Ukradený účet steam

[Bartis]

Dobrý den ,

někdo mému klukovi ukradl steam účet , než začnu měnit všechny hesla na email atd... ( dokonce mu z emailu odstranili i všechno co obsahovalo slovo steam) Tak potřebuji ať to má čisté , smažte vše , i kdyby to bylo jen podezřelé. Instaluje si tu různé hacky atd, tak je to jeho problém

posílám adwcleaner a FRST po něm.

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-31-2021
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 26
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\MachinerData
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Garbage Cleaner
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\tomasek\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
Deleted C:\Users\tomasek\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\tomasek\AppData\Roaming\Smart Clock

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\SMART CLOCK

***** [ Registry ] *****

Deleted HKCU\Software\GCleaner
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{721DBB1E-BC53-4B93-BC26-71703BD120C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smart Clock
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{db0d9acf-3c9c-4a7f-89ea-752e3fc8660e}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{db0d9acf-3c9c-4a7f-89ea-752e3fc8660e}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{db0d9acf-3c9c-4a7f-89ea-752e3fc8660e}|UninstallString
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted me.fo

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6856 octets] - [01/03/2021 19:16:19]
AdwCleaner[S01].txt - [6917 octets] - [01/03/2021 20:12:38]
AdwCleaner[C01].txt - [6449 octets] - [01/03/2021 20:14:15]
AdwCleaner[S02].txt - [2957 octets] - [16/05/2021 15:54:45]
AdwCleaner[C02].txt - [2910 octets] - [16/05/2021 15:55:48]
AdwCleaner[S03].txt - [4169 octets] - [31/10/2021 12:51:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2021
Ran by tomasek (administrator) on DESKTOP-3JV1PF5 (31-10-2021 13:00:58)
Running from C:\Users\tomasek\Desktop
Loaded Profiles: tomasek
: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <13>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastNM.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Opera Software AS -> Opera Software) C:\Users\tomasek\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-23] (Adobe Inc. -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [RK61] => C:\Program Files (x86)\RK\RK61\DeviceDriver.exe [1620480 2020-11-11] () [File not signed]
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1806680 2021-10-07] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [6330568 2021-10-14] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Opera Browser Assistant] => C:\Users\tomasek\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [5461888 2021-10-23] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Discord] => C:\Users\tomasek\AppData\Local\Discord\Update.exe --processStart Discord.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.54\Installer\chrmstp.exe [2021-10-26] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12674.55\Installer\chrmstp.exe [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google\RebusDrop.lnk [2021-09-02]
ShortcutTarget: RebusDrop.lnk -> C:\Users\tomasek\RebusDrop\App\RebusDrop.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DCEFEF-2636-4488-A8B3-16EE3AD65CF9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2564864 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
Task: {13B50121-E1FE-452F-8755-DF0C03C90E84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1FA75FDC-E5D2-4440-9040-A97E14DDE2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {219CB4A4-8C31-4E10-97F7-0B73A9BD4689} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2484568 2021-10-07] (Overwolf Ltd -> Overwolf LTD)
Task: {2D09A541-D6DA-4F28-AE58-21DFCE0D4BE2} - System32\Tasks\bookingDesktopAppUpdateTaskMachineCore => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {3144313B-CD3A-443B-9944-89DCEF9BAD3F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {3C327DF6-D29D-474A-A0DE-5FEDB6CF97FB} - System32\Tasks\services32 => C:\Users\tomasek\Services32.exe
Task: {3E6E236C-348F-499F-9A85-D858EF38D127} - System32\Tasks\Opera scheduled assistant Autoupdate 1628263185 => C:\Users\tomasek\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tomasek\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {495325BD-0611-494E-9CF3-51D52F2F63DC} - System32\Tasks\bookingDesktopAppUpdateTaskMachineUA => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {4CBD922F-134E-4824-B412-07443DC9DAA0} - System32\Tasks\CCleanerSkipUAC - tomasek => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {569F5295-71BB-47D1-AB69-7313B2B593E5} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4974872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {6AC38052-6759-4FB6-8419-AA406408FA38} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2021-10-27] (Avast Software s.r.o. -> Avast Software)
Task: {6F8A71A0-7E02-4E72-B8BF-3A60BB0E6C74} - System32\Tasks\Videocard Service => C:\Users\tomasek\Documents\ClientHost.exe
Task: {7AFBBC1A-0209-45A7-8070-2A62AAC36390} - System32\Tasks\Services\Diagnostic => C:\Users\tomasek\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe -> "C:\Users\tomasek\AppData\Local\Disk\AutoIt3\Settings.au3"
Task: {A4AD5645-1782-4879-BD8C-57AE76E146AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {A738DAE6-E4CD-4455-81CA-9CAE713313F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {ABC8A774-3286-4F6E-9DC5-D55753936F94} - System32\Tasks\WinManager => C:\Users\tomasek\AppData\Roaming\Windows\svchost.exe <==== ATTENTION
Task: {B928C857-D17A-430D-B8A8-A7883FC4E004} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {BF41AFA4-3048-478F-980A-1E13BCB07422} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2564864 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
Task: {D473253E-AD71-43A3-979D-CD4EFA514B25} - System32\Tasks\Microsoft Windows Defender Update => C:\Program Files (x86)\BZDI\BZDI.exe
Task: {E409927A-C556-409B-919B-D6402429B072} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-3JV1PF5-tomasek => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {F2327FD2-7655-40A5-963B-ECE51465085D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {FED5759A-2877-4CD0-B558-9642D907088F} - System32\Tasks\Opera scheduled Autoupdate 1609853199 => C:\Users\tomasek\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42d5e22c-9575-4454-8a68-21d1a84a4acf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ded706b5-01c2-4a75-9021-93f1d6b19da9}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-24]
Edge Extension: (KeyFind) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nnoidofbgkmeabamdgclicncakljkoin [2021-03-25]
Edge Profile: C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-10-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2021-01-01] (Adobe Systems Incorporated -> )
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=3 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=9 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default [2021-10-31]
CHR DefaultSearchURL: Default -> hxxps//search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Точная погода на неделю) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkfanndldghlkndfhojpfhclgdnglfmf [2021-06-30]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-31]
CHR Extension: (Swift Select) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\molponhobmbbinjnghgafbfampcgamln [2021-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-11]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-31]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-31]
CHR DefaultSearchURL: Profile 1 -> hxxps//search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> mcafee
CHR Extension: (Překladač Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-14]
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-14]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-14]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-14]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-14]
CHR Extension: (NavFast) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmbkjfjekgmlimjklnijcjijbfpblgde [2021-06-01]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-19]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-04-14]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-10-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-14]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-14]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-10-16]
CHR DefaultSearchURL: Profile 2 -> hxxps//www.searchmr.com/?q={searchTerms}
CHR DefaultSuggestURL: Profile 2 -> hxxps//searchmr.com/?s={searchTerms}
