4A99-B78D-5FA6AA1799E7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7676981E-7340-41FB-BEB1-7B663B17A3F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {76FE7E08-113C-4003-A304-0E6CBCAC9B5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {77D16BB6-5F0F-4021-ABBB-0F738220A3B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78FAD5CA-EFA6-4DBB-989A-F5DB68318CEB} - System32\Tasks\{56FDD70A-618C-4699-BB4C-E8261257BF6B} => F:\TRANTYCO.ON\ENGLISH\INSTALL.EXE
Task: {916F3E1A-EBEA-47F4-90D9-B7C80B236AB6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {927FD3EB-C5A4-40CC-8499-7966FC86DC3C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {93DE6982-DD71-40C4-8C56-AE88EB1C4E99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9880C5DF-9E50-4B1F-9BAD-8EC0BA3ACDA3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {A8231104-6742-421B-949C-6ACC2FBA7217} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AACFE3E1-BF80-4D77-8B97-C6DDDEF1768E} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {AB452472-0F40-429E-A3D6-771846269DDC} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [513216 2017-12-12] (LG Electronics Inc. -> LG Electronics Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B2D8D0F6-B8E9-414E-AB60-07C2ABC62F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B798433C-7294-4E31-B5D4-4C2C89CDE1F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B82E866A-9E8B-4F1C-A8A7-000C957E5F5C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B96365E7-0AD4-44A2-8015-CED065BFABB0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB1BD0F4-F627-4206-A5BA-B26841C15A18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {BD77CEDA-5902-412A-9EA4-76750E582B0F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {BF8B24C6-C6DD-45ED-BEB3-FD68F0AFEA5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C1EB6948-7A4D-4680-9A80-647825C19CB9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {C59A7950-ACF5-4907-89C9-10B26019245B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D6E209AF-CD11-429B-9A26-ACCC930C8448} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E40ABF5D-F8D5-417C-BEE0-A2A9D21133D5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {E6AEF7DD-BFE4-4213-A4D9-40394CC3DA7C} - System32\Tasks\Opera scheduled assistant Autoupdate 1582673439 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\jasan\AppData\Local\Programs\Opera\assistant" $(Arg0)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CB16339B-9B11-47C5-B456-42DA0E23620C}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge Profile: C:\Users\jasan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-24]

