Trojan Injectgen

[Yagami]

Zdravím

podařilo se mi odstranit Agent Tesla za pomocí Offline Defendera. Deffender mi píše že ten trojan Injectgen odstranil, ale každý den se to tam ukazuje znova.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by lordy (administrator) on DESKTOP-KHJPJE4 (Micro-Star International Co., Ltd. MS-7C91) (16-01-2022 11:11:09)
Running from C:\Users\lordy\Desktop
Loaded Profiles: lordy
Platform: Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\lordy\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe
(Electronic Arts, Inc. -> The Qt Company Ltd.) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebEngineProcess.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2112.1001.10.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_44dc4eefedc0d082\Display.NvContainer\NVDisplay.Container.exe <2>
(Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe
(Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
(Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(Power Software Ltd -> Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2014-03-11] (Power Software Ltd -> Power Software Ltd)
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [Discord] => C:\Users\lordy\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2703520 2021-12-07] (Skutta, Kristjan -> )
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [Bethesda.net] => [X]
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-12] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {020E45DB-F338-4447-BA0A-C553DF86B1F5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {0281CDAF-D338-4CC3-8037-FCCD913EC004} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {171B79FB-A7B9-4201-8E5F-8AD5548FA45F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1A77D62E-9946-4C39-8FB6-5F1DDE10F578} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.62\Installer\setup.exe [3118472 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {22FF8BF9-2F9E-4022-87C4-653BE186959F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {38EF9E6A-F050-4F4A-86A6-5C168075949E} - System32\Tasks\Opera scheduled Autoupdate 1608412984 => C:\Users\lordy\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {3AB24D1A-8CBD-44D1-B765-428557EDF2A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {457B547A-8C18-4283-8701-6FC18380C4DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5ACC2A04-9F0D-4316-85D7-D90D0017DD18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-13] (Google LLC -> Google LLC)
Task: {5B24E7A7-292C-4F59-A80A-FF63BA81ED78} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6BC494B8-7937-4EC1-92CB-E20118BA6FC9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7071753C-1298-42CE-8051-EBCF22AC7F00} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7DBFEAA9-DDE3-4C9E-BCC8-893DCE49FE59} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {844F4AD8-9530-4DCF-B9B4-A4071C1273EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A0F1DF2C-4496-4B73-A03C-9395DCD8C884} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A50B698A-455B-4FF2-A6E4-BD5F6D75FD5A} - System32\Tasks\Opera scheduled assistant Autoupdate 1608412987 => C:\Users\lordy\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\lordy\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {BAE2C0E9-02EE-44DE-B131-89F603596D65} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D1F96398-2D16-4AAA-8B32-3A79749FA28B} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2539864 2022-01-13] (Overwolf Ltd -> Overwolf LTD)
Task: {D2FC805A-0D73-4657-9274-09890CA01B79} - System32\Tasks\gamelauncher => c:\users\lordy\appdata\roaming\gamelauncher.exe [705041530 2021-08-08] () [File not signed] <==== ATTENTION
Task: {F85C16BB-36BB-4CF6-974F-1D67D675B42A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-13] (Google LLC -> Google LLC)
Task: {F86D38B2-2152-4AC9-975E-83C8DFA63F6F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {FC99B4FE-4F84-41EB-A5FB-82728D18CAB3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-08-27] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32e61222-1e88-498a-a9da-20961312ce70}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{54c4074b-e1ad-4a57-8a62-f155af9e4af7}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\lordy\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-05]

FireFox:
========
FF DefaultProfile: gnlqxabf.default
FF ProfilePath: C:\Users\lordy\AppData\Roaming\Mozilla\Firefox\Profiles\gnlqxabf.default [2020-12-13]
FF ProfilePath: C:\Users\lordy\AppData\Roaming\Mozilla\Firefox\Profiles\d65da0x2.default-release [2021-12-09]
FF Homepage: Mozilla\Firefox\Profiles\d65da0x2.default-release -> www.seznam.cz
FF Session Restore: Mozilla\Firefox\Profiles\d65da0x2.default-release -> is enabled.
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default [2022-01-16]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-13]
CHR Extension: (BetterTTV) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2021-12-08]
CHR Extension: (Dokumenty) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-13]
CHR Extension: (Disk Google) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-13]
CHR Extension: (Volume Booster) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkfjjkednolkdhclcoicgbfpccgihknm [2021-03-15]
CHR Extension: (YouTube) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-12]
CHR Extension: (Search by Image) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnojnbdhbhnkbcieeekonklommdnndci [2022-01-09]
CHR Extension: (FrankerFaceZ) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2021-06-07]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2021-06-28]
CHR Extension: (Tabulky) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-13]
CHR Extension: (Hlídač Shopů) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlonggbfebcjelncogcnclagkmkikk [2021-12-08]
CHR Profile: C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-16]
CHR Profile: C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-01-16]
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR Session Restore: Profile 1 -> is enabled.
CHR Extension: (Prezentace) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-13]
CHR Extension: (Dokumenty) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-13]
CHR Extension: (Disk Google) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-13]
CHR Extension: (YouTube) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-13]
CHR Extension: (Tabulky) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-01]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\lordy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-13]
CHR Profile: C:\Users\lordy\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-21]