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-14]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-14]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-14]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-14]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-06]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-04-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-14]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-14]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3 [2021-10-30]
CHR DefaultSearchURL: Profile 3 -> hxxps//www.searchmr.com/?q={searchTerms}
CHR DefaultSuggestURL: Profile 3 -> hxxps//searchmr.com/?s={searchTerms}
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-24]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-28]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-06-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-24]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4 [2021-10-31]
CHR DefaultSearchURL: Profile 4 -> hxxps//www.searchmr.com/?q={searchTerms}
CHR DefaultSuggestURL: Profile 4 -> hxxps//searchmr.com/?s={searchTerms}
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-10]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-23]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-08-10]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-23]
CHR Extension: (TubeBuddy) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2021-10-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-10]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5 [2021-10-31]
CHR DefaultSearchURL: Profile 5 -> hxxps//search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 5 -> mcafee
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-19]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-19]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-19]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-19]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-19]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-10-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-19]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-19]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-31]
CHR HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkfanndldghlkndfhojpfhclgdnglfmf] - hxxps//chrome.google.com/webstore/detail/gkfanndldghlkndfhojpfhclgdnglfmf
CHR HKLM-x32\...\Chrome\Extension: [gnplhahbcoldbildffdchneaepapccbn]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable [2021-10-31]
OPR DefaultSuggestURL: Opera Stable -> hxxps//www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-10-26]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8376400 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [680728 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [427800 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12674.55\elevation_service.exe [1812296 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-30] (BattlEye Innovations e.K. -> )
S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2484568 2021-10-07] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; D:\GTAV\Launcher\RockstarService.exe [2219416 2021-06-04] (Rockstar Games, Inc. -> Rockstar Games)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1300352 2021-10-23] (Windscribe Limited -> Windscribe Limited)
S2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [X]
S2 igx64; "C:\Users\tomasek\AppData\Roaming\WinShare\runchos.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [222112 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [372232 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [21936 2021-10-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41352 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184648 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538992 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107864 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82928 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [852240 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [557664 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [214368 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316632 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-04-16] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-03-18] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-03-18] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-03-18] (Logitech Inc -> Logitech)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [57768 2021-08-13] (Windscribe Limited -> The OpenVPN Project)
R3 VBAudioVMVAIOMME; C:\Windows\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-01-01] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [48136 2021-05-13] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-10-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [434424 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\Windows\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2021-10-23] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\drivers\windtun420.sys [47544 2021-08-13] (Windscribe Limited -> WireGuard LLC)
U1 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
U2 bddci; no ImagePath
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION
S3 HWiNFO_155; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-31 12:59 - 2021-10-31 13:00 - 000051302 _____ C:\Users\tomasek\Desktop\Addition.txt
2021-10-31 12:58 - 2021-10-31 13:01 - 000031749 _____ C:\Users\tomasek\Desktop\FRST.txt
2021-10-31 12:53 - 2021-10-31 12:53 - 000003881 _____ C:\Users\tomasek\Desktop\AdwCleaner[C03].txt
2021-10-31 12:51 - 2021-10-31 12:51 - 008553680 _____ (Malwarebytes) C:\Users\tomasek\Desktop\adwcleaner_8.3.0.exe
2021-10-31 12:50 - 2021-10-31 12:50 - 002310656 _____ (Farbar) C:\Users\tomasek\Desktop\FRST64.exe
2021-10-30 14:41 - 2021-10-30 14:41 - 000000000 ____D C:\Users\tomasek\AppData\Local\UXP
2021-10-30 14:40 - 2021-10-30 14:40 - 000000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate 2021.lnk
2021-10-30 07:56 - 2021-10-30 08:16 - 2255205588 _____ C:\Users\tomasek\Downloads\_Getintopc.com_Adobe_Animate_v21.0.6.41649x64.rar
2021-10-30 07:54 - 2021-10-30 07:54 - 002524832 _____ (Adobe Inc.) C:\Users\tomasek\Downloads\Animate_Set-Up.exe
2021-10-29 18:45 - 2021-10-29 18:45 - 009502346 _____ C:\Users\tomasek\Downloads\Phantom fixed 1.8.zip
2021-10-29 18:27 - 2021-10-29 18:27 - 002705872 _____ ( ) C:\Users\tomasek\Downloads\Download of V3pe - Linkvertise Downloader_zlCT-k1.exe
2021-10-28 20:23 - 2021-10-28 20:23 - 000000223 _____ C:\Users\tomasek\Desktop\People Playground.url
2021-10-28 11:19 - 2021-10-28 11:19 - 038615557 _____ C:\Users\tomasek\Downloads\True Powers - Furnox VS Avellom.mp4
2021-10-28 10:53 - 2021-10-28 10:54 - 000194498 _____ C:\Users\tomasek\Downloads\All windows chords.mp4
2021-10-28 10:25 - 2021-10-28 10:25 - 013399395 _____ C:\Users\tomasek\Downloads\The Simpsons - Travel into the future couch gag.mp4
2021-10-28 09:43 - 2021-10-28 09:43 - 008920676 _____ C:\Users\tomasek\Downloads\Gravity Falls_ The Last Mablecorn - The TRUTH Between Bill and Ford.mp4
2021-10-28 09:34 - 2021-10-28 09:34 - 000064211 _____ C:\Users\tomasek\Downloads\Finger Snap Sound Effect.mp4
2021-10-28 09:26 - 2021-10-28 09:26 - 008435870 _____ C:\Users\tomasek\Downloads\Green Screen Teleport Effects _ Vanishing and Reappearing Effects 4.mp4
2021-10-28 09:08 - 2021-10-28 09:08 - 000225525 _____ C:\Users\tomasek\Downloads\Wind - Sound Effect.mp4
2021-10-27 20:11 - 2021-10-27 20:11 - 000121792 _____ C:\Users\tomasek\Downloads\2021-10-09 18-47-23.mp4.sfk
2021-10-27 11:22 - 2021-10-27 11:22 - 000012409 _____ C:\Users\tomasek\Downloads\Sigma5.zip
2021-10-27 09:46 - 2021-10-27 09:46 - 000003856 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-10-27 09:46 - 2021-10-27 09:46 - 000003510 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2021-10-27 09:46 - 2021-10-27 09:46 - 000003386 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2021-10-27 09:46 - 2021-10-27 09:46 - 000003272 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2021-10-27 09:46 - 2021-10-27 09:46 - 000002574 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-10-27 09:46 - 2021-10-27 09:46 - 000002539 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-10-27 09:46 - 2021-10-27 09:46 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2021-10-27 09:44 - 2021-10-27 09:44 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-10-27 09:44 - 2021-10-27 09:44 - 000002112 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-10-27 09:44 - 2021-10-27 09:44 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Avast Software
2021-10-27 09:43 - 2021-10-31 12:28 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-10-27 09:43 - 2021-10-27 09:43 - 000852240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000557664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000538992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000372232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-10-27 09:43 - 2021-10-27 09:43 - 000316632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000222112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000214368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000184648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000107864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000082928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000041352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000035720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000021936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000003990 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-10-27 09:43 - 2021-10-27 09:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-10-27 09:42 - 2021-10-27 09:42 - 000234272 _____ (AVAST Software) C:\Users\tomasek\Downloads\avast_free_antivirus_setup_online (2).exe