FireFox:
========
FF DefaultProfile: b3mcko8g.default
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\b3mcko8g.default [2021-06-28]
FF NewTab: Mozilla\Firefox\Profiles\b3mcko8g.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release [2021-06-28]
FF NewTab: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF Notifications: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxps://meet.google.com
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-19]
FF Extension: (Easy Screenshot) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-05-19]
FF Extension: (fx_cast) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\fx_cast@matt.tf.xpi [2021-03-17] [UpdateUrl:hxxps://hensm.github.io/fx_cast/updates.json]
FF Extension: (Tab Reloader (page auto refresh)) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\jid0-bnmfwWw2w2w4e4edvcdDbnMhdVg@jetpack.xpi [2021-03-10]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-06-04]
FF Extension: (Gesturefy) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{506e023c-7f2b-40a3-8066-bc5deb40aebe}.xpi [2021-06-23]
FF Extension: (Mercator Studio for Google Meet) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{55ba4b5e-908a-471e-907f-4d0fb7ce9bbb}.xpi [2021-05-31]
FF Extension: (Adblocker for YouTube™) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2019-12-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-06-23]
FF Extension: (Video DownloadHelper) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (No Name) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default [2021-06-28]
CHR Notifications: Default -> hxxps://meet.google.com
CHR Extension: (Prezentace) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-17]
CHR Extension: (Dokumenty) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-17]
CHR Extension: (Disk Google) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-17]
CHR Extension: (YouTube) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-17]
CHR Extension: (Tabulky) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Gmail) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 Cerberus FTP Server; C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [18565624 2019-01-03] (Cerberus, LLC -> Cerberus, LLC)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [64512 2009-07-14] (Microsoft Windows -> Hewlett-Packard)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.EXE [48344 2018-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 SNP2STD; C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] (SONIX TECHNOLOGY CO. , LTD -> )
S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12212864 2007-09-05] (SONIX TECHNOLOGY CO. , LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-28 15:57 - 2021-06-28 15:58 - 000024730 _____ C:\Users\jasan\Desktop\FRST.txt
2021-06-28 12:05 - 2021-06-28 12:05 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-06-28 11:52 - 2021-06-28 12:05 - 000021954 _____ C:\Users\jasan\Desktop\Fixlog.txt
2021-06-27 11:45 - 2021-06-27 11:47 - 000000000 ____D C:\AdwCleaner
2021-06-27 11:44 - 2021-06-27 11:44 - 008534696 _____ (Malwarebytes) C:\Users\jasan\Desktop\adwcleaner_8.2.exe
2021-06-26 19:21 - 2021-06-28 15:58 - 000000000 ____D C:\FRST
2021-06-26 19:20 - 2021-06-26 19:20 - 002300416 _____ (Farbar) C:\Users\jasan\Desktop\FRST64.exe
2021-06-26 19:19 - 2021-06-26 19:19 - 000002036 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002026 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002014 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk
2021-06-26 19:18 - 2021-06-26 19:18 - 000002016 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk
2021-06-26 19:12 - 2021-06-26 19:12 - 000000053 _____ C:\WINDOWS\WrpYGF74DrEm.ini
2021-06-26 07:42 - 2021-06-26 07:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Goldberg SteamEmu Saves
2021-06-24 21:47 - 2021-06-24 21:47 - 000000790 _____ C:\Users\jasan\Desktop\Mafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000762 _____ C:\Users\jasan\Desktop\launcherMafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-06-24 19:06 - 2021-06-24 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-24 19:05 - 2021-06-27 11:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\UnrealEngine
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\GSS2
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\CrashReportClient
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-06-23 18:59 - 2021-06-23 18:59 - 000000223 _____ C:\Users\jasan\Desktop\Gas Station Simulator Prologue - Early Days.url
2021-06-23 18:47 - 2021-06-23 18:47 - 000009423 _____ C:\Users\jasan\Documents\projekty.xlsx
