prosím o kontrolu pc mého bratra, určitě tam má nějakou havěť. Nefunguje Windows Update. Píše to: Něco se nepovedlo. Zkuste nastavení otevřít později.
RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by Romca at 2022-03-13 11:27:36
Microsoft Windows 10 Home
System drive C: has 68 GB (14%) free of 476 GB
Total RAM: 16333 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:41, on 13.03.2022
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)
Boot mode: Normal
Running processes:
C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe
C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe
C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe
C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe
C:\Program Files\trend micro\Romca.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repack.com # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
O1 - Hosts: 109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repack.net # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlpack.site # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [LBRY] "C:\Program Files\LBRY\LBRY.exe" --hidden
O4 - HKCU\..\Run: [Discord] C:\Users\Romca\AppData\Local\Discord\Update.exe --processStart Discord.exe
O4 - HKCU\..\Run: [com.squirrel.Teams.Teams] C:\Users\Romca\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_667A1771E15342F193ADBB4E1F61E8A5] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Romca\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [GameCenter] "C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe" -autostart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{91591658-0b45-4f2e-8e2d-d66abe83bc5c}: NameServer = 1.1.1.1,1.0.0.1
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Avast Software\Avast\aswidsagent.exe
O23 - Service: Služba Avast Browser Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Avast Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
O23 - Service: Služba Avast Browser Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) (AvastSecureBrowserElevationService) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Application\98.0.14335.103\elevation_service.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\Avast Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_39cf5 - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\99.0.4844.51\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Realtek Semiconductor - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d496569dc57f6c24\RtkAudUService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: StopUpdates10 Guard (SU10Guard) - Greatis Software, LLC - C:\Windows\USPDSATE\SU10Guard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13815 bytes
======Listing Processes======
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
C:\Windows\system32\svchost.exe -k RPCSS -p
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
winlogon.exe
"fontdrvhost.exe"
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s hidserv
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
C:\Windows\system32\svchost.exe -k LocalService -p
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
"C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\NVDisplay.Container.exe" -f %ProgramData%\NVIDIA\DisplaySessionContainer%d.log -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\plugins\Session -r -l 3 -p 30000 -cfg NVDisplay.ContainerLocalSystem\Session -c
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
"C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\Windows\System32\svchost.exe -k utcsvc -p
C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\Windows\USPDSATE\SU10Guard.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
"C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
"C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d496569dc57f6c24\RtkAudUService64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Origin\OriginWebHelperService.exe"
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
dashost.exe {5b9e1260-97ee-4d3e-92ba178794cbdb4c}
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\Windows\System32\svchost.exe -k netsvcs
"C:\Program Files\Avast Software\Avast\aswEngSrv.exe" /pipename="BB12AB1C-99CB-7554-BA4C-11ACFD82B043" /binpath="C:\Program Files\Avast Software\Avast" /logpath="C:\ProgramData\Avast Software\Avast\log"
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
dashost.exe {dd96234f-dd1a-4a14-98e3222128ba729c}
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
"ctfmon.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20111.125.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
C:\Windows\system32\SettingSyncHost.exe -Embedding
"C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\SecurityHealthSystray.exe"
"C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d496569dc57f6c24\RtkAudUService64.exe" -background
AvastUI.exe /nogui
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe" -autostart
"C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe" --type=gpu-process --field-trial-handle=1984,15937016997532173459,14032909880601643035,131072 --disable-features=AsyncWheelEvents,MediaFoundationVideoCapture,MediaRouter,TouchpadAndWheelScrollLatching,WebRtcHideLocalIpsWithMdns --no-sandbox --locales-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --log-severity=error --product-version="Chrome/80.0.3987.132 Downloader/16630 MyComGameCenter/1663" --resources-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --lang=en --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --mojo-platform-channel-handle=2000 /prefetch:2
"C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe" --type=utility --field-trial-handle=1984,15937016997532173459,14032909880601643035,131072 --disable-features=AsyncWheelEvents,MediaFoundationVideoCapture,MediaRouter,TouchpadAndWheelScrollLatching,WebRtcHideLocalIpsWithMdns --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --log-severity=error --product-version="Chrome/80.0.3987.132 Downloader/16630 MyComGameCenter/1663" --resources-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --lang=en --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --mojo-platform-channel-handle=2388 /prefetch:8
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=6832,15672281546824831539,13957247251775743305,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\Romca\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (0.0.0)" --lang=cs-CZ --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=SAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\Romca\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=8052 /prefetch:2
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=6832,15672281546824831539,13957247251775743305,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --lang=cs --service-sandbox-type=utility --no-sandbox --force-wave-audio --log-file="C:\Users\Romca\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (0.0.0)" --lang=cs-CZ --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Romca\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=4320 /prefetch:8
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=6832,15672281546824831539,13957247251775743305,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,SameSiteDefaultChecksMethodRigorously --lang=cs --service-sandbox-type=none --no-sandbox --force-wave-audio --log-file="C:\Users\Romca\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (0.0.0)" --lang=cs-CZ --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Romca\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=6888 /prefetch:8
"C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --override-plugin-power-saver-for-testing=never --field-trial-handle=1984,15937016997532173459,14032909880601643035,131072 --disable-features=AsyncWheelEvents,MediaFoundationVideoCapture,MediaRouter,TouchpadAndWheelScrollLatching,WebRtcHideLocalIpsWithMdns --disable-gpu-compositing --disable-blink-features=RootLayerScrolling --lang=en-US --locales-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --log-severity=error --product-version="Chrome/80.0.3987.132 Downloader/16630 MyComGameCenter/1663" --resources-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3308 /prefetch:1