2021-10-27 09:42 - 2021-10-27 09:42 - 000000000 ____D C:\Program Files\Avast Software
2021-10-27 09:17 - 2021-10-27 09:18 - 000000010 _____ C:\Users\tomasek\Downloads\ (2).txt
2021-10-24 20:39 - 2021-10-24 20:39 - 006882977 _____ () C:\Users\tomasek\Downloads\TechnicLauncher (1).exe
2021-10-24 15:51 - 2021-10-24 15:51 - 002878145 _____ C:\Users\tomasek\Downloads\[1.8.9] BetterKeystrokes V-1.1.0.jar
2021-10-24 15:40 - 2021-10-24 15:40 - 000000000 ____D C:\Users\tomasek\Downloads\Vape Lite
2021-10-24 15:33 - 2021-10-24 15:35 - 013860096 _____ C:\Users\tomasek\Downloads\Vape_Lite.rar
2021-10-24 13:47 - 2021-10-24 13:47 - 000644096 _____ C:\Users\tomasek\Downloads\icetea (2).exe
2021-10-24 13:33 - 2021-10-24 13:34 - 027484009 _____ C:\Users\tomasek\Downloads\§6Haunted §dPumpkin 16x (700 Sub).zip
2021-10-24 13:26 - 2021-10-28 12:52 - 000002269 _____ C:\Users\tomasek\Desktop\Discord.lnk
2021-10-24 13:26 - 2021-10-28 12:50 - 000000000 ____D C:\Users\tomasek\AppData\Local\Discord
2021-10-24 13:25 - 2021-10-24 13:26 - 070858912 _____ (Discord Inc.) C:\Users\tomasek\Downloads\DiscordSetup.exe
2021-10-24 13:25 - 2021-10-24 13:25 - 000234280 _____ (AVAST Software) C:\Users\tomasek\Downloads\avast_free_antivirus_setup_online (1).exe
2021-10-24 10:39 - 2021-10-24 10:39 - 002556620 _____ (ImpactDevelopment) C:\Users\tomasek\Downloads\ImpactInstaller-0.9.5.exe
2021-10-23 19:24 - 2021-10-23 19:24 - 001418358 _____ C:\Users\tomasek\Downloads\baritone-api-forge-1.2.15.jar
2021-10-23 16:01 - 2021-10-27 20:10 - 120626607 _____ C:\Users\tomasek\Downloads\Sight191.zip
2021-10-23 15:43 - 2021-10-25 15:33 - 000000801 _____ C:\Windows\system32\Drivers\etc\hosts.tmp
2021-10-23 12:27 - 2021-10-27 14:39 - 000000000 ____D C:\Program Files (x86)\Windscribe
2021-10-23 12:27 - 2021-10-23 12:27 - 020761984 _____ (Windscribe Limited) C:\Users\tomasek\Downloads\Windscribe (1).exe
2021-10-23 12:27 - 2021-10-23 12:27 - 000035752 _____ C:\Windows\system32\Drivers\WindscribeSplitTunnel.sys
2021-10-23 12:27 - 2021-10-23 12:27 - 000001144 _____ C:\Users\Public\Desktop\Windscribe.lnk
2021-10-23 12:27 - 2021-10-23 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2021-10-23 11:41 - 2021-10-23 11:41 - 023575619 _____ C:\Users\tomasek\Downloads\Tenacity.zip
2021-10-23 10:42 - 2021-10-23 10:42 - 000090040 _____ C:\ProgramData\agent.uninstall.1634982167.bdinstall.v2.bin
2021-10-20 17:03 - 2021-10-20 17:03 - 000076753 _____ C:\Users\tomasek\Downloads\LunatriusCore-1.12.2-1.2.0.42-universal.jar
2021-10-20 16:51 - 2021-10-20 16:51 - 000336150 _____ C:\Users\tomasek\Downloads\Schematica-1.12.2-1.8.0.169-universal.jar
2021-10-20 16:17 - 2021-10-20 16:17 - 000477186 _____ C:\Users\tomasek\Downloads\baritone-api-forge-1.6.3.jar
2021-10-20 15:42 - 2021-10-20 15:42 - 000000027 _____ C:\Windows\system32\ctc.json
2021-10-20 15:36 - 2021-10-20 15:36 - 000170352 _____ C:\ProgramData\agent.update.1634740603.bdinstall.v2.bin
2021-10-19 17:29 - 2021-10-23 10:42 - 000000000 ____D C:\storage
2021-10-19 17:29 - 2021-10-19 17:29 - 000000000 _____ C:\Users\tomasek\Desktop\2CFDA16D75AC
2021-10-19 16:41 - 2021-10-19 16:41 - 007809752 ____H C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
2021-10-19 16:01 - 2019-02-22 10:28 - 000001688 _____ C:\Users\tomasek\Downloads\readme.txt
2021-10-19 16:01 - 2019-02-22 10:26 - 000048844 _____ C:\Users\tomasek\Downloads\History.txt
2021-10-19 16:01 - 2019-02-21 18:00 - 000015360 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\Uninstall.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 001679360 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.dll
2021-10-19 16:01 - 2019-02-21 17:00 - 000867840 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zFM.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 000581632 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zG.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 000468992 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 000205824 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.sfx
2021-10-19 16:01 - 2019-02-21 17:00 - 000186880 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zCon.sfx
2021-10-19 16:01 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip.dll
2021-10-19 16:01 - 2019-02-21 17:00 - 000050688 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip32.dll
2021-10-19 16:01 - 2019-02-20 12:00 - 000108074 _____ C:\Users\tomasek\Downloads\7-zip.chm
2021-10-19 16:01 - 2019-01-09 11:15 - 000003990 _____ C:\Users\tomasek\Downloads\License.txt
2021-10-19 16:01 - 2018-01-28 10:00 - 000000366 _____ C:\Users\tomasek\Downloads\descript.ion
2021-10-19 14:16 - 2021-10-19 14:16 - 000945944 _____ (www.sordum.org) C:\ProgramData\UpSys.exe
2021-10-19 14:16 - 2021-10-19 14:16 - 000000001 _____ C:\ProgramData\check.txt
2021-10-19 14:16 - 2021-10-19 14:16 - 000000000 ____D C:\ProgramData\MicrosoftNetwork
2021-10-19 12:31 - 2021-10-19 12:39 - 319041918 _____ C:\Users\tomasek\Downloads\videoplayback (4).mp4
2021-10-18 15:19 - 2021-10-18 15:19 - 000000000 ____D C:\Users\tomasek\AppData\Local\Vidmore
2021-10-18 15:18 - 2021-10-18 15:18 - 000000000 ____D C:\Program Files\Vidmore
2021-10-18 14:43 - 2021-10-18 14:43 - 000002000 _____ C:\Users\tomasek\Desktop\DaVinci Resolve.lnk
2021-10-18 14:43 - 2021-10-18 14:43 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-10-18 14:42 - 2021-10-18 14:42 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2021-10-16 16:08 - 2021-10-16 16:08 - 000000000 ____D C:\Users\tomasek\Documents\Blackmagic Design
2021-10-16 16:08 - 2021-10-16 16:08 - 000000000 ____D C:\Users\Public\Documents\Blackmagic Design
2021-10-16 16:08 - 2021-10-16 16:08 - 000000000 ____D C:\ProgramData\Reprise
2021-10-16 16:05 - 2021-10-16 16:05 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Blackmagic Design
2021-10-16 16:02 - 2021-10-18 14:43 - 000000000 ____D C:\Program Files\Blackmagic Design
2021-10-16 16:02 - 2021-10-16 16:02 - 000000000 ____D C:\ProgramData\Blackmagic Design
2021-10-16 16:01 - 2021-10-18 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-10-16 15:42 - 2021-10-16 15:59 - 2826580316 _____ C:\Users\tomasek\Downloads\_Getintopc.com_Blackmagic_Design_DaVinci_Resolve_Studio_17.3.1.0005x64.rar
2021-10-16 15:16 - 2021-10-16 15:18 - 255095714 _____ C:\Users\tomasek\Downloads\2021-10-09 18-47-23.mp4
2021-10-15 15:39 - 2021-10-15 15:40 - 010794193 _____ C:\Users\tomasek\Downloads\hello.mp4
2021-10-15 14:32 - 2021-10-15 14:56 - 000034176 _____ C:\Users\tomasek\Downloads\Untitled.mp4.sfk
2021-10-15 14:16 - 2021-10-15 14:16 - 000002464 _____ C:\Users\tomasek\Downloads\друг sound effect.mp4.sfk
2021-10-15 14:15 - 2021-10-15 14:15 - 000071270 _____ C:\Users\tomasek\Downloads\друг sound effect.mp4
2021-10-15 14:14 - 2021-10-15 14:14 - 000190395 _____ C:\Users\tomasek\Downloads\videoplayback (2).mp4
2021-10-15 14:14 - 2021-10-15 14:14 - 000018752 _____ C:\Users\tomasek\Downloads\videoplayback (2).mp4.sfk
2021-10-15 13:58 - 2021-10-15 13:58 - 000062956 _____ C:\Users\tomasek\Downloads\Mouse Click - Sound Effect (HD).mp4
2021-10-15 13:58 - 2021-10-15 13:58 - 000004160 _____ C:\Users\tomasek\Downloads\Mouse Click - Sound Effect (HD).mp4.sfk
2021-10-15 13:55 - 2021-10-15 13:55 - 000050348 _____ C:\Users\tomasek\Downloads\videoplayback.m4a
2021-10-15 13:50 - 2021-10-15 13:50 - 000011016 _____ C:\Users\tomasek\Downloads\-7D96D02E.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000007920 _____ C:\Users\tomasek\Downloads\-3A83DB9D.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000005464 _____ C:\Users\tomasek\Downloads\-B881BF7C.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000004768 _____ C:\Users\tomasek\Downloads\-08B167EB.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000003720 _____ C:\Users\tomasek\Downloads\-4C317899.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000003216 _____ C:\Users\tomasek\Downloads\-B8B56628.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000002216 _____ C:\Users\tomasek\Downloads\-02702EAD.avi.sfk
2021-10-14 17:58 - 2021-10-14 17:58 - 018616878 _____ C:\Users\tomasek\Downloads\-874946DB.avi
2021-10-14 17:55 - 2021-10-14 17:55 - 018737972 _____ C:\Users\tomasek\Downloads\-B8B56628.avi
2021-10-14 17:54 - 2021-10-14 17:54 - 015074274 _____ C:\Users\tomasek\Downloads\-02702EAD.avi
2021-10-14 17:53 - 2021-10-14 17:53 - 013634440 _____ C:\Users\tomasek\Downloads\-4C317899.avi