2021-06-22 20:29 - 2021-06-22 20:29 - 000000223 _____ C:\Users\jasan\Desktop\OpenTTD.url
2021-06-20 17:03 - 2021-06-20 17:03 - 000160496 _____ C:\Users\jasan\Downloads\ceník.pdf
2021-06-19 20:30 - 2021-06-19 20:30 - 000185168 _____ C:\Users\jasan\Downloads\odpadky-nakladani-201025.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(2).pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(1).pdf
2021-06-13 20:28 - 2021-06-13 20:28 - 000077106 _____ C:\Users\jasan\Desktop\kamyk-nad-vltavou-1985-orig-fotografie-83436171.jpeg
2021-06-13 16:00 - 2021-06-13 16:00 - 000098470 _____ C:\Users\jasan\Downloads\L300073_210613_304114.pdf
2021-06-13 16:00 - 2021-06-13 16:00 - 000098111 _____ C:\Users\jasan\Downloads\L300073_210405_298560.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000440542 _____ C:\Users\jasan\Downloads\U7n4xFnqjrWmOVkQoJAAZ1Gn0P3qbZIx.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000147462 _____ C:\Users\jasan\Downloads\B4bPKo5zt9ijXeND5AIkqoBzOcjQFuuf.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000134191 _____ C:\Users\jasan\Downloads\MVt0itU0Phoifc2JnQz3tjkllXMAaGfm.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000208106 _____ C:\Users\jasan\Downloads\oznameni-110060780102-c2srqqsd3ihheu7458u0.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000151641 _____ C:\Users\jasan\Downloads\oznameni-110060780103-c2qshqsd3ihheu744v50.pdf
2021-06-13 15:30 - 2021-06-13 15:30 - 008798168 _____ C:\Users\jasan\Downloads\dl-letak-app-pidlitacka-cz-final-tiskova-data.pdf
2021-06-11 10:40 - 2021-06-11 10:40 - 000136514 _____ C:\Users\jasan\Downloads\15-zo-24-5-2021.pdf
2021-06-11 07:03 - 2021-06-11 07:03 - 000367015 _____ C:\Users\jasan\Downloads\Cestne_prohlaseni___vzor.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000104893 _____ C:\Users\jasan\Downloads\cestne-prohlaseni-covid.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000092894 _____ C:\Users\jasan\Downloads\320-cestne-prohlaseni.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000400543 _____ C:\Users\jasan\Downloads\Cestne-prohlaseni-samotestovani-posilovna.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000102910 _____ C:\Users\jasan\Downloads\cestne prohlaseni samotest.pdf
2021-06-10 10:39 - 2021-06-10 10:39 - 000017795 _____ C:\Users\jasan\Downloads\300088-12.pdf
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 16:22 - 2021-06-09 16:22 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 16:21 - 2021-06-09 16:21 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 16:21 - 2021-06-09 16:21 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 16:21 - 2021-06-09 16:21 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 16:20 - 2021-06-09 16:20 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 16:20 - 2021-06-09 16:20 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-09 16:20 - 2021-06-09 16:20 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-08 20:49 - 2021-06-08 20:49 - 000132761 _____ C:\Users\jasan\Downloads\priloha_915825092_0_RocniVypisROB.pdf
2021-06-07 20:29 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-06-07 20:29 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-06-07 12:29 - 2021-06-07 12:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-06-07 12:04 - 2021-06-07 12:24 - 350493319 _____ C:\Users\jasan\Desktop\Mark Manson - Důmyslné umění, jak mít všechno u prdele.rar
2021-06-06 18:29 - 2021-06-06 18:29 - 018982239 _____ C:\Users\jasan\Downloads\matomo-latest.zip
2021-06-05 20:25 - 2021-06-05 20:25 - 000689241 _____ C:\Users\jasan\Downloads\1761_cz_L003_sazebnik_platny_od_01012021.pdf
2021-06-05 20:23 - 2021-06-05 20:23 - 000078561 _____ C:\Users\jasan\Downloads\2806-cenik.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air(1).pdf
2021-06-05 17:16 - 2021-06-05 17:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\obs-studio
2021-06-05 17:16 - 2021-06-05 17:16 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-05 17:15 - 2021-06-05 17:16 - 000000000 ____D C:\Program Files\obs-studio
2021-06-05 17:14 - 2021-06-05 17:15 - 076720824 _____ (obsproject.com) C:\Users\jasan\Downloads\OBS-Studio-27.0-Full-Installer-x64.exe
2021-06-05 15:58 - 2021-06-05 15:58 - 000306968 _____ C:\Users\jasan\Documents\817 p. Mareš.pdf
2021-06-05 08:32 - 2021-06-05 11:39 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2021-05-31 21:01 - 2021-06-01 18:18 - 000456141 _____ C:\Users\jasan\Downloads\Zadost-o-DP-placene.pdf
2021-05-31 17:25 - 2021-05-31 17:30 - 001014100 _____ C:\WINDOWS\Minidump\053121-40250-01.dmp
2021-05-30 21:41 - 2021-05-30 21:42 - 000000000 ____D C:\Users\jasan\Downloads\PID