"C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe" --type=renderer --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --override-plugin-power-saver-for-testing=never --field-trial-handle=1984,15937016997532173459,14032909880601643035,131072 --disable-features=AsyncWheelEvents,MediaFoundationVideoCapture,MediaRouter,TouchpadAndWheelScrollLatching,WebRtcHideLocalIpsWithMdns --disable-gpu-compositing --disable-blink-features=RootLayerScrolling --lang=en-US --locales-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --log-file="C:\Users\Romca\AppData\Local\GameCenter\Chrome.log" --log-severity=error --product-version="Chrome/80.0.3987.132 Downloader/16630 MyComGameCenter/1663" --resources-dir-path="C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2864 /prefetch:1
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\svchost.exe -k netsvcs -p
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2010.0.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20112.10111.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2009.30067.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Romca\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Romca\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Romca\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=99.0.4844.51 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffec388c400,0x7ffec388c410,0x7ffec388c420
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:2
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=cs --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=cs --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=446964044 --mojo-platform-channel-handle=3824 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --launch-time-ticks=446980175 --mojo-platform-channel-handle=4008 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --launch-time-ticks=451459488 --mojo-platform-channel-handle=5684 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --launch-time-ticks=611066639 --mojo-platform-channel-handle=2832 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=cs --service-sandbox-type=audio --mojo-platform-channel-handle=5240 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --launch-time-ticks=674165431 --mojo-platform-channel-handle=5736 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --launch-time-ticks=696805981 --mojo-platform-channel-handle=7556 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
C:\Windows\system32\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --launch-time-ticks=1057604292 --mojo-platform-channel-handle=7752 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --launch-time-ticks=1424413960 --mojo-platform-channel-handle=5156 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=cs --service-sandbox-type=service --mojo-platform-channel-handle=8484 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --launch-time-ticks=1450223033 --mojo-platform-channel-handle=8112 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --launch-time-ticks=1566022528 --mojo-platform-channel-handle=8924 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --launch-time-ticks=1569717699 --mojo-platform-channel-handle=6096 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --launch-time-ticks=1570614937 --mojo-platform-channel-handle=8296 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --launch-time-ticks=1604254908 --mojo-platform-channel-handle=9288 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
"C:\Windows\system32\SearchFilterHost.exe" 0 836 840 848 8192 844 820
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --origin-trial-disabled-features=ConditionalFocus --lang=cs --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --launch-time-ticks=1620398802 --mojo-platform-channel-handle=5768 --field-trial-handle=1812,i,2345754579370729263,5611901004217108393,131072 /prefetch:1
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\system32\AUDIODG.EXE 0x61c
"C:\Users\Romca\Downloads\RSITx64.exe"
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Romca\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Romca\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=99.0.4844.51 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=99.0.1150.39 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb734c830,0x7ffeb734c840,0x7ffeb734c850
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 --field-trial-handle=2180,i,2779147125508333415,10763022743892406982,131072 /prefetch:2
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=cs --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2180,i,2779147125508333415,10763022743892406982,131072 /prefetch:3
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=cs --service-sandbox-type=utility --mojo-platform-channel-handle=2892 --field-trial-handle=2180,i,2779147125508333415,10763022743892406982,131072 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=cs --service-sandbox-type=collections --mojo-platform-channel-handle=3708 --field-trial-handle=2180,i,2779147125508333415,10763022743892406982,131072 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=cs --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=2180,i,2779147125508333415,10763022743892406982,131072 /prefetch:8
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\system32\wbem\wmiprvse.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\BHO\ie_to_edge_bho_64.dll [2022-03-10 531384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-03-06 210272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\BHO\ie_to_edge_bho.dll [2022-03-10 432032]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-06 167248]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Windows\system32\SecurityHealthSystray.exe [2019-12-07 86016]
"RtkAudUService"=C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d496569dc57f6c24\RtkAudUService64.exe [2020-10-19 1182448]
"AvastUI.exe"=C:\Program Files\Avast Software\Avast\AvLaunch.exe [2022-02-14 157464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LBRY"=C:\Program Files\LBRY\LBRY.exe [2022-02-26 140886344]
"Discord"=C:\Users\Romca\AppData\Local\Discord\Update.exe [2020-12-03 1512760]
"com.squirrel.Teams.Teams"=C:\Users\Romca\AppData\Local\Microsoft\Teams\Update.exe [2021-03-03 2453720]
"Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [2021-05-30 8520168]
"MicrosoftEdgeAutoLaunch_667A1771E15342F193ADBB4E1F61E8A5"=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [2022-03-10 3518904]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2022-02-14 35646080]
"Opera Browser Assistant"=C:\Users\Romca\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2021-10-14 4105424]
"GameCenter"=C:\Users\Romca\AppData\Local\GameCenter\GameCenter.exe [2022-03-10 11394256]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2017-09-12 2133728]
C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Poslat do aplikace OneNote.lnk - C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aswSP.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSecurityTab"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dismHost.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EOSNOTIFY.EXE]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\InstallAgent.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MusNotification.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MUSNOTIFICATIONUX.EXE]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\remsh.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SIHClient.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdateAssistant.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UPFC.EXE]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UsoClient.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WaaSMedic.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WaasMedicAgent.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows10Upgrade.exe]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINDOWS10UPGRADERAPP.EXE]
"Debugger="*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave3"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"aux1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"aux2"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave4"=wdmaud.drv
"aux3"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave5"=wdmaud.drv
======File associations======
.inf - install -
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2022-03-13 11:27:36 ----D---- C:\rsit
2022-03-13 11:27:36 ----D---- C:\Program Files\trend micro
2022-03-13 11:11:19 ----D---- C:\Program Files (x86)\WindowsInstallationAssistant
2022-03-13 01:49:21 ----D---- C:\Program Files\LBRY
2022-02-26 21:12:13 ----D---- C:\Program Files (x86)\Europa Universalis IV Origins
2022-02-14 18:45:43 ----A---- C:\Windows\system32\drivers\aswStm.sys
2022-02-14 18:45:43 ----A---- C:\Windows\system32\aswBoot.exe