2021-10-14 17:53 - 2021-10-14 17:53 - 000073600 _____ C:\Users\tomasek\Downloads\VID_20211014_153152.mp4.sfk
2021-10-14 17:52 - 2021-10-14 17:52 - 027458420 _____ C:\Users\tomasek\Downloads\-08B167EB.avi
2021-10-14 17:51 - 2021-10-14 17:51 - 000017120 _____ C:\Users\tomasek\Downloads\VID_20211014_153128.mp4.sfk
2021-10-14 17:51 - 2021-10-14 17:51 - 000012992 _____ C:\Users\tomasek\Downloads\VID_20211014_153113.mp4.sfk
2021-10-14 17:49 - 2021-10-14 17:49 - 024713128 _____ C:\Users\tomasek\Downloads\-B881BF7C.avi
2021-10-14 17:48 - 2021-10-14 17:48 - 000010336 _____ C:\Users\tomasek\Downloads\VID_20211014_171443.mp4.sfk
2021-10-14 17:47 - 2021-10-14 17:47 - 036448850 _____ C:\Users\tomasek\Downloads\-3A83DB9D.avi
2021-10-14 17:46 - 2021-10-14 17:46 - 000020896 _____ C:\Users\tomasek\Downloads\VID_20211014_171410.mp4.sfk
2021-10-14 17:40 - 2021-10-14 17:40 - 046808198 _____ C:\Users\tomasek\Downloads\-7D96D02E.avi
2021-10-14 17:40 - 2021-10-14 17:40 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\avidemux
2021-10-14 17:38 - 2021-10-14 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2021-10-14 17:38 - 2021-10-14 17:38 - 000000000 ____D C:\Program Files (x86)\Xvid
2021-10-14 17:38 - 2017-12-08 11:01 - 000713216 _____ C:\Windows\system32\xvidcore.dll
2021-10-14 17:38 - 2017-12-08 11:01 - 000251392 _____ C:\Windows\system32\xvidvfw.dll
2021-10-14 17:38 - 2017-12-08 11:01 - 000172032 _____ C:\Windows\system32\xvid.ax
2021-10-14 17:38 - 2017-12-08 11:00 - 000148480 _____ C:\Windows\SysWOW64\xvid.ax
2021-10-14 17:38 - 2017-12-08 10:59 - 000638976 _____ C:\Windows\SysWOW64\xvidcore.dll
2021-10-14 17:38 - 2017-12-08 10:59 - 000235520 _____ C:\Windows\SysWOW64\xvidvfw.dll
2021-10-14 17:36 - 2021-10-14 17:36 - 000065024 _____ C:\Users\tomasek\Downloads\VID_20211014_171313.mp4.sfk
2021-10-14 17:35 - 2021-10-14 17:35 - 000006400 _____ C:\Users\tomasek\Downloads\VID_20211014_171258.mp4.sfk
2021-10-14 17:34 - 2020-12-18 23:48 - 000000000 ____D C:\Users\tomasek\Documents\Vegas Script Menu
2021-10-14 17:33 - 2021-10-14 17:33 - 045443040 _____ C:\Users\tomasek\Downloads\VEGAS DATA Scripts.zip
2021-10-14 17:33 - 2021-10-14 17:33 - 000000000 ____D C:\Users\tomasek\Downloads\VEGAS DATA Scripts
2021-10-14 17:05 - 2021-10-14 17:05 - 000000000 ____D C:\MediaToolkit
2021-10-14 16:17 - 2021-10-14 16:45 - 035579607 _____ C:\Users\tomasek\Downloads\VID_20211014_171410.mp4
2021-10-14 16:17 - 2021-10-14 16:17 - 108102856 _____ C:\Users\tomasek\Downloads\VID_20211014_171313.mp4
2021-10-14 16:17 - 2021-10-14 16:17 - 011381372 _____ C:\Users\tomasek\Downloads\VID_20211014_171258.mp4
2021-10-14 16:17 - 2021-10-14 16:15 - 013430827 _____ C:\Users\tomasek\Downloads\VID_20211014_171502.mp4
2021-10-14 16:17 - 2021-10-14 16:14 - 017811561 _____ C:\Users\tomasek\Downloads\VID_20211014_171443.mp4
2021-10-14 16:11 - 2021-10-14 16:11 - 000000000 ___HD C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi
2021-10-14 14:48 - 2021-10-14 14:31 - 022224134 _____ C:\Users\tomasek\Downloads\VID_20211014_153113.mp4
2021-10-14 14:47 - 2021-10-14 14:31 - 029278803 _____ C:\Users\tomasek\Downloads\VID_20211014_153128.mp4
2021-10-14 14:45 - 2021-10-14 14:45 - 000000000 ___HD C:\Users\tomasek\AppData\Roaming\jqihqxsnbgiicdwe
2021-10-14 14:45 - 2021-10-14 14:45 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Aescripts
2021-10-14 14:45 - 2021-10-14 14:45 - 000000000 ____D C:\ProgramData\aescripts
2021-10-14 14:44 - 2019-01-27 20:29 - 000000000 ____D C:\Users\tomasek\Desktop\Datamosh_v1.1.5
2021-10-14 14:41 - 2021-10-14 14:41 - 067092536 _____ (aescripts + aeplugins) C:\Users\tomasek\Downloads\aescripts + aeplugins zxp installer (setup).exe
2021-10-14 14:41 - 2021-10-14 14:41 - 000000000 ____D C:\Users\tomasek\AppData\Local\aescripts.com
2021-10-14 14:41 - 2021-10-14 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZXP Installer
2021-10-14 14:41 - 2021-10-14 14:41 - 000000000 ____D C:\Program Files (x86)\aescripts + aeplugins
2021-10-14 14:35 - 2021-10-14 15:31 - 123331305 _____ C:\Users\tomasek\Downloads\VID_20211014_153152.mp4
2021-10-13 17:13 - 2021-10-13 17:13 - 001823296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-10-13 17:13 - 2021-10-13 17:13 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-10-13 17:13 - 2021-10-13 17:13 - 000706536 _____ C:\Windows\system32\TextShaping.dll
2021-10-13 17:13 - 2021-10-13 17:13 - 000611960 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-10-13 17:13 - 2021-10-13 17:13 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-10-13 17:13 - 2021-10-13 17:13 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-10-13 17:13 - 2021-10-13 17:13 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-10-13 17:13 - 2021-10-13 17:13 - 000449024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-10-13 17:13 - 2021-10-13 17:13 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-10-13 17:13 - 2021-10-13 17:13 - 000098304 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-10-13 17:13 - 2021-10-13 17:13 - 000011495 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-10-13 17:13 - 2021-10-13 17:13 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2021-10-13 17:13 - 2021-10-13 17:13 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2021-10-13 16:56 - 2021-10-30 14:39 - 000000000 ____D C:\ProgramData\Voicemod
2021-10-13 16:56 - 2021-10-16 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod
2021-10-13 16:56 - 2021-10-16 21:51 - 000000000 ____D C:\Program Files\Voicemod Desktop
2021-10-13 16:56 - 2021-10-13 17:00 - 000000000 ____D C:\Users\tomasek\AppData\Local\Voicemod
2021-10-13 16:56 - 2021-10-13 16:56 - 000000904 _____ C:\Users\Public\Desktop\Voicemod.lnk
2021-10-13 13:52 - 2021-10-13 13:52 - 000000000 ___HD C:\$WinREAgent
2021-10-10 15:03 - 2021-10-10 15:13 - 3260030998 _____ C:\Users\tomasek\Downloads\VID_20211010_115352_2.avi
2021-10-10 15:02 - 2021-10-10 15:02 - 1443618444 _____ C:\Users\tomasek\Downloads\VID_20211010_115352.avi
2021-10-10 11:31 - 2021-10-10 10:55 - 033381442 _____ C:\Users\tomasek\Downloads\VID_20211010_115515.mp4
2021-10-10 10:24 - 2021-10-10 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare FilmoraPro
2021-10-10 10:22 - 2021-10-10 10:22 - 001153264 _____ C:\Users\tomasek\Downloads\filmorapro_setup_full5308.exe
2021-10-10 10:06 - 2021-10-10 10:20 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2021-10-10 10:03 - 2021-10-10 10:03 - 001262368 _____ C:\Users\tomasek\Downloads\filmora-idco_setup_full1901 (1).exe
2021-10-08 21:51 - 2021-10-08 21:53 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\HOODLUM
2021-10-08 21:51 - 2021-10-08 21:52 - 000000000 ____D C:\Users\tomasek\AppData\Local\ForzaHorizon4
2021-10-08 21:44 - 2021-10-08 21:44 - 000001000 _____ C:\Users\tomasek\Desktop\Forza Horizon 4.lnk
2021-10-08 13:58 - 2021-10-08 13:58 - 000000320 _____ C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
2021-10-06 17:27 - 2021-10-06 17:27 - 000001104 _____ C:\Users\tomasek\Desktop\WinDirStat.lnk
2021-10-06 17:27 - 2021-10-06 17:27 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2021-10-06 17:27 - 2021-10-06 17:27 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2021-10-06 17:26 - 2021-10-06 17:27 - 000645729 _____ (WDS Team) C:\Users\tomasek\Downloads\windirstat1_1_2_setup.exe
2021-10-04 14:49 - 2021-10-04 14:49 - 000001152 _____ C:\Users\tomasek\Desktop\blender.lnk
2021-10-04 14:49 - 2021-10-04 14:49 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blender
2021-10-04 14:49 - 2021-10-04 14:49 - 000000000 ____D C:\Program Files\Blender Foundation
2021-10-04 14:44 - 2021-10-04 14:46 - 191631360 _____ C:\Users\tomasek\Downloads\blender-2.93.4-windows-x64.msi
2021-10-03 12:25 - 2021-10-03 12:25 - 000000000 ____D C:\Users\tomasek\AppData\LocalLow\Free Lives
2021-10-03 12:21 - 2021-10-03 12:25 - 153757017 _____ C:\Users\tomasek\Downloads\STICK IT TO THE STICKMAN (Windows) V0.80A_TheSocialNetwork5.1.zip
2021-10-03 10:10 - 2021-10-03 10:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\xmrig
2021-10-02 21:16 - 2021-10-02 21:16 - 000000000 ____D C:\Users\tomasek\Downloads\Adobe After Effects Auto-Save
2021-10-02 21:15 - 2021-10-02 22:12 - 001096719 _____ C:\Users\tomasek\Downloads\audio.aep
2021-10-02 20:29 - 2021-10-02 20:29 - 000017611 _____ C:\Users\tomasek\Downloads\music-logo-png-2350.html
2021-10-02 20:29 - 2021-10-02 20:29 - 000017611 _____ C:\Users\tomasek\Downloads\music-logo-png-2350 (1).html
2021-10-01 20:57 - 2021-10-01 20:57 - 006911115 _____ ( ) C:\Users\tomasek\Downloads\FFmpeg_v2.2.2_for_Audacity_on_Windows_64bit.exe
2021-10-01 20:57 - 2021-10-01 20:57 - 000000000 ____D C:\Program Files\FFmpeg For Audacity
2021-10-01 20:50 - 2021-10-01 20:51 - 070419184 _____ (Voicemod S.L. ) C:\Users\tomasek\Downloads\VoicemodSetup_2.20.0.1.exe
2021-10-01 15:14 - 2021-10-01 15:14 - 020761984 _____ (Windscribe Limited) C:\Users\tomasek\Downloads\Windscribe.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-31 13:01 - 2021-03-01 22:41 - 000000000 ____D C:\FRST