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-28 15:56 - 2020-11-19 00:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-28 15:56 - 2020-01-08 22:13 - 000037399 _____ C:\Users\jasan\Desktop\note.txt
2021-06-28 15:56 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-28 15:42 - 2019-12-28 12:54 - 000000000 ____D C:\Users\jasan\AppData\LocalLow\Mozilla
2021-06-28 14:04 - 2020-11-19 01:55 - 001899856 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-28 14:04 - 2019-12-07 16:43 - 000780030 _____ C:\WINDOWS\system32\perfh005.dat
2021-06-28 14:04 - 2019-12-07 16:43 - 000178016 _____ C:\WINDOWS\system32\perfc005.dat
2021-06-28 14:04 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-28 13:57 - 2021-02-06 13:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-28 13:57 - 2020-11-19 01:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-28 13:57 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-28 11:55 - 2020-10-14 18:18 - 000000000 ____D C:\Users\jasan\AppData\LocalLow\Temp
2021-06-28 11:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-06-28 11:52 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-06-27 21:28 - 2021-02-06 13:42 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3061804363-3326323613-1069145852-1001
2021-06-27 21:28 - 2021-02-06 13:42 - 000000000 ___RD C:\Users\jasan\OneDrive
2021-06-27 21:28 - 2021-02-06 13:09 - 000002381 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-27 14:26 - 2020-01-04 13:13 - 003164641 _____ C:\Users\jasan\Documents\FoE.xlsx
2021-06-27 13:41 - 2020-01-04 13:13 - 001140791 _____ C:\Users\jasan\Documents\FoE2.xlsx
2021-06-27 11:49 - 2019-12-28 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-27 11:45 - 2021-01-10 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-27 09:29 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-27 09:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-27 09:04 - 2021-03-20 10:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Mr.Mine
2021-06-26 19:49 - 2020-01-04 13:13 - 000890880 _____ C:\Users\jasan\Documents\kamejk návštěvnost.xls
2021-06-26 19:28 - 2020-02-04 21:34 - 000000000 ____D C:\Games
2021-06-26 19:18 - 2019-12-28 19:06 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-26 19:14 - 2021-03-30 18:22 - 000000000 ____D C:\Users\jasan\Desktop\Moje
2021-06-26 07:12 - 2020-11-19 01:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-24 22:18 - 2021-02-06 13:09 - 000000000 ____D C:\Users\jasan
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Roaming\discord
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Local\Discord
2021-06-24 20:29 - 2021-04-02 11:31 - 000002231 _____ C:\Users\jasan\Desktop\Discord.lnk
2021-06-24 19:06 - 2019-12-28 12:54 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-24 08:48 - 2020-12-23 17:47 - 000000000 ____D C:\Users\jasan\Desktop\básničky
2021-06-23 19:27 - 2019-12-28 19:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-06-23 18:59 - 2021-01-10 13:26 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-06-22 20:35 - 2020-01-04 13:12 - 000000000 ____D C:\Users\jasan\Documents\OpenTTD
2021-06-19 13:54 - 2021-02-20 15:54 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-18 20:50 - 2020-08-14 15:10 - 000000000 ____D C:\RoboZonky
2021-06-18 06:53 - 2020-10-17 16:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-18 06:53 - 2020-10-17 16:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-13 16:17 - 2020-01-28 21:08 - 000000000 ____D C:\Users\jasan\Desktop\kamejk
2021-06-13 15:34 - 2020-01-04 13:13 - 000029057 _____ C:\Users\jasan\Documents\forgedb-idpoints-makro.xlsm
2021-06-12 07:08 - 2020-11-19 01:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 14:08 - 2020-01-03 18:43 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-11 14:07 - 2021-02-06 13:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-10 21:57 - 2020-01-04 13:13 - 000740864 _____ C:\Users\jasan\Documents\Plán příjmů a výdajů.xls
2021-06-10 21:45 - 2020-01-04 13:13 - 000017922 _____ C:\Users\jasan\Documents\Zonky.xlsx
2021-06-10 19:24 - 2021-01-02 23:40 - 000117487 _____ C:\Users\jasan\Documents\Simt.xlsx
2021-06-10 08:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-10 08:13 - 2020-11-19 00:46 - 000450720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 21:33 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 16:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 16:04 - 2020-01-01 04:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 15:59 - 2020-01-01 04:16 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 20:47 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Sipo
2021-06-06 18:27 - 2019-12-28 12:51 - 000000000 ____D C:\Users\jasan\AppData\Local\GHISLER
2021-06-06 12:14 - 2020-01-04 13:11 - 000000000 ____D C:\Users\jasan\Documents\_Vodafone vyúčtování
2021-06-05 17:58 - 2020-10-28 18:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\vlc
2021-06-05 11:39 - 2019-12-31 13:56 - 000000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-04 22:38 - 2020-12-15 19:39 - 000001239 _____ C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk
2021-06-04 14:41 - 2019-12-28 12:54 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-01 19:21 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Hypotéka
2021-05-31 18:17 - 2020-01-04 13:13 - 000000000 ____D C:\Users\jasan\Documents\Sponzoři
2021-05-31 17:30 - 2021-05-21 13:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-31 17:25 - 2021-05-21 13:44 - 816780958 _____ C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories ========