======List of files/folders modified in the last 1 month======
2022-03-13 11:27:36 ----RD---- C:\Program Files
2022-03-13 11:22:20 ----D---- C:\Windows\Temp
2022-03-13 11:22:04 ----D---- C:\Windows\system32\config
2022-03-13 11:21:56 ----D---- C:\Windows\SoftwareDistribution
2022-03-13 11:21:56 ----D---- C:\Windows
2022-03-13 11:17:56 ----D---- C:\Program Files (x86)\Google
2022-03-13 11:16:53 ----D---- C:\Windows\INF
2022-03-13 11:16:51 ----D---- C:\Windows\Prefetch
2022-03-13 11:16:47 ----D---- C:\Program Files\CCleaner
2022-03-13 11:11:19 ----RD---- C:\Program Files (x86)
2022-03-13 11:07:00 ----D---- C:\Windows\System32
2022-03-13 11:07:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2022-03-13 11:02:05 ----D---- C:\ProgramData\NVIDIA
2022-03-13 11:00:52 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2022-03-13 11:00:04 ----D---- C:\Windows\USPDSATE
2022-03-13 11:00:04 ----D---- C:\ProgramData\Avast Software
2022-03-13 11:00:00 ----ASH---- C:\DumpStack.log.tmp
2022-03-13 10:59:58 ----D---- C:\Windows\Logs
2022-03-13 10:54:07 ----D---- C:\Windows\system32\sru
2022-03-13 10:44:43 ----D---- C:\Users\Romca\AppData\Roaming\discord
2022-03-13 02:35:05 ----D---- C:\Windows\system32\SleepStudy
2022-03-13 01:49:37 ----SHD---- C:\System Volume Information
2022-03-13 01:49:16 ----D---- C:\Users\Romca\AppData\Roaming\lbry
2022-03-13 01:45:04 ----D---- C:\Users\Romca\AppData\Roaming\uTorrent
2022-03-13 01:45:04 ----D---- C:\Program Files (x86)\Steam
2022-03-13 01:44:58 ----D---- C:\Windows\Minidump
2022-03-13 01:44:58 ----D---- C:\Windows\LiveKernelReports
2022-03-13 01:39:06 ----D---- C:\Users\Romca\AppData\Roaming\vlc
2022-03-13 01:18:36 ----SHD---- C:\Windows\Installer
2022-03-13 01:18:34 ----D---- C:\Windows\system32\catroot2
2022-03-12 22:08:12 ----RD---- C:\Windows\Microsoft.NET
2022-03-12 16:11:41 ----D---- C:\Program Files\Microsoft Office
2022-03-12 16:06:58 ----HD---- C:\Program Files\WindowsApps
2022-03-12 16:06:58 ----D---- C:\Windows\AppReadiness
2022-03-11 21:50:25 ----D---- C:\Windows\system32\Tasks
2022-03-07 18:40:16 ----D---- C:\Windows\SysWOW64
2022-03-03 21:19:19 ----D---- C:\Windows\system32\drivers
2022-02-18 22:05:37 ----D---- C:\Users\Romca\AppData\Roaming\Telegram Desktop
2022-02-14 18:45:43 ----HD---- C:\Windows\ELAMBKUP
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdpsp;@oem3.inf,%amdpsp.SVCDESC%;AMD PSP Service; C:\Windows\System32\drivers\amdpsp.sys [2020-03-24 135184]
R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2022-02-14 35720]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2022-02-14 251928]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2022-02-14 99352]
R0 aswElam;aswElam; C:\Windows\system32\drivers\aswElam.sys [2021-09-27 21936]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2022-02-14 82912]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2022-02-16 317696]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys [2019-12-07 57360]
R1 afunix;afunix; C:\Windows\system32\drivers\afunix.sys [2020-11-02 41984]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2022-02-14 226328]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2022-02-16 368664]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2022-02-14 41352]
R1 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2022-02-14 267904]
R1 aswNetHub;aswNetHub; C:\Windows\system32\drivers\aswNetHub.sys [2022-02-14 545784]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2022-02-14 108888]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2022-02-14 854272]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2022-03-03 550376]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys [2019-12-07 78136]
R1 CimFS;CimFS; C:\Windows\system32\drivers\CimFS.sys [2019-12-07 91136]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2019-12-07 59392]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2019-12-07 8704]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2022-02-14 215920]
R2 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\Windows\system32\drivers\bindflt.sys [2020-12-11 149320]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys [2020-12-11 491520]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2020-11-02 53248]
R3 amdgpio2;@oem0.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\Windows\System32\drivers\amdgpio2.sys [2020-03-16 46344]
R3 amdgpio3;@oem4.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\Windows\System32\drivers\amdgpio3.sys [2020-03-08 24520]
R3 AMDPCIDev;@oem1.inf,%AMDPCIDev.SVCDESC%;AMD PCI; C:\Windows\System32\drivers\AMDPCIDev.sys [2020-04-14 34568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2020-10-19 6166104]
R3 MsQuic;@%SystemRoot%\system32\drivers\msquic.sys,-1; C:\Windows\system32\drivers\msquic.sys [2020-11-02 322376]
R3 NVHDA;@oem8.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2020-10-01 222112]
R3 nvlddmkm;nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\nvlddmkm.sys [2020-10-02 32479640]
R3 NvModuleTracker;@oem10.inf,%ServiceName%;NvModuleTracker; C:\Windows\System32\drivers\NvModuleTracker.sys [2020-10-01 50592]
R3 nvvad_WaveExtensible;@oem6.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2020-10-01 69840]
R3 nvvhci;@oem11.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\Windows\System32\drivers\nvvhci.sys [2020-10-01 67456]
R3 rt640x64;@oem17.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\Windows\System32\drivers\rt640x64.sys [2020-10-19 1146464]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys [2019-12-07 43832]
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2019-12-07 319800]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\Windows\System32\drivers\iaStorAVC.sys [2019-12-07 884752]
S0 ItSas35i;ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [2019-12-07 172344]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2019-12-07 124216]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2019-12-07 135992]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2019-12-07 81720]
S0 megasas35i;megasas35i; C:\Windows\System32\drivers\megasas35i.sys [2019-12-07 105480]
S0 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\Windows\System32\drivers\nvdimm.sys [2019-12-07 168464]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2019-12-07 58680]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2019-12-07 68408]
S0 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys [2019-12-07 138040]
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys [2019-12-07 42296]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2019-12-07 158736]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2019-12-07 23040]
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\Windows\system32\drivers\Acx01000.sys [2019-12-07 415232]
S3 amdi2c;@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\Windows\System32\drivers\amdi2c.sys [2019-12-07 45568]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2020-11-02 18432]
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\Windows\System32\drivers\BthA2dp.sys [2019-12-07 279040]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2020-12-11 113664]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2020-11-02 106496]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\Windows\System32\drivers\BTHMINI.sys [2020-12-11 45568]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\drivers\BTHport.sys [2020-12-11 1554944]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\drivers\BTHUSB.sys [2020-12-11 110592]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2019-12-07 44032]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys [2019-12-07 66576]
S3 cpuz149;cpuz149; \??\C:\Users\Romca\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [2022-03-13 44320]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys [2019-12-07 23040]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2019-12-07 55824]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\Windows\System32\drivers\hidspi.sys [2019-12-07 66560]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2020-12-11 95048]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys [2019-12-07 30208]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2019-12-07 1853752]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2019-12-07 36352]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2019-12-07 91136]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2019-12-07 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2019-12-07 93184]
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2019-12-07 112128]