2021-10-31 12:52 - 2021-09-02 13:41 - 000000000 ____D C:\Users\tomasek\AppData\Local\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:40 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:40 - 000000000 ____D C:\ProgramData\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:40 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-10-31 12:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-31 12:41 - 2021-08-22 17:18 - 000002258 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - tomasek
2021-10-31 12:41 - 2021-08-21 17:17 - 000002988 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-10-31 12:41 - 2021-08-21 17:17 - 000002238 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2021-10-31 12:41 - 2021-08-08 22:18 - 000003244 _____ C:\Windows\system32\Tasks\Overwolf Updater Task
2021-10-31 12:41 - 2021-08-06 16:19 - 000003784 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1628263185
2021-10-31 12:41 - 2021-07-08 22:19 - 000002512 _____ C:\Windows\system32\Tasks\Videocard Service
2021-10-31 12:41 - 2021-06-20 16:43 - 000002522 _____ C:\Windows\system32\Tasks\Microsoft Windows Defender Update
2021-10-31 12:41 - 2021-06-01 11:21 - 000002744 _____ C:\Windows\system32\Tasks\WinManager
2021-10-31 12:41 - 2021-04-17 12:32 - 000003402 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-31 12:41 - 2021-04-17 12:32 - 000003178 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-31 12:41 - 2021-02-19 21:08 - 000003476 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineUA
2021-10-31 12:41 - 2021-02-19 21:08 - 000003252 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineCore
2021-10-31 12:41 - 2021-01-21 09:44 - 000003358 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0087AB00-A545-4531-AFE1-404CF38D4D3A}
2021-10-31 12:41 - 2021-01-05 14:26 - 000003616 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1609853199
2021-10-31 12:41 - 2021-01-01 21:59 - 000002778 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-3JV1PF5-tomasek
2021-10-31 12:41 - 2020-12-27 10:50 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-31 12:41 - 2020-12-27 10:50 - 000003288 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-31 12:41 - 2020-12-16 16:01 - 000003220 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2021-10-31 12:28 - 2021-03-16 10:37 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\discord
2021-10-31 12:19 - 2020-12-24 20:37 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-31 12:13 - 2021-01-16 10:30 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-31 11:45 - 2020-12-16 15:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\D3DSCache
2021-10-31 11:33 - 2020-12-24 20:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.minecraft
2021-10-31 11:12 - 2021-08-08 22:18 - 000002325 _____ C:\Users\tomasek\Desktop\CurseForge.lnk
2021-10-31 11:09 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-10-31 10:59 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-10-31 10:13 - 2020-12-27 10:51 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-31 10:13 - 2020-12-27 10:51 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-31 10:13 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-31 10:12 - 2021-08-21 17:17 - 000000000 ____D C:\Program Files\CCleaner
2021-10-30 14:44 - 2019-12-07 15:41 - 000682184 _____ C:\Windows\system32\perfh005.dat
2021-10-30 14:44 - 2019-12-07 15:41 - 000137000 _____ C:\Windows\system32\perfc005.dat
2021-10-30 14:44 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-10-30 14:44 - 2019-12-07 08:12 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-10-30 14:41 - 2020-12-26 22:40 - 000000000 ____D C:\Users\tomasek\Documents\Adobe
2021-10-30 14:40 - 2020-12-26 22:37 - 000000000 ____D C:\Program Files\Adobe
2021-10-30 14:40 - 2020-12-26 22:36 - 000000000 ____D C:\Users\tomasek\AppData\Local\Adobe
2021-10-30 14:40 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Adobe
2021-10-30 14:39 - 2021-03-16 18:33 - 000000000 ____D C:\ProgramData\Package Cache
2021-10-30 14:38 - 2021-07-23 17:33 - 000000000 ____D C:\Users\tomasek\AppData\Local\Overwolf
2021-10-30 14:38 - 2021-03-02 20:18 - 000000000 ____D C:\Users\tomasek\AppData\Local\CrashDumps
2021-10-30 14:38 - 2021-02-03 22:13 - 000000000 ____D C:\Intel
2021-10-30 14:38 - 2021-01-05 14:26 - 000000000 ____D C:\ProgramData\Avast Software
2021-10-30 14:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-10-30 14:38 - 2019-12-07 08:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-30 14:38 - 2019-12-07 08:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-30 14:37 - 2020-12-16 15:48 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-10-30 14:37 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-10-29 09:21 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\Packages
2021-10-28 11:12 - 2020-12-24 20:47 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\audacity
2021-10-27 14:39 - 2021-08-24 14:52 - 000000000 ____D C:\Users\tomasek\Downloads\7-Zip
2021-10-27 12:07 - 2020-12-25 13:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\lunarclient
2021-10-27 09:46 - 2021-09-26 12:56 - 000000000 ____D C:\Users\tomasek\AppData\Local\AVAST Software
2021-10-27 09:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-10-27 08:53 - 2021-03-08 17:41 - 000000000 ____D C:\Windows\Minidump
2021-10-26 13:00 - 2020-12-24 20:39 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-26 13:00 - 2020-12-24 20:39 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-25 20:44 - 2021-03-18 12:11 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.tlauncher
2021-10-25 16:13 - 2021-05-31 17:23 - 000013115 _____ C:\Users\tomasek\AppData\Roaming\.cache~$
2021-10-25 15:27 - 2021-04-15 16:14 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.technic
2021-10-24 21:10 - 2021-01-03 13:12 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\obs-studio
2021-10-24 13:26 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-10-24 13:26 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Local\SquirrelTemp
2021-10-23 12:59 - 2021-07-23 13:02 - 000001250 _____ C:\Users\tomasek\Desktop\Roblox Studio.lnk
2021-10-23 12:59 - 2021-07-23 13:02 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-10-22 17:18 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek
2021-10-22 17:05 - 2021-01-05 14:26 - 000001415 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-10-20 16:06 - 2021-09-02 13:40 - 000800672 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2021-10-20 15:42 - 2021-08-13 12:07 - 000000000 ___RD C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google
2021-10-20 15:39 - 2021-08-13 12:07 - 000000000 ____D C:\ProgramData\Data
2021-10-19 17:39 - 2021-05-31 17:12 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Process Hacker 2
2021-10-19 17:29 - 2019-12-07 10:03 - 000065536 _____ C:\Windows\system32\config\ELAM
2021-10-19 16:19 - 2021-08-13 12:07 - 000000000 ____D C:\ProgramData\Systemd
2021-10-19 14:57 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-10-19 14:29 - 2021-08-15 17:56 - 000002424 _____ C:\Windows\system32\Tasks\services32
2021-10-19 14:16 - 2021-06-20 16:02 - 000000000 ____D C:\Users\tomasek\AppData\Local\Yandex
2021-10-18 15:14 - 2021-08-06 17:00 - 000001608 _____ C:\ProgramData\droidcam-client-options-v2
2021-10-18 15:14 - 2021-08-06 17:00 - 000000373 _____ C:\ProgramData\droidcam-settings
2021-10-16 22:51 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-10-15 21:29 - 2020-12-26 23:37 - 000000000 ____D C:\Users\tomasek\Documents\Adobe After Effects Auto-Save
2021-10-15 13:43 - 2021-08-08 22:18 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\DiagTrack
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-10-15 13:41 - 2019-12-07 08:07 - 000574016 _____ C:\Windows\system32\FNTCACHE.DAT
2021-10-14 17:38 - 2021-03-03 12:29 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Sony
2021-10-13 17:15 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-10-13 17:09 - 2020-12-26 22:30 - 000000000 ____D C:\Windows\system32\MRT
2021-10-13 17:08 - 2020-12-26 20:37 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-10-13 17:02 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-10-11 14:54 - 2021-09-30 17:21 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Badlion Client
2021-10-10 10:25 - 2021-05-13 17:44 - 000000000 ____D C:\Users\tomasek\AppData\Local\Wondershare
2021-10-10 10:25 - 2021-04-07 15:15 - 000000000 ____D C:\Users\tomasek\AppData\Local\cache
2021-10-10 10:25 - 2021-01-07 14:27 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2021-10-10 10:24 - 2021-01-07 14:28 - 000000000 ____D C:\Program Files\Wondershare
2021-10-10 10:20 - 2021-08-21 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-10-10 09:28 - 2021-09-30 17:21 - 000000000 ____D C:\Program Files\Badlion Client
2021-10-09 11:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2021-10-03 14:08 - 2021-01-24 10:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-01 20:59 - 2021-01-01 19:17 - 000000000 ____D C:\Users\tomasek\Documents\Audacity

==================== Files in the root of some directories ========

2021-06-20 16:51 - 2021-07-09 13:22 - 000000004 _____ () C:\ProgramData\lock.dat
2021-06-20 16:52 - 2021-07-09 13:22 - 000000004 _____ () C:\ProgramData\rc.dat
2021-06-20 16:51 - 2021-06-20 16:51 - 000000008 _____ () C:\ProgramData\ts.dat
2021-10-19 14:16 - 2021-10-19 14:16 - 000945944 _____ (www.sordum.org) C:\ProgramData\UpSys.exe
2021-05-31 17:23 - 2021-10-25 16:13 - 000013115 _____ () C:\Users\tomasek\AppData\Roaming\.cache~$
2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ () C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ () C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\9.txt
2021-03-12 21:14 - 2021-03-12 21:14 - 000000000 _____ () C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
2021-07-08 23:20 - 2021-07-08 23:20 - 000000064 _____ () C:\Users\tomasek\AppData\Roaming\changzhi_leidian.data
2021-09-26 17:20 - 2021-09-26 17:20 - 000000002 _____ () C:\Users\tomasek\AppData\Roaming\ExplorerFavorites.txt
2021-02-20 08:41 - 2021-02-20 09:04 - 000000209 _____ () C:\Users\tomasek\AppData\Roaming\jjv5conf.json
2021-10-19 16:41 - 2021-10-19 16:41 - 007809752 ____H () C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
2021-01-03 13:28 - 2021-01-03 13:28 - 000000015 _____ () C:\Users\tomasek\AppData\Roaming\obs-virtualcam.txt
2021-06-17 09:01 - 2021-06-17 09:26 - 000004699 _____ () C:\Users\tomasek\AppData\Roaming\VoiceMeeterDefault.xml
2021-08-25 17:48 - 2021-08-25 17:48 - 000000034 ___SH () C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88
2020-12-16 15:57 - 2021-04-09 22:33 - 001065984 _____ () C:\Users\tomasek\AppData\Local\file__0.localstorage
2021-02-20 19:58 - 2021-09-02 13:40 - 000000049 _____ () C:\Users\tomasek\AppData\Local\link.txt
2021-10-08 13:58 - 2021-10-08 13:58 - 000000320 _____ () C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
2021-02-18 12:50 - 2021-02-19 21:56 - 000016438 _____ () C:\Users\tomasek\AppData\Local\partner.bmp

==================== FLock ==============================

2021-10-19 14:16 C:\ProgramData\MicrosoftNetwork
2021-02-20 00:35 C:\Users\tomasek\AppData\Local\Disk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Děkuji

[Rudy]

Zdravím!
Přidejte ještě log Addition ( je na ploše v souboru addition.txt) a dočistíme ručně. Děkuji.

[Bartis]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by tomasek (31-10-2021 13:01:46)
Running from C:\Users\tomasek\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2019-12-07 07:08:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2880034797-3857021402-3440946435-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2880034797-3857021402-3440946435-503 - Limited - Disabled)
Guest (S-1-5-21-2880034797-3857021402-3440946435-501 - Limited - Disabled)
tomasek (S-1-5-21-2880034797-3857021402-3440946435-1001 - Administrator - Enabled) => C:\Users\tomasek
WDAGUtilityAccount (S-1-5-21-2880034797-3857021402-3440946435-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_0_1) (Version: 18.0.1 - Adobe Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Animate 2021 (HKLM-x32\...\FLPR_21_0_6) (Version: 21.0.6 - Adobe Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
aescripts + aeplugins components (HKLM-x32\...\{58C0BFF8-3511-4EF6-A2B9-D7E85220F3C4}) (Version: 1.0.0.0 - aescripts + aeplugins)
AI Image Enlarger (HKLM-x32\...\{0CC29345-19D8-4BE5-B718-B152D0DA645A}) (Version: 2.2.2 - AI Image Enlarger)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 3.0.4 (HKLM\...\Audacity_is1) (Version: 3.0.4 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.9.2493 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 95.0.12674.55 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Badlion Client (HKLM\...\1de14785-dd8c-5cd2-aae8-d4a376f81d78) (Version: 3.4.0 - Badlion)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.2.1699 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Blackmagic RAW Common Components (HKLM\...\{47DFB167-EACF-4A3D-A16F-BDF9E0D68983}) (Version: 2.1 - Blackmagic Design)
blender (HKLM\...\{F1B2A72E-AF12-4F88-9E67-971A0105CF52}) (Version: 2.93.4 - Blender Foundation)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.86 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{9464C064-AAC7-4416-BFE4-4C3C0232FC71}) (Version: 17.0.491 - Corel Corporation) Hidden
CurseForge (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.185.3.1 - Overwolf app)
DaVinci Resolve (HKLM\...\{43B8AB7A-F82B-4309-87D0-75011C864739}) (Version: 17.3.10005 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{FB1E6849-EE02-49DB-952C-6DD093D74DB0}) (Version: 2.0.0.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.4.3 - DEV47APPS)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Excel (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FFmpeg v2.2.2 for Audacity - 64bit (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
FiveM (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.54 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GX Action Backup 4.6 (HKLM-x32\...\{A186BCE3-CA65-433C-9417-2A0375683719}_is1) (Version: 4.6 - GX Soft-Action, Inc.)
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
HD Tune Pro 5.75 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
LiquidLauncher (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\electron_liquidlauncher) (Version: 1.1.3 - CCBlueX)
Lunar Client (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.8.7 - Moonsworth, LLC)
MAGIX Common Components 1 (HKLM-x32\...\{E49CC9E6-4D76-42B5-B844-21F691F185AF}) (Version: 1.8.2.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (HKLM-x32\...\{701F3A9E-B00C-4EB4-8CFA-8DACAFCEA958}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{677F8E85-8686-476B-829A-D5ED9ECA16E6}) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
Mega Hack version 5.4 (HKLM-x32\...\{9530A774-421F-4BC2-BB30-6DFE2AB278C4}_is1) (Version: 5.4 - Absolute)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Music Maker (64-Bit) (HKLM\...\{500A036B-F08F-4E9E-ADC0-4EF3BA4D6C0D}) (Version: 29.0.4.25 - MAGIX Software GmbH) Hidden
Music Maker (64-Bit) (HKLM\...\MX.{500A036B-F08F-4E9E-ADC0-4EF3BA4D6C0D}) (Version: 29.0.4.25 - MAGIX Software GmbH)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.0 - OBS Project)
OpenIV (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera Stable 80.0.4170.63 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Opera 80.0.4170.63) (Version: 80.0.4170.63 - Opera Software)
Outlook (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.181.0.11 - Overwolf Ltd.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
ReelSmart Motion Blur v5 for After Effects and Premiere Pro (HKLM\...\ReelSmart Motion Blur v5 for After Effects and Premiere Pro 5.1.8) (Version: 5.1.8 - RE:Vision Effects)
RK61 (HKLM-x32\...\RK61) (Version: 1.0.1.2 - RK Inc.)
Roblox Player for tomasek (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\roblox-player) (Version: - Roblox Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games)
Roshade - Zeal (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Roshade) (Version: 1.2.10 - Zeal)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAL-Reverb-3 (AAX 64bit) (HKLM\...\{FFF2BBA7-47EB-41A3-B63B-8E41A3A379A2}) (Version: 1.3.7 - TAL Software GmbH)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Update Notifier (HKLM\...\{9387807D-92D3-4DF3-B500-C7C81A353809}) (Version: 3.0.0.50 - MAGIX Software GmbH) Hidden
Update Notifier (HKLM\...\MX.{9387807D-92D3-4DF3-B500-C7C81A353809}) (Version: 3.0.0.50 - MAGIX Software GmbH)
VEGAS Pro 18.0 (HKLM\...\{75111FE1-CE55-11EA-8B12-00155D43CFCE}) (Version: 18.0.284 - VEGAS)
Vita Concert Grand LE (HKLM\...\{2C61CE04-1EEF-4582-ABBA-B9CCFC3743EB}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.21.0.43 - Voicemod S.L.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\WinDirStat) (Version: - )
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.2 Build 10 - Windscribe Limited)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wondershare FilmoraPro (HKLM\...\{92F289A8-A52F-4779-8382-4B91055D7D8D}) (Version: 2.3.10723.54848 - Wondershare)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Word (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
xBot (HKLM-x32\...\xBot) (Version: 3.02 - AndxArtZ)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team)
ZXP Installer (HKLM-x32\...\{3e001721-545f-4a50-978e-551ac7f6dc24}) (Version: 1.6.5.0 - aescripts + aeplugins) Hidden
ZXP Installer (HKLM-x32\...\{9B15E5B8-E627-4704-9F38-68049CA86B34}) (Version: 1.6.5.0 - aescripts + aeplugins)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-26] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-11] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-23] (INTEL CORP) [Startup Task]
PowerPoint -> C:\Program Files\WindowsApps\powerpoint.office.com-8D456796_1.0.0.3_neutral__sxc7ffma4ybfy [2021-09-26] (powerpoint.office.com)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0 [2021-10-14] (Spotify AB) [Startup Task]
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.2_neutral__jc2kecmnkxwqc [2021-09-26] (word.office.com)
XboxInsiderHub -> C:\Program Files\WindowsApps\Microsoft.XboxInsider_1.2109.1001.0_x64__8wekyb3d8bbwe [2021-09-25] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\tomasek\Downloads\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\tomasek\Downloads\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\tomasek\Downloads\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tomasek\Desktop\GlitchOut (h) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Tomáš - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Tomáš (t.seliga@zsprazska.cz) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\sprite - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\glitch - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============

2021-10-24 15:17 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Users\tomasek\Downloads\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tomasek\Local Settings:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local\Data aplikací:15-08-2021 [2771]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-10-23 12:29 - 2021-10-25 15:33 - 000001303 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 discord.com
127.0.0.1 discord.com
69.174.101.66 nl-021.whiskergalaxy.com #added by Windscribe, do not modify.
161.129.70.66 us-central-032.whiskergalaxy.com #added by Windscribe, do not modify.
68.235.35.171 us-east-069.whiskergalaxy.com #added by Windscribe, do not modify.
68.235.35.179 us-east-070.whiskergalaxy.com #added by Windscribe, do not modify.
68.235.39.123 us-east-085.whiskergalaxy.com #added by Windscribe, do not modify.
71.19.251.139 ca-west-007.whiskergalaxy.com #added by Windscribe, do not modify.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\Control Panel\Desktop\\Wallpaper -> c:\users\tomasek\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\stažený soubor (14).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BE4CA127-1086-4C4E-9432-0B5496ECFD26}C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{22FE42F7-5C8B-4BCC-A930-58628EB9ABBF}C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{EA13B565-9372-491C-9165-AD4AE188BBEF}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1FAF9A66-228E-430B-87D9-916A0E7B358D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{7D356963-60AE-4683-A4E8-B7A0AF6FFB69}C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{AFCAA086-2792-450F-BB3E-F55A06352F7F}C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{D0679D70-AEC2-47D8-9F36-53A99F69F8F0}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{AEAD05CE-BA6C-4BAD-992B-B70C485AB3A6}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{D01B5FB6-E005-4AC1-B8A7-E49C902DF8D5}C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{794F89E5-B043-456C-9BA7-285C28552D2B}C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [{23D3DC9A-7C34-4E87-9247-AE32C875196B}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\79.0.4143.72\opera.exe => No File
FirewallRules: [{EAD62CEA-D87D-460A-AB28-A91ADC326D8C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66512179-7650-4CEF-8E8C-DDA79B521A57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F0B4E6C-D503-47D3-8995-2060F110037A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0258DC66-F466-4FE9-809F-7BD0886877FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B31BCED7-7425-48A7-A375-22A7F8ED489A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{06DA7421-39BA-4571-8357-36DDB9334966}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{391F5A6C-FC74-489C-9E39-18A88EFFCC3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E44107E0-F6E9-484A-9790-766F457DD707}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3DD1F418-39DC-4915-9B60-0F894D36641D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ADA00410-B9FB-4757-A456-4C81127D346B}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{E08DEDAA-81D3-4267-8555-8D5F609C7F51}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{FE67025D-09FE-47CF-8994-0AC22D985761}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{F69428F5-6CB5-4324-98D8-D0285B3A017C}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{C81BE73B-39F3-4F33-A89D-F2D88DC4A9CD}] => (Allow) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3B7FB3B0-08D7-48DB-AC1A-F34CEA80C64F}] => (Allow) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{75BB5E01-BEB1-4BD9-836D-AEAA11767FDC}] => (Block) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9F3116E8-608F-4573-97BE-4A5E7B4792D8}] => (Block) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F5A8FD69-B23E-4CC3-A76A-D3C7F2F5E348}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\80.0.4170.40\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{14F6A76C-C15A-4264-BA03-04CA4374A9FA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{915A8B46-C448-450E-8219-D2B626637EA2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{6A130BA8-7AFE-4B14-BAAE-BDDF597473F7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{35EF865F-DAD6-407D-900D-0CCA4903BBB5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{7A5E10B8-3983-4A77-97F6-0AB6F905EC1F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{AAD39197-2BF5-4B90-8C4F-99ABDE39DB52}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{C244DADA-9541-4EBF-BB0E-C1E4D837D296}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{5E64B95F-0CAB-409E-BC73-A50FA239EEB2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )

==================== Restore Points =========================

30-10-2021 14:39:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/31/2021 12:14:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mousocoreworker.exe, verze: 10.0.19041.1266, časové razítko: 0xb8f5de61
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x34dc
Čas spuštění chybující aplikace: 0x01d7ce37da400080
Cesta k chybující aplikaci: C:\Windows\System32\mousocoreworker.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 11ff97f2-982e-4a8c-a6d8-9fff2b7e7f23
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/31/2021 10:12:33 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/31/2021 10:12:31 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/30/2021 04:45:15 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/30/2021 02:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WebCompanion.exe, verze: 8.4.0.271, časové razítko: 0x611217fa
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1288, časové razítko: 0x3e55bd0b
Kód výjimky: 0xe0434352
Posun chyby: 0x0012b5b2
ID chybujícího procesu: 0x25c4
Čas spuštění chybující aplikace: 0x01d7cd937b24b3ab
Cesta k chybující aplikaci: C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 25782315-5253-4253-b612-b53af0b96344
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/30/2021 02:38:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: WebCompanion.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.FileNotFoundException
na WebCompanion.UI.App.PerformWebcompanionStartup()
na WebCompanion.UI.App.Main()

Error: (10/30/2021 02:37:36 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/30/2021 02:06:23 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (10/31/2021 12:51:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba WindscribeService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Graphics Command Center Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba DCIService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 11:09:55 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-3JV1PF5)
Description: Nelze spustit server DCOM: Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe!App.AppXrfdt3p0f38tc4nxz7ajrd5as6ctb0dck.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca

Error: (10/31/2021 11:09:54 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-3JV1PF5)
Description: Nelze spustit server DCOM: Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe!App.AppXrfdt3p0f38tc4nxz7ajrd5as6ctb0dck.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca

Error: (10/31/2021 11:09:52 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-3JV1PF5)
Description: Nelze spustit server DCOM: Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe!App.AppXrfdt3p0f38tc4nxz7ajrd5as6ctb0dck.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca


Windows Defender:
================
Date: 2021-10-24 14:17:47
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {AD7560C0-E9FC-4C16-A664-96CF63D8F287}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-19 17:56:45
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PWS:MSIL/Mercurial!atmn
Závažnost: Vážné
Kategorie: Program zcizující hesla
Cesta: file:_C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3JV1PF5\tomasek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.351.679.0, AS: 1.351.679.0, NIS: 1.351.679.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4

Date: 2021-10-19 17:07:22
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Disstl.AWQ!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe
Původ detekce: Místní počítač
Typ detekce: Heuristika
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3JV1PF5\tomasek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.351.679.0, AS: 1.351.679.0, NIS: 1.351.679.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4

Date: 2021-08-24 14:38:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {E2FC9B84-9F24-42AA-AB89-6338B33CAFF2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-08-14 11:04:51
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PWS:MSIL/RedLine.GG!MTB
Závažnost: Vážné
Kategorie: Program zcizující hesla
Cesta: amsi:_C:\Users\tomasek\AppData\Local\Temp\build.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: DESKTOP-3JV1PF5\tomasek
Název procesu: C:\Users\tomasek\AppData\Local\Temp\build.exe
Verze bezpečnostních informací: AV: 1.345.469.0, AS: 1.345.469.0, NIS: 1.345.469.0
Verze modulu: AM: 1.1.18400.4, NIS: 1.1.18400.4

Date: 2021-10-06 16:06:09
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.349.1429.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18500.10
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2021-10-06 16:06:09
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.349.1429.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18500.10
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2021-08-15 18:20:33
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2021-08-09 08:54:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.345.186.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18400.4
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2021-08-09 08:54:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.345.186.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18400.4
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

CodeIntegrity:
===============
Date: 2021-10-31 12:42:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-10-31 10:13:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2403 08/07/2020
Motherboard: ASUSTeK COMPUTER INC. TUF Z370-PLUS GAMING
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 27%
Total physical RAM: 16320.64 MB
Available physical RAM: 11798.39 MB
Total Virtual: 21952.64 MB
Available Virtual: 15632.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.86 GB) (Free:2.26 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:465.76 GB) (Free:41.65 GB) NTFS

\\?\Volume{4a8a475f-654d-4693-858e-6fe43acd1535}\ () (Fixed) (Total:0.49 GB) (Free:0.48 GB) NTFS
\\?\Volume{b9408d54-7697-4b86-8d69-36afb3c71913}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 8E96A9DE)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
AlternateDataStreams: C:\Users\tomasek\Local Settings:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local\Data aplikací:15-08-2021 [2771]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [{23D3DC9A-7C34-4E87-9247-AE32C875196B}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\79.0.4143.72\opera.exe => No File
FirewallRules: [{ADA00410-B9FB-4757-A456-4C81127D346B}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{E08DEDAA-81D3-4267-8555-8D5F609C7F51}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{FE67025D-09FE-47CF-8994-0AC22D985761}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{F69428F5-6CB5-4324-98D8-D0285B3A017C}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe
C:\Users\tomasek\AppData\Local\Temp
ShortcutTarget: RebusDrop.lnk -> C:\Users\tomasek\RebusDrop\App\RebusDrop.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FA75FDC-E5D2-4440-9040-A97E14DDE2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {A738DAE6-E4CD-4455-81CA-9CAE713313F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {ABC8A774-3286-4F6E-9DC5-D55753936F94} - System32\Tasks\WinManager => C:\Users\tomasek\AppData\Roaming\Windows\svchost.exe <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U1 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
U2 bddci; no ImagePath
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION
S3 HWiNFO_155; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [X] <==== ATTENTION
C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Bartis]

Dobrý večer zde,

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by tomasek (01-11-2021 21:07:30) Run:2
Running from C:\Users\tomasek\Desktop
Loaded Profiles: tomasek
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
AlternateDataStreams: C:\Users\tomasek\Local Settings:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local\Data aplikací:15-08-2021 [2771]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [{23D3DC9A-7C34-4E87-9247-AE32C875196B}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\79.0.4143.72\opera.exe => No File
FirewallRules: [{ADA00410-B9FB-4757-A456-4C81127D346B}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{E08DEDAA-81D3-4267-8555-8D5F609C7F51}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{FE67025D-09FE-47CF-8994-0AC22D985761}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{F69428F5-6CB5-4324-98D8-D0285B3A017C}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe
C:\Users\tomasek\AppData\Local\Temp
ShortcutTarget: RebusDrop.lnk -> C:\Users\tomasek\RebusDrop\App\RebusDrop.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FA75FDC-E5D2-4440-9040-A97E14DDE2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {A738DAE6-E4CD-4455-81CA-9CAE713313F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {ABC8A774-3286-4F6E-9DC5-D55753936F94} - System32\Tasks\WinManager => C:\Users\tomasek\AppData\Roaming\Windows\svchost.exe <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U1 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
U2 bddci; no ImagePath
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION
S3 HWiNFO_155; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [X] <==== ATTENTION
C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removed successfully
C:\Users\tomasek\Local Settings => ":15-08-2021" ADS removed successfully
"C:\Users\tomasek\AppData\Local" => ":15-08-2021" ADS not found.
"C:\Users\tomasek\AppData\Local\Data aplikací" => ":15-08-2021" ADS not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23D3DC9A-7C34-4E87-9247-AE32C875196B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADA00410-B9FB-4757-A456-4C81127D346B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E08DEDAA-81D3-4267-8555-8D5F609C7F51}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE67025D-09FE-47CF-8994-0AC22D985761}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F69428F5-6CB5-4324-98D8-D0285B3A017C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}" => removed successfully
"C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe" => not found
"C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe" => not found

"C:\Users\tomasek\AppData\Local\Temp" folder move:

Could not move "C:\Users\tomasek\AppData\Local\Temp" => Scheduled to move on reboot.

"C:\Users\tomasek\RebusDrop\App\RebusDrop.exe" => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FA75FDC-E5D2-4440-9040-A97E14DDE2DD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FA75FDC-E5D2-4440-9040-A97E14DDE2DD}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A738DAE6-E4CD-4455-81CA-9CAE713313F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A738DAE6-E4CD-4455-81CA-9CAE713313F3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABC8A774-3286-4F6E-9DC5-D55753936F94}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABC8A774-3286-4F6E-9DC5-D55753936F94}" => removed successfully
C:\Windows\System32\Tasks\WinManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinManager" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully
avgbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\bddci => removed successfully
bddci => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO_152 => removed successfully
HWiNFO_152 => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO_155 => removed successfully
HWiNFO_155 => service removed successfully
C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe => moved successfully
C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi => moved successfully
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona => moved successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp => moved successfully
C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88 => moved successfully
"C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43290533 B
Java, Flash, Steam htmlcache => 252513306 B
Windows/system/drivers => 3279765 B
Edge => 0 B
Chrome => 1168375144 B
Firefox => 0 B
Opera => 18711678 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 7168 B
systemprofile32 => 7168 B
LocalService => 52554 B
NetworkService => 64376 B
tomasek => 217320537 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-11-2021 21:08:48)

C:\Users\tomasek\AppData\Local\Temp => moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

==== End of Fixlog 21:08:48 ====

[Bartis]

a rád bych se zeptal můžu y vymazat tyto soubory? každý zabírá víc jak 1gb

2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ () C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ () C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\9.txt

Další otázka byl tam nějaký keyloger? žena tam zadala svou platební kartu

[Bartis]

No, abych to vysvětlil víc . Chtěla koupit hru na tom steamu klukovi, zadala kartu, ale platba neproběhla. Já jsem provedl platbu přes svůj (čistý) počítač a nákup byl proveden.

[Rudy]

Bylo smazáno. Ty *.txt soubory samozřejmě smazat můžete, ale nejsou nebezpečné (txt soubory nelze zavirovat). Doporučil bych ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 , v PC bylo celkem dost podezřelých souborů a mohou být ještě nějaké skryty. Utilitu stáhněte, spusťt, nechte pracovat a po skončení akce smažte vše, co najde.

[Bartis]

Dobrý den,

nějak se ten program změnil a ten návod je zastaralý asi , zaškrtl jsem radši ať skenuje vše , ale nenašel jsem jak ten log uložit tak posílám screen

[Rudy]

Ano, návod je na starší verzi. Proto jsem psal, co máte dělat. Log se uložit nedá, smažte vše, co našel.

[Bartis]

Podle screenu je vše smazáno , akorát jsem si nevěděl rady s tím not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen tak jsem ho hodil jen do karantény, hned ho vymažu. Pokračujem? nebo je to vše vše. Poprosil bych o zoek, at se mu vše vymaže v prohlížečích, protože tu vyskakují divné vyhledávače. Možná už využívate jiný program. Kdysi jsem koukal na toto forum denně a pročítal vše

Děkuji

[Rudy]

OK. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe , https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Ten HEUR:RiskTool.Win32.BitMiner.gen je malware, které se využívá k těžbě bitcoinů. Našla jej heuristická analýza, tzn. malware to být může, ale nemusí. AVP ho nemá v databázi.

[Bartis]

Dobrý večer,

zde jsou


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by tomasek on 02.11.2021 at 22:11:12,96.
Microsoft Windows 10 Home 10.0.19043 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\tomasek\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2021-03-11-210901.log 142389 bytes
C:\zoek-results2021-11-02-175503.log 284624 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Reprise deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pamcore.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pampub.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\pam.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast\datascan.json" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast" not deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gnplhahbcoldbildffdchneaepapccbn - No path found[]
ihcjicgdanjaechkgeegckofjjedodee - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gkfanndldghlkndfhojpfhclgdnglfmf - https://chrome.google.com/webstore/deta ... clgdnglfmf[]

Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee
NavFast - tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmbkjfjekgmlimjklnijcjijbfpblgde
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gnplhahbcoldbildffdchneaepapccbn
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee
TubeBuddy - tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee
Grammarly for Chrome - tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Malwarebytes Browser Guard - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee
KeyFind - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nnoidofbgkmeabamdgclicncakljkoin

==== Chromium Startpages ======================

C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Preferences
","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/#settings","permissions":["notifications"],"update_url":"https://clients2.google.com/service/upd ... BF774CB53E"}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Web Data was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\tomasek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=21288 folders=6191 5716404929 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\tomasek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pamcore.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pampub.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast\datascan.json" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pamcore.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pampub.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast\datascan.json" not found
"C:\Users\tomasek\AppData\Roaming\.technic" not found
"C:\Users\tomasek\AppData\Local\AVAST Software" not found
"C:\Users\tomasek\AppData\Local\AVAST Software" not found

==== EOF on 02.11.2021 at 22:38:31,46 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by tomasek (Administrator) on 03.11.2021 at 18:12:35,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.11.2021 at 18:13:44,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

Prohlíče byly vyčištěny.

[Bartis]

Dobrý večer,

myslíte si tedy, že je vše ok?