2020-03-26 14:06 - 2020-03-26 14:06 - 000040708 _____ () C:\Users\jasan\AppData\Roaming\d8j_0F1F1C1H1T2Z0F1T1R2Z1F1C2U1V0F0StJ1V1S1F1F1J1L1G1NtF1R1F1H.txt
2020-03-26 14:06 - 2020-03-26 14:06 - 000284010 _____ () C:\Users\jasan\AppData\Roaming\d8j_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2002-08-29 17:33 - 2002-08-29 17:33 - 000319488 ____R () C:\Users\jasan\AppData\Roaming\MafiaSetup.exe
2020-04-07 19:04 - 2020-04-07 19:04 - 000000093 _____ () C:\Users\jasan\AppData\Local\fusioncache.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

jasanek
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 04 zář 2006 14:43

Re: Asi malware nebo tak něco

#14 Příspěvek od jasanek »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2021
Ran by jasan (28-06-2021 16:01:21)
Running from C:\Users\jasan\Desktop
Windows 10 Pro Version 20H2 19042.1052 (X64) (2021-02-06 11:19:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3061804363-3326323613-1069145852-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3061804363-3326323613-1069145852-1013 - Limited - Enabled)
DefaultAccount (S-1-5-21-3061804363-3326323613-1069145852-503 - Limited - Disabled)
Guest (S-1-5-21-3061804363-3326323613-1069145852-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3061804363-3326323613-1069145852-1019 - Limited - Enabled)
jasan (S-1-5-21-3061804363-3326323613-1069145852-1001 - Administrator - Enabled) => C:\Users\jasan
WDAGUtilityAccount (S-1-5-21-3061804363-3326323613-1069145852-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Antický Řím 1.0 (HKLM-x32\...\{Anticky Rim}_is1) (Version: - Špidla Data Processing, s.r.o.)
Asoftis Burning Studio (HKLM-x32\...\Asoftis Burning Studio_is1) (Version: 1.6 - PS Media s.r.o.)
Avidemux VC++ 64bits (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\{7be00188-bfda-45d5-807a-9c1df216651a}) (Version: 2.7.6 - Mean)
Cerberus FTP Server (HKLM-x32\...\{E655A7C7-9F0A-4136-80F4-0C71EF08EB8C}) (Version: 10.0.8 - Cerberus LLC) Hidden
Cerberus FTP Server (HKLM-x32\...\Cerberus FTP Server 10.0.8) (Version: 10.0.8 - Cerberus LLC)
CODIJY Pro verze 3.7.6 (HKLM\...\{26339FAF-FA88-4C47-9E68-D4D3E8C512D9}_is1) (Version: 3.7.6 - CODIJY)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CorsixTH 0.63 (HKLM-x32\...\CorsixTH) (Version: 0.63 - CorsixTH Team)
CZ (HKLM-x32\...\{CCF7074B-BE72-44E1-9CAC-3FFAC582C692}) (Version: 13.0 - Corel Corporation) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
Extreme Ride Mod 2 - zima (HKLM-x32\...\Extreme Ride Mod 2 - zima) (Version: - )
Extreme Ride Mod 2 (HKLM-x32\...\Extreme Ride Mod 2) (Version: - )
FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
FontNav (HKLM-x32\...\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}) (Version: 5.0 - Corel Corporation) Hidden
FormatFactory 5.4.5.0 (HKLM-x32\...\FormatFactory) (Version: 5.4.5.0 - Free Time)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.114 - Google LLC)
Homeguardcare version 1.0 (HKLM-x32\...\{33CDAEF0-AD38-44E4-BF34-9EBE8D3100C8}_is1) (Version: 1.0 - Homeguardcare, Inc.)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Mafia Game (HKLM-x32\...\Mafia Game) (Version: - )
Mafia III v.1.010.01 (HKLM-x32\...\Mafia III_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.59 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\OneDriveSetup.exe) (Version: 21.109.0530.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Módní salón (HKLM-x32\...\Módní salón) (Version: - )
Moje cukrárna 2 1.0 (HKLM-x32\...\{Moje cukrárna 2}_is1) (Version: - Špidla Data Processing, s.r.o.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.3.1 - Mozilla)
Mozilla Thunderbird 78.11.0 (x64 cs) (HKLM\...\Mozilla Thunderbird 78.11.0 (x64 cs)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.0 - OBS Project)
OpenTTD 1.10.3 (HKLM-x32\...\OpenTTD) (Version: 1.10.3 - OpenTTD)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.5.1 - pdfforge GmbH)
Rajská zahrádka v1.0 (HKLM-x32\...\{Rajská zahrádka}_is1) (Version: - Špidla Data Processing, s.r.o.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Restaurace Medvěda Míši (HKLM-x32\...\Restaurace Medvěda Míši) (Version: - )
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
Simt Simulator verze 1.5.92 (HKLM-x32\...\{7C5E9B1D-F234-48CB-9F65-C4FB9A2DABFF}_is1) (Version: 1.5.92 - Tomas Faina)
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.3.1712.1201 - LG Electronics Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sweet Home 3D version 6.4.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.4.2 - eTeks)
Tajemství zámku bílého jednorožce (HKLM-x32\...\{Tajemstvi zamku bileho jednorozce}_is1) (Version: - Špidla Data Processing, s.r.o.)
The Sims 4 v.1.56.52.1020 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2018 - Thrustmaster)
Transport Tycoon Deluxe (HKLM-x32\...\ft_Transport Tycoon Deluxe) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Manager (HKLM-x32\...\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}) (Version: 4.60 - Corel Corporation) Hidden
USB2.0 PC Camera (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19104.100 - Sonix)
VBA (HKLM-x32\...\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}) (Version: 6.2 - Corel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Yawcam 0.6.2 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: 0.6.2 - Yawcam)
Záhadné město Zlatá Praha 1.0 (HKLM-x32\...\{Záhadné město Zlatá Praha}_is1) (Version: - Špidla Data Processing, s.r.o.)
Zoo Tycoon 2 - Dino Danger Pack (HKLM-x32\...\InstallShield_{F568B133-170C-4818-B06A-712C6D91B9F7}) (Version: 1.00.0000 - Microsoft Game Studios)
Ztracené štěňátko (HKLM-x32\...\Ztracené štěňátko) (Version: - )
Zvířecí salón krásy (HKLM-x32\...\Zvířecí salón krásy) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
IP CENTCOM -> C:\Program Files\WindowsApps\600CCC33.IPCENTCOM_4.29.838.0_x64__npmv4c3p4dm00 [2021-06-18] (Biyee SciTech Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk -> C:\RoboZonky\6.4.1\robozonky-exec.bat ()
ShortcutWithArgument: C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,OpenURL "hxxps://terra.im/gl/?cid=20885&oid=mZWZvCwR&v=3&utm_campaign=repacks&utm_medium=cpi&trash=" <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2021-02-28 19:23 - 2015-07-28 19:02 - 000903168 _____ () [File not signed] [File is in use] C:\Program Files (x86)\LG Software\LG Smart Share\DMR\LibMediaRenderer.dll
2021-02-28 19:23 - 2013-12-06 23:06 - 000642016 _____ () [File not signed] C:\Program Files (x86)\LG Software\LG Smart Share\DMS\sqlite3.dll
2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll
2006-10-26 14:40 - 2006-10-26 14:40 - 000192512 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2021-02-28 19:23 - 2011-11-30 16:52 - 000086071 _____ (Open Source Software community project) [File not signed] C:\Program Files (x86)\LG Software\LG Smart Share\DMS\pthreadVSE2.dll
2020-01-18 11:23 - 2020-01-18 11:23 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:SummaryInformation [43]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://kamejk.net/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001 -> is enabled.