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2019-12-07 96256]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2019-12-07 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2019-12-07 175104]
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [2019-12-07 177152]
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [2019-12-07 177664]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2019-12-07 558904]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2020-11-02 47104]
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel(R) Dynamic Device Peak Power Manager Driver; C:\Windows\System32\drivers\intelpmax.sys [2019-12-07 30720]
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys [2019-12-07 59704]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys [2019-12-07 537608]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys [2019-12-07 64016]
S3 MbbCx;MBB Network Adapter Class Extension; C:\Windows\system32\drivers\MbbCx.sys [2020-11-02 386048]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2019-12-07 65024]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2019-12-07 1131320]
S3 MpKsle57c353e;MpKsle57c353e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7CB877C-0AC6-439A-91E0-380B0C9C4FC4}\MpKslDrv.sys []
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2019-12-07 146232]
S3 NDKPing;NDKPing Driver; C:\Windows\system32\drivers\NDKPing.sys [2019-12-07 72720]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2020-12-11 213504]
S3 NVSWCFilter;@oem9.inf,%NVSWCFilter.SvcDesc%;NVIDIA SHIELD Wireless Controller Trackpad Service; C:\Windows\System32\drivers\nvswcfilter.sys [2020-10-01 44984]
S3 PktMon;Packet Monitor Driver; C:\Windows\system32\drivers\PktMon.sys [2020-11-11 104760]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys [2019-12-07 17408]
S3 portcfg;portcfg; C:\Windows\System32\drivers\portcfg.sys [2019-12-07 27136]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2019-12-07 990008]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2019-12-07 213504]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\Windows\System32\drivers\rhproxy.sys [2019-12-07 115712]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\Windows\System32\drivers\SDFRd.sys [2019-12-07 35128]
S4 hvcrash;hvcrash; C:\Windows\System32\drivers\hvcrash.sys [2019-12-07 35128]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [2022-02-14 563992]
R2 avast! Tools;Avast Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [2022-02-14 563992]
R2 AvastWscReporter;AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [2021-06-08 56912]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
R2 CDPUserSvc_39cf5;CDPUserSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2022-03-06 11649952]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2020-11-02 57360]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2020-11-02 57360]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\Windows\system32\svchost.exe [2020-11-02 57360]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2020-11-02 57360]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2020-11-02 57360]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\NVDisplay.Container.exe [2020-10-02 893848]
R2 OneSyncSvc_39cf5;OneSyncSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
R2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2021-10-19 3476184]
R2 RtkAudioUniversalService;Realtek Audio Universal Service; C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d496569dc57f6c24\RtkAudUService64.exe [2020-10-19 1182448]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [2022-02-16 8482384]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\Windows\system32\svchost.exe [2020-11-02 57360]
R3 cbdhsvc_39cf5;cbdhsvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2020-11-02 57360]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2020-11-02 57360]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2020-11-02 57360]
R3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\Windows\system32\SecurityHealthService.exe [2020-12-11 988064]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S2 avast;Služba Avast Browser Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2021-06-08 194200]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S2 edgeupdate;Služba Microsoft Edge Update (edgeupdate); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-11-14 213920]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2020-11-02 155592]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 AarSvc_39cf5;AarSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 avastm;Služba Avast Browser Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2021-06-08 194200]
S3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService); C:\Program Files (x86)\AVAST Software\Browser\Application\98.0.14335.103\elevation_service.exe [2022-02-15 1893872]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 BcastDVRUserService_39cf5;BcastDVRUserService_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 BluetoothUserService_39cf5;BluetoothUserService_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 CaptureService_39cf5;CaptureService_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 ConsentUxUserSvc_39cf5;ConsentUxUserSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\Windows\system32\CredentialEnrollmentManager.exe [2020-11-02 385240]
S3 CredentialEnrollmentManagerUserSvc_39cf5;CredentialEnrollmentManagerUserSvc_39cf5; C:\Windows\system32\CredentialEnrollmentManager.exe [2020-11-02 385240]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DeviceAssociationBrokerSvc_39cf5;DeviceAssociationBrokerSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DevicePickerUserSvc_39cf5;DevicePickerUserSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DevicesFlowUserSvc_39cf5;DevicesFlowUserSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2020-11-02 94208]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2021-03-29 803440]
S3 edgeupdatem;Služba Microsoft Edge Update (edgeupdatem); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-11-14 213920]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2019-11-08 46184]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 GoogleChromeElevationService;Google Chrome Elevation Service (GoogleChromeElevationService); C:\Program Files\Google\Chrome\Application\99.0.4844.51\elevation_service.exe [2022-02-26 1489240]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2020-11-02 155592]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 MessagingService_39cf5;MessagingService_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 MicrosoftEdgeElevationService;Microsoft Edge Elevation Service (MicrosoftEdgeElevationService); C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\elevation_service.exe [2022-03-10 1511864]
S3 MixedRealityOpenXRSvc;@%SystemRoot%\system32\MixedRealityRuntime.dll,-101; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2020-10-01 874472]
S3 OfficeSvcManagerAddons;OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe [2020-11-02 21312]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2021-10-19 2557656]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [2020-04-20 105984]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 PimIndexMaintenanceSvc_39cf5;PimIndexMaintenanceSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 PrintWorkflowUserSvc_39cf5;PrintWorkflowUserSvc_39cf5; C:\Windows\system32\svchost.exe [2020-11-02 57360]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2020-11-02 57360]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2019-12-07 1263104]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2020-11-02 57360]
-----------------EOF-----------------
FRST
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2022
Ran by Romca (13-03-2022 11:40:26)
Running from C:\Users\Romca\Desktop
Microsoft Windows 10 Home Version 2004 19041.685 (X64) (2020-11-02 12:14:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2260530272-2421601130-3644069325-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2260530272-2421601130-3644069325-503 - Limited - Disabled)
Guest (S-1-5-21-2260530272-2421601130-3644069325-501 - Limited - Disabled)
Romca (S-1-5-21-2260530272-2421601130-3644069325-1001 - Administrator - Enabled) => C:\Users\Romca
WDAGUtilityAccount (S-1-5-21-2260530272-2421601130-3644069325-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\uTorrent) (Version: 3.5.5.46096 - BitTorrent Inc.)