Opera:
=======
OPR Profile: C:\Users\lordy\AppData\Roaming\Opera Software\Opera Stable [2021-01-15]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\lordy\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-12-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8808480 2021-06-14] (BattlEye Innovations e.K. -> )
R2 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [10069144 2022-01-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-11-05] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1874272 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6840672 2021-03-29] (GOG Sp. z o.o. -> GOG.com)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2539864 2022-01-13] (Overwolf Ltd -> Overwolf LTD)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [144632 2021-12-03] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [511736 2021-12-03] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1142808 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [451608 2021-11-17] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1347640 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-10-19] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294520 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533824 2021-10-21] (Razer USA Ltd. -> Razer Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_44dc4eefedc0d082\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_44dc4eefedc0d082\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 oculusvad_oculusvad; C:\Windows\System32\drivers\oculusvad.sys [75280 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Oculus_ViGEmBus; C:\Windows\System32\drivers\Oculus_ViGEmBus.sys [32856 2021-09-09] (Oculus VR, LLC -> Facebook Inc.)
R3 R0RazerSynapseService; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [14544 2022-01-14] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\Windows\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435432 2021-12-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-16 11:11 - 2022-01-16 11:11 - 000023683 _____ C:\Users\lordy\Desktop\FRST.txt
2022-01-16 11:10 - 2022-01-16 11:11 - 000000000 ____D C:\FRST
2022-01-16 11:09 - 2022-01-16 11:09 - 002311680 _____ (Farbar) C:\Users\lordy\Desktop\FRST64.exe
2022-01-15 03:26 - 2022-01-15 03:34 - 000000000 ____D C:\Users\lordy\AppData\Local\MassEffectModder
2022-01-14 20:35 - 2022-01-14 20:35 - 075497472 _____ C:\Windows\system32\config\SOFTWARE
2022-01-14 20:34 - 2022-01-14 20:35 - 000000000 ____D C:\Windows\Microsoft Antimalware
2022-01-12 07:11 - 2022-01-12 07:11 - 014233600 _____ C:\Users\lordy\Downloads\WindowsPCHealthCheckSetup.msi
2022-01-12 07:11 - 2022-01-12 07:11 - 000001349 _____ C:\Users\lordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-01-12 07:11 - 2022-01-12 07:11 - 000000000 ____D C:\Users\lordy\AppData\Local\PCHealthCheck
2022-01-12 04:47 - 2022-01-12 04:47 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-01-12 04:47 - 2022-01-12 04:47 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-01-12 04:47 - 2022-01-12 04:47 - 000011797 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-01-12 04:44 - 2022-01-12 04:44 - 000000000 ___HD C:\$WinREAgent
2022-01-10 21:06 - 2022-01-10 21:06 - 000005529 _____ C:\Users\lordy\Downloads\202201leden.ods
2022-01-08 10:28 - 2022-01-08 10:28 - 000000000 ____D C:\Users\lordy\Documents\BioWare
2022-01-08 10:26 - 2022-01-08 10:26 - 000000000 ____D C:\ProgramData\Electronic Arts
2022-01-07 07:09 - 2022-01-07 07:09 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2022-01-06 18:54 - 2022-01-08 10:26 - 000000000 ____D C:\ProgramData\Origin
2022-01-06 18:52 - 2022-01-06 18:52 - 000000000 ____D C:\Users\lordy\AppData\Local\EADesktop
2022-01-06 17:40 - 2022-01-06 17:40 - 000000000 ____D C:\Users\lordy\AppData\LocalLow\Annapurna
2022-01-06 17:36 - 2022-01-15 03:11 - 000000000 ____D C:\Program Files\EA Games
2022-01-06 17:36 - 2022-01-06 18:54 - 000000000 ____D C:\ProgramData\EA Desktop
2022-01-06 17:36 - 2022-01-06 17:36 - 000000000 ____D C:\Users\lordy\AppData\Local\Electronic Arts
2022-01-06 17:36 - 2022-01-06 17:36 - 000000000 ____D C:\Users\lordy\AppData\Local\EAConnect_microsoft
2022-01-06 17:36 - 2022-01-06 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2022-01-06 17:36 - 2022-01-06 17:36 - 000000000 ____D C:\Program Files\Electronic Arts
2022-01-05 18:57 - 2022-01-05 18:57 - 000000000 ____D C:\Users\lordy\AppData\Roaming\Fusion360
2022-01-05 18:57 - 2022-01-05 18:57 - 000000000 ____D C:\Users\lordy\AppData\Roaming\CadSoft
2022-01-05 17:18 - 2022-01-05 18:57 - 000000000 ____D C:\Users\lordy\AppData\Roaming\Autodesk
2022-01-05 17:18 - 2022-01-05 17:18 - 000002674 _____ C:\Users\lordy\Desktop\Autodesk Fusion 360.lnk
2022-01-05 17:18 - 2022-01-05 17:18 - 000000000 ____D C:\Users\lordy\Documents\Fusion 360
2022-01-05 17:18 - 2022-01-05 17:18 - 000000000 ____D C:\Users\lordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2022-01-05 17:18 - 2022-01-05 17:18 - 000000000 ____D C:\ProgramData\Autodesk
2022-01-05 17:16 - 2022-01-05 17:18 - 000000000 ____D C:\Users\lordy\AppData\Local\Autodesk
2022-01-05 17:16 - 2022-01-05 17:16 - 011897944 _____ (Autodesk, Inc) C:\Users\lordy\Downloads\Fusion 360 Client Downloader.exe
2022-01-03 15:09 - 2022-01-03 15:09 - 000000000 ____D C:\Users\lordy\AppData\LocalLow\DefaultCompany
2022-01-01 12:07 - 2022-01-01 12:07 - 004959135 _____ C:\Users\lordy\Downloads\4e1b7364116b7801e22cb1e14e857594.swf
2021-12-30 21:55 - 2021-12-30 21:55 - 034884668 _____ C:\Users\lordy\Downloads\ca56da79ef5230ee174d79b76e108641.mp4
2021-12-27 12:46 - 2021-12-31 09:31 - 000000000 ____D C:\Users\lordy\AppData\Local\Warframe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-16 11:02 - 2020-12-19 00:24 - 000000000 ____D C:\Program Files (x86)\Steam
2022-01-16 11:00 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-16 10:55 - 2020-12-13 19:30 - 000000000 ____D C:\Users\lordy\AppData\Roaming\discord
2022-01-16 10:53 - 2020-12-13 19:30 - 000000000 ____D C:\Users\lordy\AppData\Local\Discord
2022-01-16 10:26 - 2020-12-13 19:14 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-16 10:22 - 2020-11-18 23:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-01-16 06:26 - 2020-12-14 04:27 - 000000000 ____D C:\Users\lordy\AppData\Local\D3DSCache
2022-01-16 05:55 - 2020-12-13 19:23 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-16 05:53 - 2021-09-09 15:02 - 000000000 ____D C:\Users\lordy\AppData\Local\Oculus
2022-01-15 15:29 - 2021-11-22 01:11 - 000004782 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-01-15 15:29 - 2020-11-19 00:32 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-15 15:29 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-15 15:29 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-01-14 20:40 - 2020-11-19 00:44 - 001693820 _____ C:\Windows\system32\PerfStringBackup.INI
2022-01-14 20:40 - 2019-12-07 15:41 - 000716932 _____ C:\Windows\system32\perfh005.dat
2022-01-14 20:40 - 2019-12-07 15:41 - 000145110 _____ C:\Windows\system32\perfc005.dat
2022-01-14 20:40 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-01-14 20:36 - 2020-11-19 00:38 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-14 20:36 - 2020-11-19 00:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-01-14 20:33 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-01-14 18:37 - 2021-12-13 16:30 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4204990932-2529432821-1250508675-1001
2022-01-14 18:37 - 2020-12-13 19:03 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4204990932-2529432821-1250508675-1001
2022-01-14 18:37 - 2020-11-19 00:45 - 000002381 _____ C:\Users\lordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-13 20:06 - 2020-12-20 00:06 - 000000000 ____D C:\Program Files (x86)\Overwolf
2022-01-13 13:55 - 2021-01-23 18:52 - 000007666 _____ C:\Users\lordy\AppData\Local\Resmon.ResmonCfg
2022-01-13 06:21 - 2020-12-13 19:14 - 000003474 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-13 06:21 - 2020-12-13 19:14 - 000003350 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-12 19:31 - 2020-12-13 19:15 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-12 07:16 - 2020-11-18 23:29 - 000267672 _____ C:\Windows\system32\FNTCACHE.DAT
2022-01-12 07:15 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-01-12 07:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-01-12 07:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-01-12 07:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2022-01-12 07:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2022-01-12 07:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2022-01-12 07:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-01-12 04:48 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-01-12 04:44 - 2020-12-16 09:14 - 000000000 ____D C:\Windows\system32\MRT
2022-01-12 04:43 - 2020-12-16 09:14 - 145765912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-01-06 17:39 - 2020-11-19 00:47 - 000000000 ____D C:\Users\lordy\AppData\Local\Packages
2022-01-06 17:39 - 2020-11-19 00:33 - 000000000 ____D C:\ProgramData\Packages
2022-01-06 17:36 - 2021-03-11 19:53 - 000000000 ____D C:\Users\lordy\AppData\Local\Origin
2022-01-06 17:36 - 2020-12-13 19:23 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-05 17:18 - 2020-12-13 19:57 - 000000000 ____D C:\Users\lordy\AppData\Local\cache
2022-01-03 19:31 - 2020-11-19 00:45 - 000000000 ____D C:\Users\lordy
2022-01-03 04:49 - 2020-12-19 22:22 - 000000000 ____D C:\Users\lordy\AppData\Local\JDownloader 2.0
2021-12-23 08:14 - 2021-01-15 18:06 - 000000000 ____D C:\Path of Exile
2021-12-21 21:30 - 2021-11-05 13:51 - 000000000 ____D C:\Users\lordy\AppData\Roaming\awakened-poe-trade
2021-12-21 12:26 - 2021-10-30 21:12 - 000002321 _____ C:\Users\lordy\Desktop\PoE Overlay.lnk
2021-12-21 12:26 - 2020-12-20 00:05 - 000000000 ____D C:\Users\lordy\AppData\Local\Overwolf
2021-12-17 05:07 - 2020-12-13 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-12-17 05:06 - 2020-12-13 19:24 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK

==================== Files in the root of some directories ========

2021-12-05 00:53 - 2021-08-08 18:21 - 705041530 ___SH () C:\Users\lordy\AppData\Roaming\gamelauncher.exe
2021-01-23 18:52 - 2022-01-13 13:55 - 000007666 _____ () C:\Users\lordy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by lordy (16-01-2022 11:11:51)
Running from C:\Users\lordy\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) (2020-11-18 23:40:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4204990932-2529432821-1250508675-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4204990932-2529432821-1250508675-503 - Limited - Disabled)
Guest (S-1-5-21-4204990932-2529432821-1250508675-501 - Limited - Disabled)
lordy (S-1-5-21-4204990932-2529432821-1250508675-1001 - Administrator - Enabled) => C:\Users\lordy
WDAGUtilityAccount (S-1-5-21-4204990932-2529432821-1250508675-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Autodesk Fusion 360 (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.11894 - Autodesk, Inc.)
Awakened PoE Trade 2.14.1 (HKLM\...\2ea281da-028b-5d55-b26e-53163c89344a) (Version: 2.14.1 - Alexander Drozdov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.82.0 - Bethesda Softworks)
Car Mechanic Simulator 2021 (HKLM-x32\...\DOGE_Car_Mechanic_Simulator_2021) (Version: - )
CurseForge (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.188.3.1 - Overwolf app)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: 1.2 - GOG.com)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.0.175.5080 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{6f5115cf-c3c7-489c-b98d-66ec45eaff05}) (Version: 12.0.175.5080 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LustTheoryS1 1.0 (HKLM\...\{C28FC0A2-4FC3-471E-959A-41032D416F9F}_is1) (Version: 1.0 - )
Mass Effect™ Legendary Edition (English US) (HKLM-x32\...\{068668C4-0B89-4431-A749-1829F845DB87}) (Version: 1.0.0.1621466 - Electronic Arts, Inc. (en_US))
MechWarrior 5 (HKLM-x32\...\2147483045_is1) (Version: 1.1.298 - GOG.com)
MechWarrior 5: Heroes of the Inner Sphere (HKLM-x32\...\2038424921_is1) (Version: 1.1.298 - GOG.com)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\OneDriveSetup.exe) (Version: 21.245.1128.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Mozilla Firefox 86.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 86.0.1 (x64 cs)) (Version: 86.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 83.0 - Mozilla)
MPC-BE x64 1.5.6.5797 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.5.6.5797 - MPC-BE Team)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.92 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 496.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 496.49 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Oculus (HKLM\...\Oculus) (Version: <3 - Facebook Technologies, LLC)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.188.0.22 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Path of Building Community (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Path of Building Community) (Version: 1.4.170.20 - Path of Building Community)
Path of Building version 1.4.170 (HKLM-x32\...\{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.170 - Openarl)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.12.5.34827 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{ea2ac9d2-195b-45dc-94a8-f349aaef86f6}) (Version: 3.12.5.34827 - Grinding Gear Games)
PoE Overlay (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Overwolf_cijcjjcjilpooaeppicpfibopeefaglkefjaeofl) (Version: 1.2.17 - Overwolf app)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Project Diablo 2 (HKLM-x32\...\{822B3055-5F16-4934-A1FC-378AB0181A66}_is1) (Version: 1.0 - projectdiablo2.com)
qBittorrent 4.3.6 (HKLM-x32\...\qBittorrent) (Version: 4.3.6 - The qBittorrent project)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1215.121004 - Razer Inc.)
Signal 5.17.2 (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.17.2 - Open Whisper Systems)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Succubus (HKLM-x32\...\1996206777_is1) (Version: 1.0.14869 - GOG.com)
Succubus Unrated (HKLM-x32\...\1691828704_is1) (Version: 1.0.14869 - GOG.com)
Surviving Mars - Below and Beyond (HKLM-x32\...\1790459966_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Colony Design Set (HKLM-x32\...\1833146547_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Digital Deluxe Edition Upgrade Pack (HKLM-x32\...\1507812678_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Green Planet (HKLM-x32\...\1968222224_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - In-Dome Buildings Pack (HKLM-x32\...\1922265339_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Mars Lifestyle Radio (HKLM-x32\...\1791360202_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Marsvision Song Contest (HKLM-x32\...\1908011586_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Mysteries Resupply Pack (HKLM-x32\...\1990927897_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Project Laika (HKLM-x32\...\1641787812_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Space Race (HKLM-x32\...\1683782840_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars - Stellaris Dome Set (Pre-Order DLC) (HKLM-x32\...\1424717003_is1) (Version: Piazzi 1007612 - GOG.com)
Surviving Mars (HKLM-x32\...\2129244347_is1) (Version: Piazzi 1007612 - GOG.com)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 128.0.10632 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.261 (HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

Packages:
=========
Forza Horizon 5 -> C:\Program Files\WindowsApps\Microsoft.624F8B84B80_3.417.812.0_x64__8wekyb3d8bbwe [2021-12-16] (Microsoft Studios)
Gorogoa -> C:\Program Files\WindowsApps\AnnapurnaInteractive.Gorogoa_1.0.7.0_x64__c96c51jf6wkvm [2022-01-06] (Annapurna Interactive)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-14] (Microsoft Studios) [MS Ad]
My Time at Portia -> C:\Program Files\WindowsApps\Team17DigitalLimited.MyTimeatPortiaWin10_1.0.40.0_x64__j5x4vj4y67jhc [2021-11-16] (Team17 Digital Limited)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-11-10] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0 [2022-01-14] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4204990932-2529432821-1250508675-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\lordy\AppData\Local\Autodesk\webdeploy\production\1a27f23c10bc87f7eab1f89e440a46f886b5f544\NPreview10.dll (Autodesk, Inc. -> )
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2014-03-11] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2014-03-11] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_44dc4eefedc0d082\nvshext.dll [2021-10-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2014-03-11] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\lordy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\František - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\lordy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Monika (Monča) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2020-12-22 06:51 - 2021-10-06 02:30 - 126961152 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2020-12-22 06:51 - 2021-10-06 02:30 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2020-12-22 06:51 - 2021-10-06 02:30 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000017920 _____ () [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libEGL.DLL
2022-01-13 19:45 - 2022-01-13 19:45 - 003567616 _____ () [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libGLESv2.dll
2021-09-24 11:03 - 2021-09-24 11:03 - 001230336 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoFoundation.dll
2021-09-24 11:03 - 2021-09-24 11:03 - 000207872 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoJSON.dll
2021-09-24 11:03 - 2021-09-24 11:03 - 000810496 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNet.dll
2021-09-24 11:03 - 2021-09-24 11:03 - 000238592 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoNetSSLWin.dll
2021-09-24 11:03 - 2021-09-24 11:03 - 000335360 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoUtil.dll
2021-09-24 11:03 - 2021-09-24 11:03 - 000455168 _____ (Applied Informatics Software Engineering GmbH) [File not signed] C:\Program Files (x86)\Razer Chroma SDK\bin\PocoXML.dll
2020-12-22 06:51 - 2021-10-06 02:30 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 002815488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000678400 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qgif.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000039936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qicns.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qico.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qjpeg.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qsvg.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qtga.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000380416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qtiff.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qwbmp.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\imageformats\qwebp.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 001455616 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\platforms\qwindows.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000227328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt\labs\platform\qtlabsplatformplugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Gui.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000327168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Positioning.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000319488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5PrintSupport.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Qml.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QmlModels.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QmlWorkerScript.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 004254720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Quick.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickControls2.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000222208 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickShapes.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 001128960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickTemplates2.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000075264 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5QuickWidgets.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000334848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Svg.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000396288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebEngine.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 103583232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebEngineCore.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000250880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebEngineWidgets.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebChannel.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 005611520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Widgets.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Xml.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000018432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick.2\qtquick2plugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000294400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Layouts\qquicklayoutsplugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Shapes\qmlshapesplugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtQuick\Window.2\windowplugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000093696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebEngine\qtwebengineplugin.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebChannel\declarative_webchannel.dll
2022-01-13 19:45 - 2022-01-13 19:45 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Oculus\Support\oculus-runtime;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E018A5C0-CDD2-4E31-AD57-4C02CF74CCDC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A3E7866E-5150-42CA-B48D-36E806EF5F65}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{BAEE0544-C9BE-4E37-AE35-718F5F587AF0}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{034806AA-86B9-4314-ACEE-EC723F0BE3E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{CFC0213F-DBA5-4216-9A3F-528B1D865BD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{80A85550-9D76-4EC1-B80F-D1AA82076D8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{ECC00810-54BA-48FD-861B-203E14CCDDF0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{633C6409-4CDD-4443-A048-99FDE5EC34F0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A80D72D4-F24D-4DF5-8881-F1EF9A73DE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creeper World 4\CW4.exe () [File not signed]
FirewallRules: [{C88135CC-D65B-4266-82F4-ACD46A356CFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Creeper World 4\CW4.exe () [File not signed]
FirewallRules: [{3A39390B-1DC1-4A80-95AF-588E5AB8DC61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{7EF7E06C-CBC5-4C4D-A660-42E862311EBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{C1DE1ED1-07F7-46BF-A536-1F4DBEB9AB85}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{B0644D90-4D83-4161-BECD-6B74242296B6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{94BCD193-F6DD-41D5-9F1B-CF07976AC528}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EAD3383B-0F77-4975-BA06-5E5A70CB7F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stationeers\rocketstation.exe () [File not signed]
FirewallRules: [{5BF96DEB-A195-48D3-A813-E896D953C2CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stationeers\rocketstation.exe () [File not signed]
FirewallRules: [{879292E6-6B5D-4E0B-ADF6-9C70FBFC26A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cattle and Crops\CattleAndCrops.exe (Masterbrain Bytes GmbH & Co. KG) [File not signed]
FirewallRules: [{7DF67476-40DB-4800-AB79-25D3068387CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cattle and Crops\CattleAndCrops.exe (Masterbrain Bytes GmbH & Co. KG) [File not signed]
FirewallRules: [{B69B5825-AC0E-4A5D-A8A2-F9D27D64BD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunterCotW\theHunterCotW_F.exe () [File not signed]
FirewallRules: [{2E1C3F32-88F8-4663-896A-7D621ACD8B3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\theHunterCotW\theHunterCotW_F.exe () [File not signed]
FirewallRules: [{1454B4B7-279E-48A0-9D2F-1EC1AA51B58D}] => (Allow) C:\Users\lordy\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{8483D252-3B99-453E-B9DC-CE5C4A015200}] => (Allow) C:\Users\lordy\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{9EA3A2A9-D534-498D-A9A7-73B2681F50BE}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{0A464E86-FE31-4A1F-B588-753DB95D8E49}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe] => (Block) C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe => No File
FirewallRules: [UDP Query User{46724EA9-2430-49A7-A10B-DCAB9EE7D737}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe] => (Block) C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe => No File
FirewallRules: [{A1CEA5B5-CA8B-4B21-8147-683CBFEBFEB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [{16A76C82-A156-4296-8B9D-E98E9A19F78E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [TCP Query User{C681A6C3-650C-44FC-91C5-916FDFE3AB1B}A:\1hry\the sims 4 discover university\game\bin\ts4_x64.exe] => (Block) A:\1hry\the sims 4 discover university\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{221F522A-82A5-49F6-84C9-7639A3FC21F2}A:\1hry\the sims 4 discover university\game\bin\ts4_x64.exe] => (Block) A:\1hry\the sims 4 discover university\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{120416B5-5DC8-4AA2-AC4A-E5387DD552F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loop Hero\Loop Hero.exe (FourQuarters team) [File not signed]
FirewallRules: [{719AE1C5-5E8D-4E07-8742-909A44DD0F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Loop Hero\Loop Hero.exe (FourQuarters team) [File not signed]
FirewallRules: [{887332CB-F9AF-48B6-BC03-9B8A7DFB8475}] => (Allow) A:\1Hry\SteamLibrary2\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [{FA11BC83-3003-47E7-9E33-E1CE1272C0D1}] => (Allow) A:\1Hry\SteamLibrary2\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [TCP Query User{1BF6E9FE-1086-412E-863B-03E4E3731D7A}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Block) C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File
FirewallRules: [UDP Query User{03CA1AAE-A02B-456E-8C3E-654F70B47E55}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Block) C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File
FirewallRules: [{64CA9940-532D-4C47-AEA6-1765354E6A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{0A357E06-FAEA-47F0-8B27-C4062242D185}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [TCP Query User{50355074-80D4-40CA-A43A-88E3CDC034FD}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{E7D607AA-36D3-4679-BA8E-B243A423B590}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{228F2FFE-362A-4086-AA3B-0A7D80D33E29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{BD6B2CD1-DB11-4FDC-A6AB-A4FE7881297D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{DB16A6C9-E96B-4C2A-95F8-D40BCAA59E87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{3E89B54A-5450-4A06-9E0C-F70278E7A722}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{CE9422D3-1C12-4E7E-8C6E-E36170EC67CA}] => (Allow) B:\SteamLibrary\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [{93EBB27E-A273-44F2-9CF3-39027E8D2BEE}] => (Allow) B:\SteamLibrary\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [{8FB1E64F-D5BA-42AB-9007-58D38D93B2A1}] => (Allow) B:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{1F1058D4-EF26-4CB9-9B3E-D626A4995FD2}] => (Allow) B:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{23490AFC-69F6-4BA1-A070-8DE439898386}] => (Allow) B:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{6A08A202-74A0-4EC2-BEA9-E2BB9A77D4EE}] => (Allow) B:\SteamLibrary\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{544DFA2C-FDBA-4911-AB39-2220D5104E1A}] => (Allow) B:\SteamLibrary\SteamApps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{865EB0B8-6529-4444-83ED-3106857EA6BD}] => (Allow) B:\SteamLibrary\SteamApps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{AD38117F-B4CA-4FAD-8BCF-9C21F9EEBB02}] => (Allow) B:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe (QLOC S.A. -> Bethesda Softworks)
FirewallRules: [{64B130C8-26AB-436E-A28F-D01742551B7F}] => (Allow) B:\SteamLibrary\SteamApps\common\Skyrim\SkyrimLauncher.exe (QLOC S.A. -> Bethesda Softworks)
FirewallRules: [{E3A364D4-AE21-458A-9A62-37246AA0E474}] => (Allow) B:\SteamLibrary\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe () [File not signed]
FirewallRules: [{33C0F52F-00E9-4C43-A747-D18A0CB9794B}] => (Allow) B:\SteamLibrary\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe () [File not signed]
FirewallRules: [{95158C29-9D27-443B-A37D-FEFC80D21C89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{341874EE-5A61-4E52-81E0-D3A97D369469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{EFC0D3C6-3FCF-4197-888A-796B1DE4CCCA}] => (Allow) B:\SteamLibrary\SteamApps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{38D87726-9A02-467B-AF48-E8E23A82100F}] => (Allow) B:\SteamLibrary\SteamApps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{96701571-EBFC-4ED0-867F-0871F4593B5F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{9DAD6F38-F171-4BA0-90D3-F0361D7B2E65}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0510D51D-4AC8-4B21-BA06-DABAC8A1F068}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{379500F2-335F-4E6A-AB10-B078B1A66B93}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{A486D119-CB66-4FDB-9F37-3F30022B9DA8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [{171815E2-87F6-484E-9573-111231C07B58}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [TCP Query User{89B8133A-8C79-4AFC-A6DA-14881190EB5F}A:\1hry\diablo iii\x64\diablo iii64.exe] => (Allow) A:\1hry\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{5FDD8A64-7B57-4444-A314-53F698791573}A:\1hry\diablo iii\x64\diablo iii64.exe] => (Allow) A:\1hry\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{853A8978-9341-4364-92F1-2E21AE519AAF}A:\1hry\car mechanic simulator 2021\car mechanic simulator 2021.exe] => (Block) A:\1hry\car mechanic simulator 2021\car mechanic simulator 2021.exe () [File not signed]
FirewallRules: [UDP Query User{FF17A2E3-C149-4F59-BC82-E62D5285CFE0}A:\1hry\car mechanic simulator 2021\car mechanic simulator 2021.exe] => (Block) A:\1hry\car mechanic simulator 2021\car mechanic simulator 2021.exe () [File not signed]
FirewallRules: [{9B66B644-2AD0-4B3D-826D-9915FCCA21F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{A4A53CF5-AEE1-40A1-BB8A-E9AE82817163}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{AAC6CB7F-3713-4C3A-BDB2-27315201715D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{86D30E9B-0357-419D-8D12-A7C1E7C3D2CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{051CEF9F-F3A5-454A-A9EA-48A5A76DBC69}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{923BF431-330E-4C37-9DE0-EA42A24BF119}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EE07E25C-DF1E-42E8-91BF-DC5B1707DD8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3ECD22DF-53F8-4B13-86B4-EF1E84EE0940}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09117329-E7AB-432E-979D-8623FB666D01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{522F2CE8-5EC5-449B-8FA3-F7C4A2F01C87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{637BF0B5-314A-4435-8AB7-DA0E8A54BA26}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{2A93D9AB-87F3-49AD-8932-41F02764389A}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{255EBB96-02BE-4BF8-97B9-CDEAAA8DE618}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{D5984A2F-5A65-4A96-AE77-27A9B511003B}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{9919753F-8006-48B8-8C46-C7D9DFE0E1E8}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{FEA706E6-0A83-4E1B-9371-0144E9C21B22}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{3E16E569-429B-4E1C-8072-B5C5B4D5B297}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{03E64E1E-4732-48FB-AF35-142AF8488BCF}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{7F337366-FF6E-4ADB-921A-1BEC91B81D97}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5BE113BA-F0A3-4BEA-AC6B-14BEBADE3916}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C4FE8FAB-480B-404B-8D32-E2E759352990}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.)
FirewallRules: [{08356538-079A-492F-BF7A-451E7BDFF6CA}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe (Oculus VR, LLC -> Epic Games, Inc.)
FirewallRules: [{59829A9A-2AB1-4734-9C05-B2A1DF10E6B5}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C20A2813-32A3-4F76-A2C3-7E9D68D0C311}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{4B577509-53D3-4548-8FE5-382A82FCC18C}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{2A296D92-712F-4F5D-8774-9527A365CEEC}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{2CA3FD9A-3D56-4E40-8696-FAC4F1DE02C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5F8DE7FF-0526-435C-891E-03CBF2506CCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4EA7A9C6-99DD-4300-9BDD-F304C895A408}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{4BDC735E-5AA3-4B92-9EA1-DE08E1B45D41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{A72300E8-7C1F-479D-998A-C8CDCA1B9A62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{A1C65EDB-AE33-46AC-BBAC-43B5E202EAB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [TCP Query User{60582009-F483-4400-B752-AD7B3786CEF3}C:\users\lordy\downloads\snkrx.v26.07.2021\snkrx.v26.07.2021\snkrx.exe] => (Block) C:\users\lordy\downloads\snkrx.v26.07.2021\snkrx.v26.07.2021\snkrx.exe () [File not signed]
FirewallRules: [UDP Query User{816DD7C6-983C-4489-BA37-343E0706FDEE}C:\users\lordy\downloads\snkrx.v26.07.2021\snkrx.v26.07.2021\snkrx.exe] => (Block) C:\users\lordy\downloads\snkrx.v26.07.2021\snkrx.v26.07.2021\snkrx.exe () [File not signed]
FirewallRules: [{C0E9DB41-BEF4-49DC-90FE-BA174421F0E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E0D50721-1B5F-4359-8780-B5D4D507B7E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{41094841-0A7D-4DC4-B87E-30A4005B0BB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF5A1861-70B9-4893-A2C1-5D2EBE59175F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{18A0E72A-1862-47F1-B07F-973E6FB8D3A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{D28852E5-517F-4F28-AB45-C6DABE80C582}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{717DF6D9-20BC-480A-8C75-B24B44B6E8BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{539D7F81-B9A0-42DE-BE60-3C871C53E319}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{BEAF0CEF-606A-4C2D-BB53-40A016099E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{F20589F8-4038-4104-8DD8-9DB785B56307}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{7518A181-A501-48D7-973C-86A88D30EAD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{E1F89834-C4CB-4008-9C00-47BF0FEB55ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{908C15B3-0E31-470E-87B7-746A040A0535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{11D5D564-A90E-44CA-8BDC-584FB413F672}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{329D50CF-B6A4-4936-9C0F-39D39B9C8D87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{85DB81D0-DB7D-4C8E-A3C8-CDEFE18FFCBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{A1B7FBFF-6A25-4E8F-9CB1-2885E4BF0197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{295A492B-E2D6-4310-A5A4-CDF7D53D7B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{EB05A04B-CC65-4A62-A679-11F7BCEDDDCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{01F40379-7A53-42F8-943E-4F14580BB6B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{156D44FC-AF14-4A73-9286-8E1824B37650}] => (Allow) C:\Program Files\EA Games\Mass Effect Legendary Edition\Game\Launcher\MassEffectLauncher.exe (BioWare) [File not signed]
FirewallRules: [{5F7F6F09-2B92-41E3-A479-1EDB81ABEF81}] => (Allow) C:\Program Files\EA Games\Mass Effect Legendary Edition\Game\Launcher\MassEffectLauncher.exe (BioWare) [File not signed]
FirewallRules: [{34C84F25-79A3-478A-825A-8674500250A6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3E450BFE-200D-4A17-AFC6-641EBDCD078E}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{268410F4-B0C2-4C58-B7C8-3BAF9C389F58}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{B44219D1-2A6C-4BE3-87F5-9CAE4A9ECD9A}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{A45C7B4B-A0A7-4256-9E87-ED75C478ECCA}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{6B59D08E-1A01-4E2D-BEFA-9D482922C14F}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{E85D5ABD-4A8F-45AD-82D3-1FAC2E1F02C1}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{66DEB13E-6848-4E35-9464-148345BAC064}] => (Block) C:\Program Files (x86)\Overwolf\0.187.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B85A16E7-17EB-4F02-B245-077473F2D3B5}] => (Block) C:\Program Files (x86)\Overwolf\0.187.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F4D6B8CD-2B24-400E-AE7A-F41700D4EFE3}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{61382B93-484D-4AE4-968E-FBD23FA003D1}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5D607B61-D112-4EA2-B614-8C6C7FDF111A}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9087CE4E-81D7-46AB-B2D9-DDB088B664AF}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3A5AFF94-5FDC-4C85-9A51-44CD33EA3138}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BD0BAF52-F099-4CEC-B45F-7BC5E04595FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C7ACD3C5-3989-4DB1-BA55-62074F69199D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9005D8D5-8324-4E20-9D95-17B94385782C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B357919F-B266-4EAE-8DD2-BBA02E7B4B6E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BB14B644-2640-473A-9B9D-D4926582A460}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EF4E7309-5E25-4355-A5F3-56E12DEE42D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8520F869-0F39-4969-A593-CCEC709190AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{77BC6DE3-CF5D-420E-98A5-929C39BD5113}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

06-01-2022 17:36:06 EA app
12-01-2022 04:44:26 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/14/2022 08:36:13 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/13/2022 06:15:41 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/12/2022 02:26:29 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/12/2022 07:16:09 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/12/2022 04:34:33 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/11/2022 07:33:10 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/10/2022 08:20:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na \\?\Volume{86f7630e-a78c-a36c-07eb-af9dd0d1d3b9}\, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/10/2022 08:19:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na EVA Unit 00 (A:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (01/16/2022 05:53:36 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/16/2022 05:53:35 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/15/2022 09:51:31 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/11/2022 09:30:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KHJPJE4)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/11/2022 09:30:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KHJPJE4)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/11/2022 09:30:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KHJPJE4)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/11/2022 09:30:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KHJPJE4)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/11/2022 09:30:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KHJPJE4)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2022-01-16 05:54:33
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Injectgen.MA!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume3\Users\lordy\AppData\Roaming\gamelauncher.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: DESKTOP-KHJPJE4\lordy
Název procesu: C:\Users\lordy\AppData\Roaming\gamelauncher.exe
Verze bezpečnostních informací: AV: 1.355.1970.0, AS: 1.355.1970.0, NIS: 1.355.1970.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-15 16:22:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {27AD71A9-5EB0-4AF7-AD96-7AE62C026E16}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-01-15 01:39:47
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Injectgen.MA!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume3\Users\lordy\AppData\Roaming\gamelauncher.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: DESKTOP-KHJPJE4\lordy
Název procesu: C:\Users\lordy\AppData\Roaming\gamelauncher.exe
Verze bezpečnostních informací: AV: 1.355.1916.0, AS: 1.355.1916.0, NIS: 1.355.1916.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-14 20:43:56
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Injectgen.MA!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume3\Users\lordy\AppData\Roaming\gamelauncher.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: DESKTOP-KHJPJE4\lordy
Název procesu: C:\Users\lordy\AppData\Roaming\gamelauncher.exe
Verze bezpečnostních informací: AV: 1.355.1916.0, AS: 1.355.1916.0, NIS: 1.355.1916.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-14 18:35:05
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/AgentTesla.CHH!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: process:_pid:20908,ProcessStart:132866552683043119
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Users\lordy\AppData\Roaming\gamelauncher.exe
Verze bezpečnostních informací: AV: 1.355.1916.0, AS: 1.355.1916.0, NIS: 1.355.1916.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

CodeIntegrity:
===============
Date: 2021-07-06 06:50:27
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-04-02 06:44:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\lordy\AppData\Local\Discord\app-0.0.309\Discord.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.168.0.12\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-03-31 07:09:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\lordy\AppData\Local\Discord\app-0.0.309\Discord.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.166.1.16\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. A.40 10/29/2020
Motherboard: Micro-Star International Co., Ltd. MAG B550 TOMAHAWK (MS-7C91)
Processor: AMD Ryzen 5 5600X 6-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 16310.23 MB
Available physical RAM: 11122.11 MB
Total Virtual: 23734.23 MB
Available Virtual: 15206.38 MB

==================== Drives ================================

Drive a: (EVA Unit 00) (Fixed) (Total:931.51 GB) (Free:190.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive b: (EVA Unit 03) (Fixed) (Total:931.5 GB) (Free:21.54 GB) exFAT
Drive c: () (Fixed) (Total:930.91 GB) (Free:192.39 GB) NTFS
Drive d: (EVA Unit 04) (Fixed) (Total:232.39 GB) (Free:232.29 GB) NTFS
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (EVA 04) (Fixed) (Total:55.8 GB) (Free:31.22 GB) NTFS

\\?\Volume{35f981e8-3c3d-46c0-92ec-65f6ab6ee1b7}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{41c9f610-682a-706e-78d0-40a5455db384}\ () (Fixed) (Total:8.49 GB) (Free:0 GB) NTFS
\\?\Volume{2df9d6b7-381e-51c8-cb95-057037985ef4}\ () (Fixed) (Total:101.92 GB) (Free:0 GB) NTFS
\\?\Volume{86f7630e-a78c-a36c-07eb-af9dd0d1d3b9}\ () (Fixed) (Total:1.67 GB) (Free:0 GB) NTFS
\\?\Volume{d198ad69-0000-0000-0000-d0183a000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{9cc8667f-83fb-46f5-ad59-63acc6fa1612}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 72AE72AE)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D5B3DBA5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: C15DA7B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: D198AD69)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=509 MB) - (Type=27)

==========================================================
Disk: 4 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 5.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 6.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 7.

==================== End of Addition.txt =======================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Yagami]

Udělal jsem vše podle návodu, ale restart pc neproběhl.

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-16-2022
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1406 octets] - [16/01/2022 11:42:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Restart nebyl třeba, ADW nic nenalezl. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [Bethesda.net] => [X]
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\MountPoints2: H - "H:\setup.exe"
Task: {38EF9E6A-F050-4F4A-86A6-5C168075949E} - System32\Tasks\Opera scheduled Autoupdate 1608412984 => C:\Users\lordy\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {5ACC2A04-9F0D-4316-85D7-D90D0017DD18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-13] (Google LLC -> Google LLC)
Task: {D2FC805A-0D73-4657-9274-09890CA01B79} - System32\Tasks\gamelauncher => c:\users\lordy\appdata\roaming\gamelauncher.exe [705041530 2021-08-08] () [File not signed] <==== ATTENTION
Task: {F85C16BB-36BB-4CF6-974F-1D67D675B42A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-13] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [TCP Query User{BAEE0544-C9BE-4E37-AE35-718F5F587AF0}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{034806AA-86B9-4314-ACEE-EC723F0BE3E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{ECC00810-54BA-48FD-861B-203E14CCDDF0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{633C6409-4CDD-4443-A048-99FDE5EC34F0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C1DE1ED1-07F7-46BF-A536-1F4DBEB9AB85}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{C1DE1ED1-07F7-46BF-A536-1F4DBEB9AB85}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{1454B4B7-279E-48A0-9D2F-1EC1AA51B58D}] => (Allow) C:\Users\lordy\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{8483D252-3B99-453E-B9DC-CE5C4A015200}] => (Allow) C:\Users\lordy\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{9EA3A2A9-D534-498D-A9A7-73B2681F50BE}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{0A464E86-FE31-4A1F-B588-753DB95D8E49}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe] => (Block) C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe => No File
FirewallRules: [UDP Query User{46724EA9-2430-49A7-A10B-DCAB9EE7D737}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe] => (Block) C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe => No File
FirewallRules: [TCP Query User{1BF6E9FE-1086-412E-863B-03E4E3731D7A}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Block) C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File
FirewallRules: [UDP Query User{03CA1AAE-A02B-456E-8C3E-654F70B47E55}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Block) C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File
FirewallRules: [{64CA9940-532D-4C47-AEA6-1765354E6A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{0A357E06-FAEA-47F0-8B27-C4062242D185}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [TCP Query User{50355074-80D4-40CA-A43A-88E3CDC034FD}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{E7D607AA-36D3-4679-BA8E-B243A423B590}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{228F2FFE-362A-4086-AA3B-0A7D80D33E29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{BD6B2CD1-DB11-4FDC-A6AB-A4FE7881297D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{0510D51D-4AC8-4B21-BA06-DABAC8A1F068}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{379500F2-335F-4E6A-AB10-B078B1A66B93}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{A486D119-CB66-4FDB-9F37-3F30022B9DA8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [{171815E2-87F6-484E-9573-111231C07B58}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [TCP Query User{89B8133A-8C79-4AFC-A6DA-14881190EB5F}A:\1hry\diablo iii\x64\diablo iii64.exe] => (Allow) A:\1hry\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{5FDD8A64-7B57-4444-A314-53F698791573}A:\1hry\diablo iii\x64\diablo iii64.exe] => (Allow) A:\1hry\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [{3E450BFE-200D-4A17-AFC6-641EBDCD078E}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{268410F4-B0C2-4C58-B7C8-3BAF9C389F58}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{B44219D1-2A6C-4BE3-87F5-9CAE4A9ECD9A}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{A45C7B4B-A0A7-4256-9E87-ED75C478ECCA}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Yagami]

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by lordy (16-01-2022 12:24:13) Run:1
Running from C:\Users\lordy\Desktop
Loaded Profiles: lordy
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\Run: [Bethesda.net] => [X]
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\...\MountPoints2: H - "H:\setup.exe"
Task: {38EF9E6A-F050-4F4A-86A6-5C168075949E} - System32\Tasks\Opera scheduled Autoupdate 1608412984 => C:\Users\lordy\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {5ACC2A04-9F0D-4316-85D7-D90D0017DD18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-13] (Google LLC -> Google LLC)
Task: {D2FC805A-0D73-4657-9274-09890CA01B79} - System32\Tasks\gamelauncher => c:\users\lordy\appdata\roaming\gamelauncher.exe [705041530 2021-08-08] () [File not signed] <==== ATTENTION
Task: {F85C16BB-36BB-4CF6-974F-1D67D675B42A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-13] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [TCP Query User{BAEE0544-C9BE-4E37-AE35-718F5F587AF0}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{034806AA-86B9-4314-ACEE-EC723F0BE3E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{ECC00810-54BA-48FD-861B-203E14CCDDF0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{633C6409-4CDD-4443-A048-99FDE5EC34F0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C1DE1ED1-07F7-46BF-A536-1F4DBEB9AB85}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{C1DE1ED1-07F7-46BF-A536-1F4DBEB9AB85}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{1454B4B7-279E-48A0-9D2F-1EC1AA51B58D}] => (Allow) C:\Users\lordy\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{8483D252-3B99-453E-B9DC-CE5C4A015200}] => (Allow) C:\Users\lordy\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{9EA3A2A9-D534-498D-A9A7-73B2681F50BE}] => (Allow) C:\Users\lordy\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{0A464E86-FE31-4A1F-B588-753DB95D8E49}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe] => (Block) C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe => No File
FirewallRules: [UDP Query User{46724EA9-2430-49A7-A10B-DCAB9EE7D737}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe] => (Block) C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe => No File
FirewallRules: [TCP Query User{1BF6E9FE-1086-412E-863B-03E4E3731D7A}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Block) C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File
FirewallRules: [UDP Query User{03CA1AAE-A02B-456E-8C3E-654F70B47E55}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Block) C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File
FirewallRules: [{64CA9940-532D-4C47-AEA6-1765354E6A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{0A357E06-FAEA-47F0-8B27-C4062242D185}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [TCP Query User{50355074-80D4-40CA-A43A-88E3CDC034FD}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{E7D607AA-36D3-4679-BA8E-B243A423B590}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{228F2FFE-362A-4086-AA3B-0A7D80D33E29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{BD6B2CD1-DB11-4FDC-A6AB-A4FE7881297D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{0510D51D-4AC8-4B21-BA06-DABAC8A1F068}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{379500F2-335F-4E6A-AB10-B078B1A66B93}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{A486D119-CB66-4FDB-9F37-3F30022B9DA8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [{171815E2-87F6-484E-9573-111231C07B58}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe => No File
FirewallRules: [TCP Query User{89B8133A-8C79-4AFC-A6DA-14881190EB5F}A:\1hry\diablo iii\x64\diablo iii64.exe] => (Allow) A:\1hry\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{5FDD8A64-7B57-4444-A314-53F698791573}A:\1hry\diablo iii\x64\diablo iii64.exe] => (Allow) A:\1hry\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [{3E450BFE-200D-4A17-AFC6-641EBDCD078E}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{268410F4-B0C2-4C58-B7C8-3BAF9C389F58}] => (Allow) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{B44219D1-2A6C-4BE3-87F5-9CAE4A9ECD9A}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File
FirewallRules: [{A45C7B4B-A0A7-4256-9E87-ED75C478ECCA}] => (Block) C:\Program Files (x86)\Overwolf\0.187.1.13\OverwolfBrowser.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully
"HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Bethesda.net" => removed successfully
HKU\S-1-5-21-4204990932-2529432821-1250508675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{38EF9E6A-F050-4F4A-86A6-5C168075949E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38EF9E6A-F050-4F4A-86A6-5C168075949E}" => removed successfully
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1608412984 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1608412984" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5ACC2A04-9F0D-4316-85D7-D90D0017DD18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ACC2A04-9F0D-4316-85D7-D90D0017DD18}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2FC805A-0D73-4657-9274-09890CA01B79}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2FC805A-0D73-4657-9274-09890CA01B79}" => removed successfully
C:\Windows\System32\Tasks\gamelauncher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gamelauncher" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F85C16BB-36BB-4CF6-974F-1D67D675B42A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F85C16BB-36BB-4CF6-974F-1D67D675B42A}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BAEE0544-C9BE-4E37-AE35-718F5F587AF0}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{034806AA-86B9-4314-ACEE-EC723F0BE3E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECC00810-54BA-48FD-861B-203E14CCDDF0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{633C6409-4CDD-4443-A048-99FDE5EC34F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1DE1ED1-07F7-46BF-A536-1F4DBEB9AB85}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C1DE1ED1-07F7-46BF-A536-1F4DBEB9AB85}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1454B4B7-279E-48A0-9D2F-1EC1AA51B58D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8483D252-3B99-453E-B9DC-CE5C4A015200}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9EA3A2A9-D534-498D-A9A7-73B2681F50BE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0A464E86-FE31-4A1F-B588-753DB95D8E49}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{46724EA9-2430-49A7-A10B-DCAB9EE7D737}C:\users\lordy\downloads\dyson sphere program v0 6 15 5618\dyson.sphere.program.v0.6.15.5618\dspgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1BF6E9FE-1086-412E-863B-03E4E3731D7A}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{03CA1AAE-A02B-456E-8C3E-654F70B47E55}C:\users\lordy\downloads\subverse early access\subverse.early.access\subverse\subverse\binaries\win64\subverse-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64CA9940-532D-4C47-AEA6-1765354E6A4A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A357E06-FAEA-47F0-8B27-C4062242D185}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50355074-80D4-40CA-A43A-88E3CDC034FD}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E7D607AA-36D3-4679-BA8E-B243A423B590}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{228F2FFE-362A-4086-AA3B-0A7D80D33E29}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD6B2CD1-DB11-4FDC-A6AB-A4FE7881297D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0510D51D-4AC8-4B21-BA06-DABAC8A1F068}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{379500F2-335F-4E6A-AB10-B078B1A66B93}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A486D119-CB66-4FDB-9F37-3F30022B9DA8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{171815E2-87F6-484E-9573-111231C07B58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{89B8133A-8C79-4AFC-A6DA-14881190EB5F}A:\1hry\diablo iii\x64\diablo iii64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5FDD8A64-7B57-4444-A314-53F698791573}A:\1hry\diablo iii\x64\diablo iii64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E450BFE-200D-4A17-AFC6-641EBDCD078E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{268410F4-B0C2-4C58-B7C8-3BAF9C389F58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B44219D1-2A6C-4BE3-87F5-9CAE4A9ECD9A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A45C7B4B-A0A7-4256-9E87-ED75C478ECCA}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 402343615 B
Java, Flash, Steam htmlcache => 348653904 B
Windows/system/drivers => 8238440 B
Edge => 0 B
Chrome => 1458632615 B
Firefox => 89244823 B
Opera => 16550040 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16694 B
NetworkService => 6833194 B
lordy => 818416553 B
OVRLibraryService => 818416553 B

RecycleBin => 23189425250 B
EmptyTemp: => 25.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:25:33 ====

[Rudy]

OK, smazáno. Log by již měl být v pořádku.