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: SmartSwitchPDLR.exe => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe Run Kies4
MSCONFIG\startupreg: snp2std => C:\Windows\vsnp2std.exe
HKLM\...\StartupApproved\Run: => "snp2std"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "FixCamera"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B17588D0-2754-4C54-9EDC-545657A888A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Simulator 2020\Metro Simulator.exe () [File not signed]
FirewallRules: [{E08A5604-C680-45B2-BF61-63D742C55B8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metro Simulator 2020\Metro Simulator.exe () [File not signed]
FirewallRules: [{B043A2DA-5A90-491B-A62F-FF55CCBAE332}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{AB7B77F2-5BF5-4DFB-B343-B149E5FBBB13}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BA4145FE-8485-4680-841D-12EF01C91EEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4551C93F-5810-456C-87CF-427E5C7BBCBD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4C63728D-A5D4-43C4-A889-829DD1522CA1}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [{20F7C0C5-3803-4B60-AF4E-73247457C845}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [UDP Query User{E2937AC6-5EDC-40B5-88D8-29DF447174A4}C:\program files\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files\ea games\need for speed underground 2\speed2.exe () [File not signed]
FirewallRules: [TCP Query User{86AB7653-6C98-4489-AB96-FD26D602A8A9}C:\program files\ea games\need for speed underground 2\speed2.exe] => (Block) C:\program files\ea games\need for speed underground 2\speed2.exe () [File not signed]
FirewallRules: [UDP Query User{F7BBBCDE-5EA9-4EF3-B335-4727E4248CAD}C:\robozonky\6.2.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.2\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{FEFAD5FD-FAF8-4745-A09C-210EEE5D4BD4}C:\robozonky\6.2.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.2\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{C8B0F8B3-F906-41DE-AFD7-8028F919F033}C:\robozonky\6.2.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{013B49F2-C636-4F3F-B816-153F0BA02757}C:\robozonky\6.2.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{EFC9AF49-1AE7-4CF0-A851-819BE60D44CB}C:\robozonky\6.2.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.0\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{89F79E3B-5EF5-45A4-9FB2-0B2A42FC14A6}C:\robozonky\6.2.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.2.0\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{5FA66D3C-8D34-47D0-8CEA-27D6E23E5612}C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe => No File
FirewallRules: [TCP Query User{B1FA7FD0-7EEA-4423-B30A-036736261F07}C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_28268753\javaw.exe => No File
FirewallRules: [{4D496331-D6A1-4441-8D12-E943C4B23EFF}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [{5E68F92D-7D66-4DE3-8CBE-BE72860F26D6}] => (Allow) D:\TLauncher.exe (TLauncher Inc. -> TLauncher Inc.)
FirewallRules: [UDP Query User{EAEBAC90-2AB5-4A51-92A0-017C69C8A8D8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{D905E674-21C8-4CDD-96DE-51CADD0F05DC}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{CAD93F01-725C-4900-9F0F-FBE5247C6B7E}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{3750462A-DBCD-42D0-A295-09A341999691}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{C8211A77-CD97-459B-91A7-EFFEA7CFAD4E}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{579A4A5B-44C2-4497-9460-E004EB07B39D}C:\robozonky\6.0.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.0.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{D7502F95-D917-43D1-8E29-BBD0AEAED2C5}C:\robozonky\6.0.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.0.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{74CE00F2-9D12-4AB3-9DD7-E08C009CAB8F}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [TCP Query User{09C5BC7D-7E2F-4D04-B31B-B1BB96DDA102}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [UDP Query User{25FE21D5-EE7C-4B35-8AD9-03F6982C1C68}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{1496163A-30E6-4A1D-A5CD-656DC77EC8B6}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{B8C74DEA-C549-4D7D-A7BC-1C16F1F44DF9}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{51A75AC1-7839-4EDE-9E91-EB27D11FD9B1}C:\program files\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{C1D977F2-A189-44E3-8CA7-FAFDC79C29BA}C:\program files\the sims 4\game\bin\ts4.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{8334B093-82EA-4541-B6F9-86849FFE7BCB}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{8E016EE9-A406-4304-A3D1-010367D3AE79}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [TCP Query User{42CFB3A5-90A4-4579-A327-E8994EBA24D1}C:\program files (x86)\homeguardcare\homeguardcare.exe] => (Allow) C:\program files (x86)\homeguardcare\homeguardcare.exe () [File not signed]
FirewallRules: [{08E3C71F-080F-4A13-BCBB-AE24DD470283}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{BC7DC1FF-577A-4DC7-B2DF-E6687E4BCCC7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{3AE0600E-5C96-4D59-9312-A69195C30B7F}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{6E5B41E2-8BBF-47CF-B051-6611DEC2DEE5}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{EE4705DD-5129-44BF-BB29-81C134D19A8D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{D7938BE4-BE72-41BB-9F9D-330398852999}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{D489005A-7F70-4FE9-9D36-73D15E4E68CE}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{6C8B639A-CF6B-4DD2-A16D-30B26BB2999B}C:\program files\the sims 4\game\bin\ts4.exe] => (Block) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{7300DBB1-13B5-49EE-A886-C7ABEBAB22C3}C:\program files\the sims 4\game\bin\ts4.exe] => (Block) C:\program files\the sims 4\game\bin\ts4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{A8D36C9E-9659-410D-B0C8-C178E9963669}] => (Allow) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe (Cerberus, LLC -> Cerberus, LLC)