0 A.D. (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\0 A.D.) (Version: r25860-alpha - Wildfire Games)
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Age of Empires II Definitive Edition Dawn of the Dukes (HKLM-x32\...\Age of Empires II Definitive Edition Dawn of the Dukes_is1) (Version: - )
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.07.14.327 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{07585caf-a143-476e-ab31-0e026584239d}) (Version: 2.07.14.327 - Advanced Micro Devices, Inc.) Hidden
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.7.2 - Electronic Arts, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.1.2504 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 98.0.14335.103 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Battle Brothers - Beasts & Exploration (HKLM-x32\...\1262476412_is1) (Version: 1.4.0.49 - GOG.com)
Battle Brothers - Blazing Deserts (HKLM-x32\...\1354029796_is1) (Version: 1.4.0.49 - GOG.com)
Battle Brothers - Support the Developers & Kraken Banner (HKLM-x32\...\1478596696_is1) (Version: 1.4.0.49 - GOG.com)
Battle Brothers - Support the Developers & Nordic Banner (HKLM-x32\...\1439127300_is1) (Version: 1.4.0.49 - GOG.com)
Battle Brothers - Support the Developers & Southern Banner (HKLM-x32\...\1138065447_is1) (Version: 1.4.0.49 - GOG.com)
Battle Brothers - Supporter Edition Upgrade (HKLM-x32\...\1353924604_is1) (Version: 1.4.0.49 - GOG.com)
Battle Brothers - Warriors of the North (HKLM-x32\...\2092450271_is1) (Version: 1.4.0.49 - GOG.com)
Battle Brothers (HKLM-x32\...\1590012242_is1) (Version: 1.4.0.49 - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.90 - Piriform)
Counter-Strike 1.6 v42 (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\Counter-Strike 1.6_is1) (Version: - Valve)
DarthMod Empire (HKLM-x32\...\DarthMod Empire8.0 Platinum) (Version: 8.0 Platinum - )
DarthMod Napoleon (HKLM-x32\...\DarthMod Napoleon) (Version: - )
Democracy 3 (HKLM-x32\...\Democracy 3_is1) (Version: - Positech Games)
Discord (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EE2, EE2X - Unofficial Patch 1.5 (HKLM-x32\...\EE2, EE2X - Unofficial Patch 1.5) (Version: 1.5+ - Dr Mona Lisa)
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: - )
Empire Earth II Gold Edition (HKLM-x32\...\Empire Earth II Gold Edition_is1) (Version: - GOG.com)
Europa Universalis IV Origins (HKLM-x32\...\Europa Universalis IV Origins_is1) (Version: - )
Excel (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
Hearts of Iron IV No Step Back (HKLM-x32\...\Hearts of Iron IV No Step Back_is1) (Version: - )
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.0.2--2 - Inkscape)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
LBRY 0.52.5 (HKLM\...\e406725b-d361-5b1c-81f7-0a4c5ac54cb3) (Version: 0.52.5 - LBRY Inc.)
Medieval Dynasty (HKLM-x32\...\1224667888_is1) (Version: 1.0.0.7 - GOG.com)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.39 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.39 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Movavi Photo Editor 6 (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\Movavi Photo Editor 6) (Version: 6.7.1 - Movavi)
Movavi Video Editor 15 (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\Movavi Video Editor 15) (Version: 15.4.1 - Movavi)
MY.GAMES GameCenter (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\GameCenter) (Version: 4.1654 - MY.COM B.V.)
NVIDIA GeForce Experience 3.20.4.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.15 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 84.0.4316.31 (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\Opera 84.0.4316.31) (Version: 84.0.4316.31 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.106.49298 - Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1555 - Microsoft Corporation)
PowerPoint (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9042.1 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
tastyworks (HKLM\...\{12D66576-5245-3310-9519-6240F79CFA79}) (Version: 1.19.3 - tastyworks, inc.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
Telegram Desktop version 3.5.1 (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.5.1 - Telegram FZ-LLC)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Web Companion (HKLM-x32\...\{d7f870d1-1807-4402-93b3-33f7cb846f31}) (Version: 7.0.2417.4248 - Lavasoft)
WeMod (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\WeMod) (Version: 7.1.23 - WeMod)
WhatsApp (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\WhatsApp) (Version: 2.2104.10 - WhatsApp)
Wondershare Filmora X(Build 10.0.4.6) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Word (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zoom (HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-03] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-11-28] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.19.234.0_x64__dt26b99r8h8gj [2020-11-02] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-11] (Spotify AB) [Startup Task]
TradingView -> C:\Program Files\WindowsApps\TradingView.Desktop_1.0.3.2394_x64__n534cwy3pjxzj [2022-03-02] (TradingView, Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2260530272-2421601130-3644069325-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Romca\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-14] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\nvshext.dll [2020-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-02-14] (Avast Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\0 A.D. alpha\Open logs folder.lnk -> C:\Users\Romca\AppData\Local\0 A.D. alpha\OpenLogsFolder.bat ()
ShortcutWithArgument: C:\Users\Romca\Desktop\Google chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Romca\Desktop\plocha\Osobní - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Romca\Desktop\plocha\Nová složka (3)\nnn - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Romca\Desktop\plocha\Nová složka (3)\Nová složka (5)\Nová složka (7)\Osobní - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Romca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
ShortcutWithArgument: C:\Users\Romca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Romca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\24ec6ed44eebbe42\Profil 5 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\Romca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\11e375aa989b5c43\Profil 4 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 9"
==================== Loaded Modules (Whitelisted) =============
2020-12-14 16:57 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2020-12-14 16:57 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2020-03-07 15:27 - 2020-03-07 15:27 - 101687296 _____ () [File not signed] C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146\libcef.dll
2020-03-07 02:44 - 2020-03-07 02:44 - 000333824 _____ () [File not signed] C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146\swiftshader\libegl.dll
2020-03-07 02:44 - 2020-03-07 02:44 - 003011584 _____ () [File not signed] C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146\swiftshader\libglesv2.dll
2021-12-09 15:05 - 2021-12-09 15:05 - 000144896 _____ () [File not signed] C:\Users\Romca\AppData\Local\GameCenter\zlib1.dll
2021-12-09 15:05 - 2022-02-24 14:35 - 000163840 _____ (Igor Pavlov) [File not signed] C:\Users\Romca\AppData\Local\GameCenter\7zxa.dll
2021-12-09 15:05 - 2021-12-09 15:05 - 000694272 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Users\Romca\AppData\Local\GameCenter\libcurl.dll
2020-03-07 08:03 - 2020-03-07 08:03 - 000822784 _____ (The Chromium Authors) [File not signed] C:\Users\Romca\AppData\Local\GameCenter\Chrome\80.3987.2146\chrome_elf.dll
2020-11-06 22:20 - 2020-11-06 22:20 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-06 22:20 - 2020-11-06 22:20 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-06 22:20 - 2020-11-06 22:20 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-10-20 20:48 - 2020-11-06 22:20 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-10-20 20:48 - 2020-11-06 22:20 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-10-20 20:48 - 2020-11-06 22:20 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-10-20 20:48 - 2020-11-06 22:20 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-10-20 20:48 - 2020-11-06 22:20 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-10-20 20:48 - 2020-11-06 22:20 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-12-14 16:57 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\sharepoint.com -> hxxps://ucnmuni-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2021-02-20 23:24 - 000001904 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Automount"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "LBRY"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2260530272-2421601130-3644069325-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4F6DE172-58C6-4B0E-BF99-9C1649C1951C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8AA5CF24-34C5-4603-A1AC-AB6FEB366D2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FE740CA2-91E6-40B6-8383-6C29590949EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{099A0923-7D29-48A1-B1FA-BEA3257FF978}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{740A998B-46BC-416A-B87B-D32A00D740FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BE5C5D23-B78A-4D45-8520-E8F9E7BB897C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5E7E3F22-8972-44EC-AB0B-309E135EC322}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AF2A2178-01DA-4098-B9B1-90B6E82D5241}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2E484972-B0E1-4782-BDBD-68649E3FE8EB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8844B333-C474-4E94-9CEF-1B4893780E41}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F1AD2B4D-B681-41F9-A13E-48C7446E2974}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30AD4D8E-7AC1-480F-B60F-ABCB86C5B4CF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C103716C-A95C-49A3-99D8-6BBDE5442D84}] => (Allow) C:\Users\Romca\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BC1DD746-0445-4688-A4F5-60B9A8BEB35B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81249BB2-5AAA-4E40-98C8-1F7F5E0C5650}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{15072EE2-5E50-489D-B074-7900F2E7CF00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66DEDE19-F35E-4A9B-89BC-04C659BA852C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DDEC68F9-8D92-4419-94C6-F797CD459361}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10D27A60-E834-4CCC-9385-9BB3F36BC116}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B397C9FA-B053-48AF-8F82-10D8E4EEC64B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AEED3D8D-697A-40AC-9870-BA45A22FCB34}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7275D5EF-5B9B-4B05-8D2C-258092EE287E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D7F9E20A-716F-4DB9-9FE2-2301BD9AD61F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{192D4B69-ABDF-48A5-B1A5-D781818F6D80}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7B019C4F-8882-4A99-9BE6-5C5F304D2901}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{E4DF8DFF-361B-4BF4-8BB8-78D247058F4F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{77AD0602-EC5D-4ABB-87E5-B7D19F1E9DA5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{2CB5DE65-7D61-4A6C-9AA2-EECFEE985B39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{08F6404A-B798-4BCD-B30C-E69D2B896237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [TCP Query User{1DD5E2BC-0127-4195-AD97-8751CF1E7A4E}C:\users\romca\appdata\roaming\telegram desktop\telegram.exe] => (Block) C:\users\romca\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [UDP Query User{803184FA-C12C-4949-92AC-E4FB3F204AA8}C:\users\romca\appdata\roaming\telegram desktop\telegram.exe] => (Block) C:\users\romca\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [TCP Query User{93551C98-62E6-44DD-BA06-4DB0FD02FB79}C:\program files\lbry\resources\static\daemon\lbrynet.exe] => (Allow) C:\program files\lbry\resources\static\daemon\lbrynet.exe (LBRY, Inc -> )
FirewallRules: [UDP Query User{209117E7-35AD-4A65-8E9E-9543212A3700}C:\program files\lbry\resources\static\daemon\lbrynet.exe] => (Allow) C:\program files\lbry\resources\static\daemon\lbrynet.exe (LBRY, Inc -> )
FirewallRules: [TCP Query User{A68172B1-D7B4-4135-916A-10AC9FFFDB40}C:\users\romca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\romca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{84154D51-E4DC-410E-B605-87E4E90F719B}C:\users\romca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\romca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{050C3084-7B99-4F50-824F-A66F4405012B}C:\program files\lbry\resources\static\daemon\lbrynet.exe] => (Allow) C:\program files\lbry\resources\static\daemon\lbrynet.exe (LBRY, Inc -> )
FirewallRules: [UDP Query User{052DC27E-AA20-48BD-8761-86757C375AB0}C:\program files\lbry\resources\static\daemon\lbrynet.exe] => (Allow) C:\program files\lbry\resources\static\daemon\lbrynet.exe (LBRY, Inc -> )
FirewallRules: [TCP Query User{A88DBD99-CB87-43A8-A39B-3DFE6AEE3C02}C:\users\romca\appdata\roaming\utorrent\updates\3.5.5_45966.exe] => (Block) C:\users\romca\appdata\roaming\utorrent\updates\3.5.5_45966.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{E3BD38CD-B3C1-4FAC-8D92-ABE92E379807}C:\users\romca\appdata\roaming\utorrent\updates\3.5.5_45966.exe] => (Block) C:\users\romca\appdata\roaming\utorrent\updates\3.5.5_45966.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F5DB7E54-F344-41E8-B655-52241AA4B032}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{422488CE-24CA-4A30-9BCB-D740643214FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{18BCDF64-A024-4B0E-94BB-C0FE50B7526A}] => (Allow) C:\Users\Romca\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7226DB64-EB8C-40CF-AECE-1AE435B8F686}] => (Allow) C:\Users\Romca\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{ECC24CFB-DA8A-489D-A8D3-2873C90C6A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe () [File not signed]
FirewallRules: [{40E19EC9-74D9-4F17-9CD6-541EF0188DE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe () [File not signed]
FirewallRules: [TCP Query User{6DC43B01-76EB-4E9A-A2A4-BB82CBC1136F}C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\aoe2de_s.exe] => (Allow) C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{3353BFF2-19DA-4F47-9FF6-603F08EC2DC0}C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\aoe2de_s.exe] => (Allow) C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{F7B9A024-85D7-4E86-BA0B-5EC060F41294}C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\battleserver\battleserver.exe] => (Allow) C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [UDP Query User{4AE3EE6B-0C7C-4A64-B3A9-6103D194DF82}C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\battleserver\battleserver.exe] => (Allow) C:\program files (x86)\age of empires ii definitive edition dawn of the dukes\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [{C77E4CC1-B1AE-436E-A80A-44919A2667B2}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4D968A84-86E9-4D6B-AB0F-56EBAD043E3E}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{6D60DC07-A785-4A77-ADDC-C0AC5525B24F}] => (Allow) LPort=13139
FirewallRules: [{DEFE40B5-DB02-4BAC-9F40-2A881F1D5AB5}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\EE2.exe (EE2.eu - Dr. Mona Lisa -> Dr Mona Lisa)
FirewallRules: [{572129A9-BF79-4803-B294-544D9CA22B25}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\EE2X.exe (EE2.eu - Dr. Mona Lisa -> Dr Mona Lisa)
FirewallRules: [{BE8C51ED-F0C8-45A6-9B10-761C2BCAA28B}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\EnabledUP15Units\EE2.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{57BB8879-41BA-47E6-8FF7-25A910360A5F}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\EnabledUP15Units\EE2X.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{604CD2CE-27C2-45FF-B51F-9E0E50910E62}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\DisabledUP15Units\EE2.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{1A24639C-1530-4D8A-AF9B-B2B5CFCC5E70}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\DisabledUP15Units\EE2X.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{886BF99A-11C9-40D0-9AC4-696436BDC973}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\EnabledUP15UnitsDX9\EE2.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{1836E560-462D-40A0-9904-7371DAE2FD46}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\EnabledUP15UnitsDX9\EE2X.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{F2B588B8-1518-48D2-AB53-A72068C279FB}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\DisabledUP15UnitsDX9\EE2.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{A509663C-2948-4B79-B38E-6B9793FADA12}] => (Allow) C:\Program Files (x86)\GOG.com\Empire Earth II\Unofficial Patch Files\DisabledUP15UnitsDX9\EE2X.exe (Dr Mona Lisa) [File not signed]
FirewallRules: [{12A87A18-3C5C-47BB-8603-B3F6C9B7B44D}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1DF5CAC8-9357-434F-953A-9725663B0F92}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{DF9E5684-EAEF-44EE-9359-DB1B12E6F139}C:\counter-strike 1.6\csko.exe] => (Allow) C:\counter-strike 1.6\csko.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{530321DD-EA1A-4817-9CFF-7C6767042BAE}C:\counter-strike 1.6\csko.exe] => (Allow) C:\counter-strike 1.6\csko.exe (Valve) [File not signed]
FirewallRules: [{00373B7A-4960-4AEE-894D-7488D7788023}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment)
FirewallRules: [{B722B2D5-EFB1-43D6-B63F-E32830B365EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment)
FirewallRules: [{65B3BB4C-AE33-4684-804F-9DD9BC5F4987}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4A08C939-7C18-499A-8A9F-71B31EBE65D4}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{59E7CC97-86F7-4A3A-93DB-7D6D39804362}C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta vice city - definitive edition\gameface\binaries\win64\vicecity.exe] => (Allow) C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta vice city - definitive edition\gameface\binaries\win64\vicecity.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [UDP Query User{D2B5606F-0863-465B-9525-79635F151A28}C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta vice city - definitive edition\gameface\binaries\win64\vicecity.exe] => (Allow) C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta vice city - definitive edition\gameface\binaries\win64\vicecity.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [TCP Query User{E87613C5-E801-4E62-A249-BF4D5FCD4DAD}C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta san andreas - definitive edition\gameface\binaries\win64\sanandreas.exe] => (Allow) C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta san andreas - definitive edition\gameface\binaries\win64\sanandreas.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [UDP Query User{575488F9-268C-419B-99DD-AAD4E70D772B}C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta san andreas - definitive edition\gameface\binaries\win64\sanandreas.exe] => (Allow) C:\users\romca\downloads\grand.theft.auto.the.trilogy.the.definitive.edition\grand.theft.auto.the.trilogy.the.definitive.edition\gta san andreas - definitive edition\gameface\binaries\win64\sanandreas.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [TCP Query User{8D17EAD0-E97A-47BE-B9ED-A4200E4C36E4}C:\program files (x86)\hearts of iron iv no step back\hoi4.exe] => (Allow) C:\program files (x86)\hearts of iron iv no step back\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [UDP Query User{2C141F48-372D-443C-A9BB-D8FE1AEAA7FD}C:\program files (x86)\hearts of iron iv no step back\hoi4.exe] => (Allow) C:\program files (x86)\hearts of iron iv no step back\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{314F8600-7D18-4B5F-97F2-303421DC2DA7}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{AF5964BB-B4A1-4F63-BA2E-1597FE233DDA}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{16ABDCC5-8B56-40AE-9EB6-A94FE54A872D}C:\users\romca\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\romca\appdata\local\gamecenter\gamecenter.exe (My.Com B.V. -> )
FirewallRules: [UDP Query User{F9CBB691-B399-49CC-AC06-CCE359ABA452}C:\users\romca\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\romca\appdata\local\gamecenter\gamecenter.exe (My.Com B.V. -> )
FirewallRules: [{A9461D05-0D9A-47FD-B33D-EFD0F471DFC1}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2A844867-A9E3-4F0F-A701-9961B11D255C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C13E5CDB-7D55-43A7-B18C-C85C20A7FC63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GWENT The Witcher Card Game\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{6D367816-F850-42E5-9DD8-78E27520D6E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GWENT The Witcher Card Game\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{E8EF260B-90A3-4F32-A783-4876AA219A69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe (Sparkypants Corporation -> )
FirewallRules: [{C57FF6E2-284C-416D-B6E8-9A27D00F3C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Legends\The Elder Scrolls Legends.exe (Sparkypants Corporation -> )
FirewallRules: [{B582C408-FD78-461B-BF54-1D6187742113}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thronebreaker The Witcher Tales\Thronebreaker.exe () [File not signed]
FirewallRules: [{3A527EA8-8108-48C0-9863-596407E77378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thronebreaker The Witcher Tales\Thronebreaker.exe () [File not signed]
FirewallRules: [{EED44B37-32C0-4399-9DB2-F39F43DCF431}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3DD094F9-2B5F-413A-8D70-862171C4F622}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F23269A5-5BD6-4EA4-9638-8D5403736C0A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2E6B43F3-CD4F-44AE-9F7F-0746AF5ED2D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe (CD Projekt RED) [File not signed]
FirewallRules: [{FD970723-CAAB-4B85-AA9D-CBB955EC76FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the witcher 2\Launcher.exe (CD Projekt RED) [File not signed]
FirewallRules: [TCP Query User{605C0A4A-B22B-45EB-A013-7E22F5BDB6CB}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe () [File not signed]
FirewallRules: [UDP Query User{B10526D2-D60F-4565-8B97-5AD736B84DCB}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe () [File not signed]
FirewallRules: [{D73CF414-5E46-4B74-A6F5-2D4DCCB5CE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{D1598497-B552-41E1-A955-3C555EBBB85B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{302E8C88-91B3-40AA-8EAB-CAB737F21CDC}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{06E5FDD6-339F-4162-AB80-9DDE112C96D7}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{531E010E-38AD-4677-9006-D33804DEAB97}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{46C78D29-62CC-45FE-872A-2BE22FCFE851}] => (Allow) C:\Users\Romca\AppData\Local\Programs\Opera\84.0.4316.21\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DEAD3D32-358B-42D8-8FF5-A785ECC8BCE0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4B91A977-62F2-44D6-83D5-2EFE13D44AAF}] => (Allow) C:\Users\Romca\AppData\Local\Programs\Opera\84.0.4316.31\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{7B20D105-5FCC-4E0C-878B-5BB71BE98400}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
27-02-2022 21:17:43 Naplánovaný kontrolní bod
08-03-2022 17:03:16 Naplánovaný kontrolní bod
13-03-2022 01:18:28 Installed Windows PC Health Check
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/13/2022 11:15:12 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.
Podrobnosti:
Katalog indexu obsahu je poškozený. 0xc0041801 (0xc0041801)
Error: (03/13/2022 11:15:12 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (600)} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.
Podrobnosti:
Neplatné údaje. 0x8007000d (0x8007000d)
Error: (03/13/2022 11:00:15 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-HBQM87T$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sun, 13 Mar 2022 10:00:16 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: cbc4e40b-2b09-411a-bd1f-953f9b50e88c
Metoda: GET(266ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (03/12/2022 11:35:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 3632, identifikátor PID ProfSvc: 1684.
Error: (03/12/2022 04:08:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RuntimeBroker.exe, verze: 10.0.19041.546, časové razítko: 0x9eae4144
Název chybujícího modulu: windows.storage.dll, verze: 10.0.19041.662, časové razítko: 0x7c2d3a80
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001021c9
ID chybujícího procesu: 0x2628
Čas spuštění chybující aplikace: 0x01d836230f03d03c
Cesta k chybující aplikaci: C:\Windows\System32\RuntimeBroker.exe
Cesta k chybujícímu modulu: C:\Windows\system32\windows.storage.dll
ID zprávy: 108f5a1a-6469-4183-8095-15c1e0bec411
Úplný název chybujícího balíčku: Microsoft.OneConnect_5.2011.3081.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: runtimebroker07f4358a809ac99a64a67c1
Error: (03/12/2022 12:27:51 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 3740, identifikátor PID ProfSvc: 1504.
Error: (03/09/2022 08:14:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 3748, identifikátor PID ProfSvc: 1600.
Error: (03/08/2022 05:46:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 3764, identifikátor PID ProfSvc: 1472.
System errors:
=============
Error: (03/13/2022 01:44:55 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-HBQM87T)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (03/13/2022 01:12:41 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume53
Error: (03/12/2022 11:34:59 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x000000d1 (0x000000000000005b, 0x0000000000000002, 0x0000000000000001, 0xfffff80490e78f76). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 02475606-2504-4283-89a6-82a0f5aca0e3
Error: (03/12/2022 11:34:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (23:33:52, 12.03.2022) bylo neočekávané.
Error: (03/12/2022 12:27:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avast! Tools bylo dosaženo časového limitu (30000 ms).
Error: (03/11/2022 10:04:51 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume63
Error: (03/11/2022 10:03:30 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume53
Error: (03/10/2022 09:34:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avast! Tools bylo dosaženo časového limitu (30000 ms).
Windows Defender:
================
Date: 2021-05-28 11:55:59
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tnega!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Romca\Downloads\Java_Edg-1485857821.exe; webfile:_C:\Users\Romca\Downloads\Java_Edg-1485857821.exe|https://q.mx-day.xyz/dl/Java_Edg-148585 ... 3584814716
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-HBQM87T\Romca
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.339.1519.0, AS: 1.339.1519.0, NIS: 1.339.1519.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6
Date: 2021-05-27 22:44:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {914295DE-26E5-48FA-9B06-1CB2571C47F4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-05-26 23:15:22
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {67E3114B-90BC-48B6-850E-9D5DEBEBC5F8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-05-25 16:08:31
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/uTorrent
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\Users\Romca\Downloads\BitTorrent.exe; file:_C:\Users\Romca\Downloads\BitTorrent.exe->(7zSfx)->Carrier.EXE; webfile:_C:\Users\Romca\Downloads\BitTorrent.exe|https://download-new.utorrent.com/uuid/ ... 2909661459
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-HBQM87T\Romca
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.339.1334.0, AS: 1.339.1334.0, NIS: 1.339.1334.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6
Date: 2021-05-25 16:06:34
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: App:Utorrent_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Romca\Downloads\utorrent_2.2.1_build_25302.exe; file:_C:\Users\Romca\Downloads\utweb_installer.exe; webfile:_C:\Users\Romca\Downloads\utorrent_2.2.1_build_25302.exe|https://soubory.instaluj.cz/dwlsym/b927 ... 1942155311; webfile:_C:\Users\Romca\Downloads\utweb_installer.exe|https://download-new.utorrent.com/endpo ... 1520767274
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-HBQM87T\Romca
Název procesu: C:\Program Files\Google\Chrome\Application\chrome.exe
Verze bezpečnostních informací: AV: 1.339.1334.0, AS: 1.339.1334.0, NIS: 1.339.1334.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6
Event[0]:
Date: 2021-05-31 10:21:53
Description:
Modul programu Antivirová ochrana v programu Microsoft Defender byl ukončen v důsledku neočekávané chyby.
Typ chyby: Chyba
Kód výjimky: 0xc0000005
Zdroj: file:C:\Users\Romca\Desktop\Black Desert Online.url
Date: 2021-05-26 10:40:10
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.339.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2021-05-26 10:40:10
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.339.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2021-05-26 10:40:10
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.339.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2021-05-26 10:40:10
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.339.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
CodeIntegrity:
===============
Date: 2022-03-13 11:15:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2022-03-13 11:02:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1.40 09/09/2020
Motherboard: Micro-Star International Co., Ltd. A320M-A PRO M2 (MS-7C52)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 16333.08 MB
Available physical RAM: 11187.19 MB
Total Virtual: 18765.08 MB
Available Virtual: 11589.2 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:464.77 GB) (Free:64.5 GB) NTFS
\\?\Volume{83b42a5e-00e0-4158-a846-8e3a0c539eab}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.43 GB) NTFS
\\?\Volume{3d64c7af-5c53-4474-a68e-6aa032919d30}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0F6F4DC1)
Partition: GPT.
==================== End of Addition.txt =======================