FirewallRules: [UDP Query User{3AB75215-9E8E-4E7B-B371-20F3933EEBAE}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{EF297B9D-ECD4-469F-B551-40DAFF8D3785}C:\program files\the sims 4\game\bin\ts4_x64.exe] => (Allow) C:\program files\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{7A52AC3B-8659-403D-8B77-6FFA87E456E8}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{23B49FD9-6291-49EB-AD2C-DE0101F885E6}C:\users\jasan\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\jasan\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{EB2E7767-65B6-4FA2-B2FE-7096F75BC5AE}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{56D8FC05-9576-41DE-92AF-680E01DC753D}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{56F23E65-D9AE-4106-8EB4-F9799D3462BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{69A5F6CD-210C-46BA-98BF-7C65A60EE5A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A45753D8-76DE-4A9A-BC79-93760B5C438A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DFC4C1C2-A5D9-413E-8FDA-074D874356C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{14B91582-4109-4B26-8798-11140D1C92B3}C:\robozonky\6.3.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.2\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{7E891546-8669-43B1-A94A-66D89AAC4E49}C:\robozonky\6.3.2\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.2\dist\runtime\bin\java.exe
FirewallRules: [{C8C0ED50-1D2F-4C46-A89E-E767DD87ED3C}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{0B9B5B75-2E2B-4774-841A-53938ED93D55}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{F1734BB3-E5EF-4B2D-A5A9-CC720EB3D315}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [{CAB4846B-31AC-4C28-B4A3-CED0FB63A4F1}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [TCP Query User{4DEB090D-D738-419A-BCA3-4282657062E2}C:\robozonky\6.3.4\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.4\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{AC66831E-6AD7-4D97-87E5-11C2BBECD9DB}C:\robozonky\6.3.4\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.3.4\dist\runtime\bin\java.exe
FirewallRules: [{BF52FFDE-B1A7-4E20-83F7-A5AA7AB8E9C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Top Burger\Top Burger.exe () [File not signed]
FirewallRules: [{49DCE2D2-2A0F-4DDC-AB87-CA51B779A69E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Top Burger\Top Burger.exe () [File not signed]
FirewallRules: [{E4F222C7-2F58-4B38-9EB1-ED4DF29729EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{6EFE40EE-C680-4083-BF88-DAAA88194AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{A0173484-9C56-480C-977E-B031938A95D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MyFreeZoo\MyFreeZoo.exe () [File not signed]
FirewallRules: [{6FD4410A-F12C-404B-BE73-478D85BD7D38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MyFreeZoo\MyFreeZoo.exe () [File not signed]
FirewallRules: [TCP Query User{ECABC904-A050-4978-B2F9-D51BDA1850C9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{175C9A9D-8638-4CC8-9368-97F444740864}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E7DE603B-C8E2-4B88-81FE-2CAD09E58DBA}C:\robozonky\6.4.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.0\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{A6B4C3C6-B671-4DC6-852E-DBCBBF5D8DB0}C:\robozonky\6.4.0\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.0\dist\runtime\bin\java.exe
FirewallRules: [{7200DF07-D387-4293-963B-C5B43B4D3EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farstorm\Farstorm.exe () [File not signed]
FirewallRules: [{44A2DD30-28DA-4CC3-A6C4-F55A4520A3A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farstorm\Farstorm.exe () [File not signed]
FirewallRules: [TCP Query User{C7DBA5AF-2996-4572-9EC5-791260846BC5}C:\robozonky\6.4.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{32884D96-C21F-42BA-AA74-21A984CC7306}C:\robozonky\6.4.1\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1\dist\runtime\bin\java.exe
FirewallRules: [TCP Query User{561029D2-7FF3-4CFC-9038-CBC002498DBB}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [UDP Query User{B2BDA0D5-CE97-4D82-804A-7BCC7E556276}C:\program files\java\jre1.8.0_291\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_291\bin\javaw.exe
FirewallRules: [TCP Query User{536875A2-B532-435D-89BB-FD5065DB6FF7}C:\robozonky\6.4.1a\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1a\dist\runtime\bin\java.exe
FirewallRules: [UDP Query User{DD4C6F8A-D332-460A-ABFA-C453B12972E8}C:\robozonky\6.4.1a\dist\runtime\bin\java.exe] => (Allow) C:\robozonky\6.4.1a\dist\runtime\bin\java.exe
FirewallRules: [{52824300-0662-4158-8849-3111E2FE1F73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{76BCA58A-A6BE-413D-A836-BA8AF4DBCB6A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{058998AF-6A9C-44DB-AC8D-C6D22B3A565D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ABCFF441-E898-4758-A46E-683CA0C2E5E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46CF507A-E25A-4BE1-B8D2-56A9734DA301}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EBCA8418-E7DD-4A86-81F4-73A5870E8137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe (Oblouk LLC) [File not signed]
FirewallRules: [{E6A21324-205A-400F-8006-FCCD93C7FF03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrMine\win-unpacked\Mr.Mine.exe (Oblouk LLC) [File not signed]
FirewallRules: [{B1559CC8-AAD2-443D-845B-278C06590754}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{68677D5E-A4D7-4F64-B882-2943552C1E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{C11D0B39-6866-434B-AB31-AC14CE71B04F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{3ABC228E-DFE0-4F92-A398-D0E3B88A659C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/27/2021 03:23:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/27/2021 03:18:26 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/27/2021 02:39:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/27/2021 02:30:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (06/26/2021 07:27:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 26.6.2021.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2714

Čas spuštění: 01d76aafa382f048

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\jasan\Desktop\FRST64.exe

ID hlášení: df71311a-3f53-4577-ae5d-f76dbdef2ad1

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (06/26/2021 07:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x1d24
Čas spuštění chybující aplikace: 0x01d76aaf661531e0
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 1b590418-da2d-4159-bbe8-4004ac91dd9d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x114c
Čas spuštění chybující aplikace: 0x01d76aaf64da12f9
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 811c4a99-a9ac-44cc-9d11-0b77e7f0434f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/26/2021 07:19:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1023, časové razítko: 0xc438eef0
Název chybujícího modulu: apphelp.dll, verze: 10.0.19041.928, časové razítko: 0xdc01baa3
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000041eb5
ID chybujícího procesu: 0x710
Čas spuštění chybující aplikace: 0x01d76aaf63acbd8c
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\apphelp.dll
ID zprávy: 4582eb54-de60-42f1-a60b-49a968f30565
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (06/28/2021 01:52:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (06/28/2021 01:50:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (06/28/2021 01:48:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (06/28/2021 11:52:10 AM) (Source: DCOM) (EventID: 10010) (User: jasan-PC)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/28/2021 11:52:10 AM) (Source: DCOM) (EventID: 10010) (User: jasan-PC)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/28/2021 11:52:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/28/2021 11:52:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/28/2021 11:52:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Adaptér naslouchání Net.Msmq byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2021-06-27 09:25:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C3257E62-5ED9-4C79-8E34-9E701317066C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-26 07:49:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FF1F89E1-7105-4D5A-BCCB-06BE40B297FD}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-24 08:38:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {9B9B055C-8DB7-4252-8E0E-D54D6FB3C596}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-23 08:04:00
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BC9DF2FD-4D1D-480B-BA1E-E41C091166C5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-22 09:10:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0BF21274-867B-488C-ADD2-E0840F93E5C8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-24 09:22:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.341.1311.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-06-24 08:56:01
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.341.1311.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-06-05 08:17:17
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.42.0
Předchozí verze bezpečnostních informací: 1.339.1950.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-06-05 08:17:17
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.42.0
Předchozí verze bezpečnostních informací: 1.339.1950.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-06-05 08:17:17
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

CodeIntegrity:
===============
Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:54:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-10 08:47:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F6 06/29/2010
Motherboard: Gigabyte Technology Co., Ltd. GA-MA770T-UD3
Processor: AMD Athlon(tm) II X4 635 Processor
Percentage of memory in use: 24%
Total physical RAM: 12285.55 MB
Available physical RAM: 9248.81 MB
Total Virtual: 24573.55 MB
Available Virtual: 20744.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.43 GB) (Free:333.35 GB) NTFS
Drive d: () (Fixed) (Total:1276.98 GB) (Free:208.47 GB) NTFS

\\?\Volume{830cec24-295e-11ea-b481-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{693c94a5-0000-0000-0000-206292000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 693C94A5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=514 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1277 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Asi malware nebo tak něco

#15 Příspěvek od Rudy »

Zkusíme to ještě jednou. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
C:\RoboZonky\6.4.1\robozonky-exec.bat
AlternateDataStreams: C:\Users\jasan\Desktop\note.txt:SummaryInformation [43]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{8334B093-82EA-4541-B6F9-86849FFE7BCB}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [jasan] => cmd.exe /c start www.exinariuminix.info
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {4E6AE4B1-5D62-4220-B9C4-7670E097BD15} - System32\Tasks\jasan => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v jasan /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
C:\Users\jasan\AppData\LocalLow\Temp
C:\Users\jasan\AppData\Local\fusioncache.dat

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno