Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Malware

#1 Příspěvek od mikkie »

Dobrý den,

dnes mi od FORPSI volali, že jejich tým zaznamenal "zvláštní" aktivitu a zřejmě je moje PC napadeno Malwarem (nebo něčím). Dokázal by mi někdo poradit, jak mám postupovat? Mám PC hloubkově vyčistit (používám jen Avast, windows 10 ochranu, a nic víc)

Dokázal by mi někdo poradit?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#2 Příspěvek od Rudy »

Zdravím!
Poradit vám zkusíme, pouze nevím, proč dáváte žádost o záseh do sekce Antiviry. Patří do Řešní pronlémů, logy, kam jej přesouvám. Dejte lody FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#3 Příspěvek od mikkie »

Moc se omlouvám, uklikl jsem se v kategorii

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#4 Příspěvek od Rudy »

OK, nic se neděje. Teď bych prosil ty logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#5 Příspěvek od mikkie »

LOG FRST:


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Discord Inc. -> Discord Inc.) C:\Users\micha\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe <2>
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE
(Solid State System) [File not signed] C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe
(SSS) [File not signed] C:\Windows\System32\AudioDeviceService.exe
(Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe
(Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [24253504 2020-11-17] (Urban Cyber Security Inc. -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [XGAMER Audio 7.1] => C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe [10700800 2020-09-09] (Solid State System) [File not signed]
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [23233936 2020-12-02] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365760 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Discord] => C:\Users\micha\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\...\Print\Monitors\EPSON L3050 Series 64MonitorBE: C:\Windows\system32\E_YLMBR4E.DLL [183296 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook.lnk [2021-08-29]
ShortcutTarget: Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-04-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8600B4-B888-4EBB-9AA4-62659EE61B98} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0F36DB52-85FF-40C8-AE92-0412A89A73BF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {0FE0F530-4631-4907-9AA2-E94B1A5F538E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {1E11BE83-AA28-40C1-979D-208B1CB47254} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {33E22DCD-C643-463C-AFCB-E61FFC67AAD6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {441C4612-8476-4748-B13C-09E64291FEC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {6888416B-05BE-46F6-95FD-C51853B01862} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6DFEB52F-DD90-4AC1-B9B7-959FC5CACDFA} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {799B4EE9-7E83-4265-A3B0-8C341617DAFD} - System32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {7FD45365-D338-421B-AAB3-98EF7BED0695} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {84F4C895-3641-45B9-836E-CCC3894CD778} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9059918A-ABFD-4092-8D52-11725F647CF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {968F3A69-5851-4A57-BB26-701B907B60CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A016E7E2-12AA-48DF-83C1-575481F94071} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B524A3A1-254A-417B-81E9-1F314D81EFF8} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B85E8914-C83D-42FC-B319-DE3600CCBEF8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC0C8980-80CF-4C6D-8506-EBE238627E95} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-03] (Avast Software s.r.o. -> Avast Software)
Task: {DC5B7110-B8FB-4B08-B134-E15657C512EB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD39BA4B-3BA1-469E-8DB0-38035A77324D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE43B3FA-1AE2-4270-B1B8-BE33A026C1A2} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
Task: {E45D4087-6765-4617-B9A9-CBDF7B00211B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {EFF6B36E-B960-471E-A267-7EC4534980D4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE:/EXE:{58DE4AA5-C529-465E-87CE-0EF6614EE3D4} /F:UpdateWORKGROUP\DESKTOP-AUSGJMO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4261871939-3680644312-2290833728-1001] => 182.71.146.148:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a50b097d-b2f0-400f-88af-6fcafcb09065}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-12]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR Notifications: Default -> hxxps//app.smartsupp.com; hxxps//email.forpsi.com; hxxps//www.facebook.com
CHR HomePage: Default -> hxxp//www.google.com/
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-04]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-04]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-04]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-13]
CHR Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2020-04-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-21]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-19]
CHR Notifications: Profile 1 -> hxxps//www.facebook.com
CHR HomePage: Profile 1 -> hxxp//www.google.cz/
CHR StartupUrls: Profile 1 -> ""
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-06]
CHR Extension: (Entanglement Web App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2020-04-06]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-06]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-06]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-14]
CHR Extension: (Google Kalendář) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Eiffel Tower) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2020-04-06]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-21]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2730496 2020-09-09] (SSS) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2020144 2021-09-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 UrbanVPNServiceInteractive; C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe [221072 2020-11-17] (Urban Cyber Security Inc. -> )
S3 UrbanVPNUpdater; C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe [1010752 2020-11-25] (Urban Cyber Security Inc. -> Urban Security)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2020-04-10] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2020-04-09] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 UAExt; C:\WINDOWS\System32\DRIVERS\UAExt.sys [135264 2020-09-09] (Solid State System Co., Ltd -> Solid State System.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 18:12 - 2021-10-21 18:12 - 000028425 _____ C:\Users\micha\Desktop\FRST.txt
2021-10-21 18:11 - 2021-10-21 18:12 - 000000000 ____D C:\FRST
2021-10-21 18:11 - 2021-10-21 18:11 - 002310656 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2021-10-19 12:57 - 2021-10-19 14:43 - 000010485 _____ C:\Users\micha\Desktop\CN kovar Lanzhot Uhet.xlsx
2021-10-15 13:25 - 2021-10-15 13:25 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 13:25 - 2021-10-15 13:25 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 13:25 - 2021-10-15 13:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 13:25 - 2021-10-15 13:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 13:24 - 2021-10-15 13:24 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 13:24 - 2021-10-15 13:24 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 13:20 - 2021-10-15 13:20 - 000000000 ___HD C:\$WinREAgent
2021-10-14 15:09 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\Astro
2021-10-14 15:08 - 2021-10-14 15:08 - 000001151 _____ C:\Users\micha\Desktop\Astro.lnk
2021-10-13 21:26 - 2021-10-13 21:26 - 000001112 _____ C:\Users\micha\Desktop\Mining.lnk
2021-10-13 21:25 - 2021-10-13 21:25 - 000000000 ____D C:\Users\micha\AppData\Local\Mining
2021-10-13 18:43 - 2021-10-13 18:51 - 000000000 ____D C:\Users\micha\Desktop\kopie WWW idiot
2021-10-07 16:40 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngine
2021-10-07 16:40 - 2021-10-07 16:40 - 000000820 _____ C:\Users\micha\Desktop\Gas Station Simulator.lnk
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\GSS2
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\CrashReportClient
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gas Station Simulator
2021-10-05 21:15 - 2021-10-05 21:15 - 000094350 _____ C:\Users\micha\Desktop\priloha_951576887_0_VypisROS.pdf
2021-10-05 18:53 - 2021-10-12 13:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\playway-launcher
2021-10-05 18:53 - 2021-10-05 18:53 - 000000000 ____D C:\Users\micha\AppData\LocalLow\FreemindSA
2021-10-05 16:07 - 2021-10-05 19:27 - 000000223 _____ C:\Users\micha\Desktop\House Builder Demo.url
2021-10-04 17:00 - 2021-10-04 17:00 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-04 17:00 - 2021-10-04 17:00 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-26 10:13 - 2021-09-26 10:13 - 000000785 _____ C:\Users\micha\Desktop\Superliminal.lnk
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\Users\micha\AppData\LocalLow\PillowCastle
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superliminal
2021-09-26 09:37 - 2021-09-26 10:12 - 000000000 ____D C:\Hry
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001474688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001212544 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001171064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000716920 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000676472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000645240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000577144 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000564344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 002112120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 001595512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000919160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-09-21 18:07 - 2021-09-16 05:24 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-09-21 18:07 - 2021-09-16 05:23 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 005681280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-09-21 18:07 - 2021-09-16 05:21 - 006216336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-09-21 18:07 - 2021-09-14 05:39 - 000083133 _____ C:\WINDOWS\system32\nvinfo.pb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 18:09 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2021-10-21 18:09 - 2020-04-04 10:18 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-21 18:08 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Local\Discord
2021-10-21 18:08 - 2020-04-04 10:08 - 000000000 ___RD C:\Users\micha\OneDrive
2021-10-21 18:05 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 18:02 - 2021-02-01 19:31 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-21 18:02 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-21 18:02 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-21 18:02 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-21 17:58 - 2021-02-01 19:30 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-21 17:58 - 2020-04-04 11:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-21 17:57 - 2020-04-04 10:19 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 17:55 - 2021-02-01 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 17:55 - 2021-02-01 19:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 17:55 - 2021-02-01 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 17:35 - 2020-04-04 10:59 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}.job
2021-10-21 15:04 - 2020-04-04 11:17 - 000000000 ____D C:\Users\micha\AppData\Local\ClassicShell
2021-10-21 14:51 - 2021-08-16 10:00 - 000001069 _____ C:\Users\micha\Desktop\PRACE dokumenty.txt
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-21 13:14 - 2021-09-20 20:41 - 000002548 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2021-10-21 13:14 - 2021-02-11 13:37 - 000003318 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f8bfdbe63d84
2021-10-21 13:14 - 2021-02-01 19:30 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-21 13:14 - 2021-02-01 19:30 - 000003500 _____ C:\WINDOWS\system32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}
2021-10-21 13:14 - 2021-02-01 19:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-21 13:14 - 2021-02-01 19:30 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-21 13:14 - 2021-02-01 19:30 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-21 13:14 - 2021-02-01 19:30 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-21 13:14 - 2021-02-01 19:30 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2021-10-21 13:14 - 2021-02-01 19:30 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002582 _____ C:\WINDOWS\system32\Tasks\AMDAutoUpdate
2021-10-21 13:14 - 2021-02-01 19:30 - 000002580 _____ C:\WINDOWS\system32\Tasks\SoundBass
2021-10-21 13:14 - 2021-02-01 19:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-10-21 13:12 - 2021-08-25 19:46 - 000000000 ____D C:\Users\micha\Desktop\Nabídky
2021-10-21 11:51 - 2021-02-01 19:26 - 000002381 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-21 11:51 - 2020-04-06 16:34 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-18 18:37 - 2021-08-06 17:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\.minecraft
2021-10-17 10:00 - 2021-08-16 16:32 - 000000000 ____D C:\Moje kominictvi
2021-10-17 09:59 - 2021-08-16 09:38 - 000000000 ____D C:\Kominictvi Mančík
2021-10-17 09:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 12:17 - 2021-02-01 19:25 - 000442456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-16 12:17 - 2020-04-04 11:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-10-16 09:53 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-16 09:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-16 09:40 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\Skenování
2021-10-16 09:15 - 2020-06-06 22:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-15 13:20 - 2020-04-04 23:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-15 13:18 - 2020-04-04 23:43 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-14 15:08 - 2021-09-16 19:33 - 000000000 ____D C:\Games
2021-10-14 15:08 - 2020-04-19 09:50 - 000000000 ____D C:\Users\micha\AppData\Roaming\qBittorrent
2021-10-13 10:55 - 2020-04-04 10:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-13 10:55 - 2020-04-04 10:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-06 21:23 - 2021-04-25 13:27 - 000000000 ____D C:\ProgramData\UrbanVPN
2021-10-05 21:42 - 2020-04-04 10:07 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2021-10-04 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-04 17:28 - 2021-09-02 19:12 - 000000000 ____D C:\Raft.v13.01
2021-10-04 17:00 - 2021-05-30 20:51 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-04 17:00 - 2020-10-27 13:12 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-04 17:00 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-30 16:10 - 2021-08-06 17:29 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-09-29 16:16 - 2021-02-01 19:26 - 000000000 ____D C:\Users\micha
2021-09-25 10:20 - 2020-08-16 21:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-23 17:28 - 2020-11-17 19:13 - 000000000 ____D C:\Users\micha\AppData\Roaming\MyPhoneExplorer
2021-09-23 16:34 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\ZPRAVY SMAZAT
2021-09-23 12:26 - 2020-04-04 11:18 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2021-09-23 12:26 - 2020-04-04 11:02 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2021-09-23 08:59 - 2020-12-15 22:23 - 000002231 _____ C:\Users\micha\Desktop\Discord.lnk
2021-09-21 18:12 - 2020-04-04 11:03 - 000000000 ____D C:\Users\micha\AppData\Local\NVIDIA
2021-09-21 10:23 - 2021-09-20 20:41 - 000000000 ____D C:\Program Files\KMSpico

==================== Files in the root of some directories ========

2020-07-29 20:21 - 2020-07-29 20:21 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-09-27 21:17 - 2020-09-27 21:17 - 000016438 _____ () C:\Users\micha\AppData\Local\partner.bmp
2021-01-10 20:43 - 2021-02-08 19:36 - 000007602 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#6 Příspěvek od mikkie »

log Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by micha (21-10-2021 18:12:51)
Running from C:\Users\micha\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) (2021-02-01 17:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4261871939-3680644312-2290833728-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4261871939-3680644312-2290833728-503 - Limited - Disabled)
Guest (S-1-5-21-4261871939-3680644312-2290833728-501 - Limited - Disabled)
micha (S-1-5-21-4261871939-3680644312-2290833728-1001 - Administrator - Enabled) => C:\Users\micha
micha_p24az47 (S-1-5-21-4261871939-3680644312-2290833728-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4261871939-3680644312-2290833728-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
aladin (HKLM-x32\...\{480E3FFC-3701-4B1B-850F-2204F43BC688}) (Version: - )
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
A-Tuning v3.0.215 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.215 - ASRock Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
CPUID CPU-Z 1.92 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.92 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 2.5 - Eagle Dynamics)
Discord (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L3050 Series Printer Uninstall (HKLM\...\EPSON L3050 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
FileZilla Client 3.47.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.47.2.1 - Tim Kosse)
Gas Station Simulator (HKLM-x32\...\Gas Station Simulator_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\OneDriveSetup.exe) (Version: 21.210.1010.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 472.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
ProFact 5 (HKLM-x32\...\ProFact_is1) (Version: - eXmind)
Project CARS 2 (HKLM-x32\...\Project CARS 2_is1) (Version: - )
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.589 - Jan Fiala)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.4.543 - Jan Fiala)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.47.484 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
Spotify (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\Superliminal_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
UrbanVPN (HKLM\...\{6109A611-488D-407B-AA65-0FF765E6CA9C}) (Version: 2.2.4 - Urban Security) Hidden
UrbanVPN (HKLM\...\UrbanVPN 2.2.4) (Version: 2.2.4 - Urban Security)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
XGAMER Audio 7.1 (HKLM-x32\...\SSS16xxAudioExt) (Version: 3.21.2018.104 - SADES)

Packages:
=========
Best of Wallpapers 2019 Exclusive -> C:\Program Files\WindowsApps\Microsoft.BestofWallpapers2019Exclusive_2.0.0.0_neutral__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-19] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-12] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10913.5785.0_x64__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-21] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4261871939-3680644312-2290833728-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\nvshext.dll [2021-09-16] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-4261871939-3680644312-2290833728-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\micha\Desktop\Michal - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\micha\Desktop\Terezka - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2021-04-18 17:23 - 2014-11-02 19:45 - 000029184 _____ () [File not signed] C:\Program Files\PSPad editor\pspshellx64.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2020-04-26 11:02 - 2020-04-26 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-04-26 11:02 - 2020-04-26 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2020-09-09 13:36 - 2017-11-03 11:44 - 000232960 ____N (Solid State System) [File not signed] C:\Program Files (x86)\XGAMER Audio 7.1\DLL3S_UsbAudio16xx_x32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\Desktop\Foceni - Vanoce 2019\DSC_9982.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Trust GXT 354 Headset"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Walliant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{29458DEB-89BE-4F55-B362-0A79FF315AC2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{D73F25B8-73D8-4612-9013-00AFC67C6490}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{C535DEAE-95B1-4EC1-9AE3-90F16FB847B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{D00CE7CD-302D-4FC5-9DBD-BF6946EB2BC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{B53ED26A-6585-40CB-83AB-D1034BE5A986}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{EB245AB9-82A0-4DED-8851-4DBFE046EDA1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{F873DD99-DACE-47FB-ACB7-FAF5D2D438EF}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [TCP Query User{A54F25F0-65EF-41E6-9DB2-01F8F95FD1E9}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [UDP Query User{446488F3-6A65-4A40-84ED-6D7DD85BC5F2}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{0A1E29E9-17F5-49FA-831C-74E987176127}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{54446129-352F-4716-A57E-817CFBE15A09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{45E25852-2436-49B6-8730-460ABC3C1F32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{864198A2-5A02-402B-BFBE-2A6092CE7CBA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{89CCDD86-5ABB-49F9-ADA2-3AA16A9C0DFA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D790B858-A34F-48F3-BAB6-30E18C8B86A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E45CB1FF-8765-4764-B6E5-03B0CFB43CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [UDP Query User{11C83DD6-66C1-4B2A-95B9-F5595BAAE73F}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{36435545-4B21-4506-82B2-85572F619B25}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DBF5FAC2-3ED8-4AB7-A39F-2F9A785F9F5A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{975D2953-97C3-42CD-98A5-83734BE1D7B2}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E1397ADB-175E-4CD9-B12F-39A92FBF12B3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3114659E-1964-4B01-88CD-D008340CB6FA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0356A693-A394-4772-B76B-BF4C327CF3EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E292D98-5399-4BC6-8E9D-0B1CB269BB82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0586D70B-5F9B-4AE4-905B-6D8A0EB68614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6C369FD2-5CA0-46A5-AE4C-89BC129BAD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{04EE9578-4475-4C45-8938-31CFCAC72E37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1422F21A-0FE6-4E04-8608-E0AB2E1E74A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59EC471F-33CD-4B0E-8E0A-29665C636ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{B908D25C-2BCF-4188-BD0F-E397AC0F6BEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB818E50-B3CC-495D-8B88-B0DEBB6617EB}] => (Allow) C:\Program Files\UrbanVPN\bin\urbanvpn.exe (Urban Cyber Security Inc. -> Urban Cyber Security Inc.)
FirewallRules: [{6B348ED9-2076-478A-9359-7E403AFAF5E3}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{D95E5CD8-28BC-4058-8287-219908D11827}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{625E2928-9C58-49DF-B17F-B50F389E6882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E55FA02-62B7-487C-A936-926AA212BA3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5B049C5A-4686-4D48-971A-1FA1CE78FDB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{EDB90044-B689-459D-A928-70A8E53D2179}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{10816914-AC23-4957-AFA6-FF812C9B1605}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{D941A9B7-F0DD-4690-9B9E-BA858CBD8690}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [UDP Query User{E3FF217D-D5A2-4FBB-9AA2-46E08FD69504}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{9E5EEF55-8997-4079-8F9B-08FEAB040366}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96C5992A-9238-42AB-A486-3B4269D5D5BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAE3C048-FAF0-427D-8EA0-3F4D9F3BE496}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23DEC2C8-A016-4EB9-945C-0199CEA8AD4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F4AE76EB-006D-40BC-BA62-6C277AA1CC70}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F019F4A2-AA14-4DE6-A911-5194DC187A46}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{174932D6-6697-4504-9CC9-BF7F25EA6F64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D56936D4-1FD9-4590-BA26-F2F4416C32A5}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{DE0DF6E2-40AE-4912-B825-B7621C54FEA0}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{37E4D05E-2ADF-410A-B96A-4FE1603EB75E}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{41A171F7-2F8E-4D4F-95D8-B31FB070B856}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{16CB7910-8372-4FA5-B5A7-0EBBE0A43FC3}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{521A084B-40C8-4B58-8C12-53F500198CC1}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{B9BF3CDA-B02D-439F-B07D-5D3F05AA1C7B}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [UDP Query User{86270292-CED8-4063-A839-B359E378F341}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [{0FB5E399-96E2-41DD-A301-26C16DCFDA7F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0CF97578-F0B7-4384-ABE4-6E22252BF073}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D7AEC660-94B5-447F-9266-E27103DF26D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{D8108455-A271-4AC5-B9E4-14D8F60BE516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{52C486E9-ADF6-4E8F-9EE3-EB2BC7D878F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6526B3D6-F464-4BCD-950E-C57C1644F7A5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E8A345-380A-429B-AC24-C432D39527F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C93EDD0D-A67F-41F0-895E-2D38640EBE4C}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [UDP Query User{A95835B6-3EC1-4296-8418-29BB5940536B}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]

==================== Restore Points =========================

15-10-2021 13:20:16 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/21/2021 02:28:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (L:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (K:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (J:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (H:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 11:52:15 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Nelze určit, zda se zásobník nachází v oboru procházení (chyba=0x8007045b).


System errors:
=============
Error: (10/21/2021 05:55:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:35:28, ‎21.‎10.‎2021) bylo neočekávané.

Error: (10/18/2021 07:03:21 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-AUSGJMO)
Description: Služba DCOM zjistila chybu 1053 při pokusu o spuštění služby BcastDVRUserService_33da8cc s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (10/18/2021 07:03:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Uživatelská služba pro GameDVR a vysílání her_33da8cc neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (10/18/2021 07:03:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Uživatelská služba pro GameDVR a vysílání her_33da8cc bylo dosaženo časového limitu (60000 ms).

Error: (10/18/2021 07:03:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AUSGJMO)
Description: Server Microsoft.WindowsFeedbackHub_1.2108.2563.0_x64__8wekyb3d8bbwe!App.AppX8a6w88secebzyje9nrqc47xt488tkbmc.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/18/2021 07:03:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AUSGJMO)
Description: Server microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/17/2021 05:34:40 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-AUSGJMO)
Description: Služba DCOM zjistila chybu 1053 při pokusu o spuštění služby BcastDVRUserService_1f86988 s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (10/17/2021 05:34:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Uživatelská služba pro GameDVR a vysílání her_1f86988 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


CodeIntegrity:
===============
Date: 2021-10-21 17:57:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-10-21 17:56:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P3.90 12/09/2019
Motherboard: ASRock B450M Pro4
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 16313.72 MB
Available physical RAM: 11425.83 MB
Total Virtual: 18745.72 MB
Available Virtual: 11730.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.87 GB) (Free:41.63 GB) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:224.84 GB) (Free:54.58 GB) NTFS
Drive h: () (Fixed) (Total:224.84 GB) (Free:14.61 GB) NTFS
Drive i: () (Fixed) (Total:222.95 GB) (Free:28.79 GB) NTFS
Drive j: () (Fixed) (Total:146.38 GB) (Free:20.54 GB) NTFS
Drive k: () (Fixed) (Total:247.82 GB) (Free:115.57 GB) NTFS
Drive l: () (Fixed) (Total:683.59 GB) (Free:506.87 GB) NTFS

\\?\Volume{c4029046-716d-441f-a03d-cce2ceeeb070}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c6b8d1f4-ded1-4088-bf7e-f6bafaa17d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{7e630a01-0000-0000-0000-10c337000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ff619c6-97c5-4a7f-bd2f-8251e43ed227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7E630A01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=533 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E274E274)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0775D37C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#7 Příspěvek od Rudy »

Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#8 Příspěvek od mikkie »

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-08.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-21-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\micha\AppData\Local\Walliant
Deleted C:\Users\micha\AppData\Roaming\RelevantKnowledge

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Walliant
Deleted HKCU\Software\csastats
Deleted HKLM\Software\qdu-pr

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Spirální stabilizace páteře - Na Úbočí 10, Praha 8, Czech Republic, 00420-284 810 231, spirstab@spirstab.com
Deleted home.sweetim.com
Deleted home.sweetim.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1926 octets] - [21/10/2021 18:58:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#9 Příspěvek od mikkie »

Když dám zkontrolovat ještě jednou, objeví se tam

PUP.optional.22chromeEXT

který ale nejde dát do karantény, objevuje se stále dokola

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#10 Příspěvek od Rudy »

Nemusí být tak zle, je to jen potenciálně nežádoucí prvel. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#11 Příspěvek od mikkie »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by micha (administrator) on DESKTOP-AUSGJMO (21-10-2021 20:05:39)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [24253504 2020-11-17] (Urban Cyber Security Inc. -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [XGAMER Audio 7.1] => C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe [10700800 2020-09-09] (Solid State System) [File not signed]
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [23233936 2020-12-02] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365760 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Discord] => C:\Users\micha\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\...\Print\Monitors\EPSON L3050 Series 64MonitorBE: C:\Windows\system32\E_YLMBR4E.DLL [183296 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8600B4-B888-4EBB-9AA4-62659EE61B98} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0F36DB52-85FF-40C8-AE92-0412A89A73BF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {0FE0F530-4631-4907-9AA2-E94B1A5F538E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {1E11BE83-AA28-40C1-979D-208B1CB47254} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {33E22DCD-C643-463C-AFCB-E61FFC67AAD6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {441C4612-8476-4748-B13C-09E64291FEC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {6888416B-05BE-46F6-95FD-C51853B01862} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {799B4EE9-7E83-4265-A3B0-8C341617DAFD} - System32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {7FD45365-D338-421B-AAB3-98EF7BED0695} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {84F4C895-3641-45B9-836E-CCC3894CD778} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9059918A-ABFD-4092-8D52-11725F647CF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {968F3A69-5851-4A57-BB26-701B907B60CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A016E7E2-12AA-48DF-83C1-575481F94071} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B524A3A1-254A-417B-81E9-1F314D81EFF8} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B85E8914-C83D-42FC-B319-DE3600CCBEF8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC0C8980-80CF-4C6D-8506-EBE238627E95} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-03] (Avast Software s.r.o. -> Avast Software)
Task: {DC5B7110-B8FB-4B08-B134-E15657C512EB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD39BA4B-3BA1-469E-8DB0-38035A77324D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE43B3FA-1AE2-4270-B1B8-BE33A026C1A2} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
Task: {E45D4087-6765-4617-B9A9-CBDF7B00211B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {EFF6B36E-B960-471E-A267-7EC4534980D4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4261871939-3680644312-2290833728-1001] => 182.71.146.148:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a50b097d-b2f0-400f-88af-6fcafcb09065}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-12]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR Notifications: Default -> hxxps//www.facebook.com
CHR HomePage: Default -> hxxp//www.google.com/
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-04]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-04]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-04]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-13]
CHR Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2020-04-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-21]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-19]
CHR Notifications: Profile 1 -> hxxps//www.facebook.com
CHR HomePage: Profile 1 -> hxxp//www.google.cz/
CHR StartupUrls: Profile 1 -> ""
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-06]
CHR Extension: (Entanglement Web App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2020-04-06]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-06]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-06]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-14]
CHR Extension: (Google Kalendář) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Eiffel Tower) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2020-04-06]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-21]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
S2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2730496 2020-09-09] (SSS) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2020144 2021-09-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S2 UrbanVPNServiceInteractive; C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe [221072 2020-11-17] (Urban Cyber Security Inc. -> )
S3 UrbanVPNUpdater; C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe [1010752 2020-11-25] (Urban Cyber Security Inc. -> Urban Security)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2020-04-10] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2020-04-09] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 UAExt; C:\WINDOWS\System32\DRIVERS\UAExt.sys [135264 2020-09-09] (Solid State System Co., Ltd -> Solid State System.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 18:57 - 2021-10-21 18:58 - 000000000 ____D C:\AdwCleaner
2021-10-21 18:57 - 2021-10-21 18:57 - 008553680 _____ (Malwarebytes) C:\Users\micha\Desktop\adwcleaner_8.3.0.exe
2021-10-21 18:12 - 2021-10-21 20:05 - 000025015 _____ C:\Users\micha\Desktop\FRST.txt
2021-10-21 18:12 - 2021-10-21 20:05 - 000019262 _____ C:\Users\micha\Desktop\FRSTold.txt
2021-10-21 18:12 - 2021-10-21 18:13 - 000048080 _____ C:\Users\micha\Desktop\Additionold.txt
2021-10-21 18:11 - 2021-10-21 20:05 - 000000000 ____D C:\FRST
2021-10-21 18:11 - 2021-10-21 18:11 - 002310656 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2021-10-19 12:57 - 2021-10-19 14:43 - 000010485 _____ C:\Users\micha\Desktop\CN kovar Lanzhot Uhet.xlsx
2021-10-15 13:25 - 2021-10-15 13:25 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 13:25 - 2021-10-15 13:25 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 13:25 - 2021-10-15 13:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 13:25 - 2021-10-15 13:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 13:24 - 2021-10-15 13:24 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 13:24 - 2021-10-15 13:24 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 13:20 - 2021-10-15 13:20 - 000000000 ___HD C:\$WinREAgent
2021-10-14 15:09 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\Astro
2021-10-14 15:08 - 2021-10-14 15:08 - 000001151 _____ C:\Users\micha\Desktop\Astro.lnk
2021-10-13 21:26 - 2021-10-13 21:26 - 000001112 _____ C:\Users\micha\Desktop\Mining.lnk
2021-10-13 21:25 - 2021-10-13 21:25 - 000000000 ____D C:\Users\micha\AppData\Local\Mining
2021-10-13 18:43 - 2021-10-13 18:51 - 000000000 ____D C:\Users\micha\Desktop\kopie WWW idiot
2021-10-07 16:40 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngine
2021-10-07 16:40 - 2021-10-07 16:40 - 000000820 _____ C:\Users\micha\Desktop\Gas Station Simulator.lnk
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\GSS2
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\CrashReportClient
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gas Station Simulator
2021-10-05 21:15 - 2021-10-05 21:15 - 000094350 _____ C:\Users\micha\Desktop\priloha_951576887_0_VypisROS.pdf
2021-10-05 18:53 - 2021-10-12 13:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\playway-launcher
2021-10-05 18:53 - 2021-10-05 18:53 - 000000000 ____D C:\Users\micha\AppData\LocalLow\FreemindSA
2021-10-05 16:07 - 2021-10-05 19:27 - 000000223 _____ C:\Users\micha\Desktop\House Builder Demo.url
2021-10-04 17:00 - 2021-10-04 17:00 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-04 17:00 - 2021-10-04 17:00 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-26 10:13 - 2021-09-26 10:13 - 000000785 _____ C:\Users\micha\Desktop\Superliminal.lnk
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\Users\micha\AppData\LocalLow\PillowCastle
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superliminal
2021-09-26 09:37 - 2021-09-26 10:12 - 000000000 ____D C:\Hry
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001474688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001212544 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001171064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000716920 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000676472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000645240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000577144 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000564344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 002112120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 001595512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000919160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-09-21 18:07 - 2021-09-16 05:24 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-09-21 18:07 - 2021-09-16 05:23 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 005681280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-09-21 18:07 - 2021-09-16 05:21 - 006216336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-09-21 18:07 - 2021-09-14 05:39 - 000083133 _____ C:\WINDOWS\system32\nvinfo.pb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 20:05 - 2020-04-04 11:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-21 20:04 - 2021-02-11 13:37 - 000003318 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f8bfdbe63d84
2021-10-21 20:04 - 2021-02-01 19:30 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-21 20:04 - 2021-02-01 19:30 - 000003500 _____ C:\WINDOWS\system32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}
2021-10-21 20:04 - 2021-02-01 19:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-21 20:04 - 2021-02-01 19:30 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-21 20:04 - 2021-02-01 19:30 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-21 20:04 - 2021-02-01 19:30 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-21 20:04 - 2021-02-01 19:30 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2021-10-21 20:04 - 2021-02-01 19:30 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002582 _____ C:\WINDOWS\system32\Tasks\AMDAutoUpdate
2021-10-21 20:04 - 2021-02-01 19:30 - 000002580 _____ C:\WINDOWS\system32\Tasks\SoundBass
2021-10-21 20:04 - 2021-02-01 19:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-10-21 20:04 - 2020-04-04 10:59 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}.job
2021-10-21 20:03 - 2021-09-20 20:41 - 000000000 ____D C:\Program Files\KMSpico
2021-10-21 20:03 - 2020-04-04 10:18 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-21 20:02 - 2020-04-04 11:17 - 000000000 ____D C:\Users\micha\AppData\Local\ClassicShell
2021-10-21 20:02 - 2020-04-04 11:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-10-21 19:56 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 19:43 - 2021-02-01 19:31 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-21 19:43 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-21 19:43 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-21 19:43 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-21 19:38 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2021-10-21 19:38 - 2020-04-04 10:19 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 19:37 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Local\Discord
2021-10-21 19:37 - 2020-04-04 10:08 - 000000000 ___RD C:\Users\micha\OneDrive
2021-10-21 19:36 - 2021-02-01 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 19:36 - 2021-02-01 19:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 19:36 - 2020-04-04 11:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-10-21 19:36 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-21 18:57 - 2021-04-25 13:27 - 000000000 ____D C:\ProgramData\UrbanVPN
2021-10-21 18:56 - 2021-02-01 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 17:58 - 2021-02-01 19:30 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-21 14:51 - 2021-08-16 10:00 - 000001069 _____ C:\Users\micha\Desktop\PRACE dokumenty.txt
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-21 13:12 - 2021-08-25 19:46 - 000000000 ____D C:\Users\micha\Desktop\Nabídky
2021-10-21 11:51 - 2021-02-01 19:26 - 000002381 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-21 11:51 - 2020-04-06 16:34 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-18 18:37 - 2021-08-06 17:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\.minecraft
2021-10-17 10:00 - 2021-08-16 16:32 - 000000000 ____D C:\Moje kominictvi
2021-10-17 09:59 - 2021-08-16 09:38 - 000000000 ____D C:\Kominictvi Mančík
2021-10-17 09:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 12:17 - 2021-02-01 19:25 - 000442456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-16 09:53 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-16 09:40 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\Skenování
2021-10-16 09:15 - 2020-06-06 22:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-15 13:20 - 2020-04-04 23:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-15 13:18 - 2020-04-04 23:43 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-14 15:08 - 2021-09-16 19:33 - 000000000 ____D C:\Games
2021-10-14 15:08 - 2020-04-19 09:50 - 000000000 ____D C:\Users\micha\AppData\Roaming\qBittorrent
2021-10-13 10:55 - 2020-04-04 10:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-13 10:55 - 2020-04-04 10:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-05 21:42 - 2020-04-04 10:07 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2021-10-04 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-04 17:28 - 2021-09-02 19:12 - 000000000 ____D C:\Raft.v13.01
2021-10-04 17:00 - 2021-05-30 20:51 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-04 17:00 - 2020-10-27 13:12 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-04 17:00 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-30 16:10 - 2021-08-06 17:29 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-09-29 16:16 - 2021-02-01 19:26 - 000000000 ____D C:\Users\micha
2021-09-25 10:20 - 2020-08-16 21:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-23 17:28 - 2020-11-17 19:13 - 000000000 ____D C:\Users\micha\AppData\Roaming\MyPhoneExplorer
2021-09-23 16:34 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\ZPRAVY SMAZAT
2021-09-23 12:26 - 2020-04-04 11:18 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2021-09-23 12:26 - 2020-04-04 11:02 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2021-09-23 08:59 - 2020-12-15 22:23 - 000002231 _____ C:\Users\micha\Desktop\Discord.lnk
2021-09-21 18:12 - 2020-04-04 11:03 - 000000000 ____D C:\Users\micha\AppData\Local\NVIDIA

==================== Files in the root of some directories ========

2020-07-29 20:21 - 2020-07-29 20:21 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-09-27 21:17 - 2020-09-27 21:17 - 000016438 _____ () C:\Users\micha\AppData\Local\partner.bmp
2021-01-10 20:43 - 2021-02-08 19:36 - 000007602 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#12 Příspěvek od mikkie »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by micha (21-10-2021 20:06:10)
Running from C:\Users\micha\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) (2021-02-01 17:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4261871939-3680644312-2290833728-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4261871939-3680644312-2290833728-503 - Limited - Disabled)
Guest (S-1-5-21-4261871939-3680644312-2290833728-501 - Limited - Disabled)
micha (S-1-5-21-4261871939-3680644312-2290833728-1001 - Administrator - Enabled) => C:\Users\micha
micha_p24az47 (S-1-5-21-4261871939-3680644312-2290833728-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4261871939-3680644312-2290833728-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
A-Tuning v3.0.215 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.215 - ASRock Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
CPUID CPU-Z 1.92 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.92 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 2.5 - Eagle Dynamics)
Discord (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L3050 Series Printer Uninstall (HKLM\...\EPSON L3050 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
FileZilla Client 3.47.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.47.2.1 - Tim Kosse)
Gas Station Simulator (HKLM-x32\...\Gas Station Simulator_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\OneDriveSetup.exe) (Version: 21.210.1010.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 472.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
ProFact 5 (HKLM-x32\...\ProFact_is1) (Version: - eXmind)
Project CARS 2 (HKLM-x32\...\Project CARS 2_is1) (Version: - )
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.589 - Jan Fiala)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.4.543 - Jan Fiala)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.47.484 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
Spotify (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\Superliminal_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
UrbanVPN (HKLM\...\{6109A611-488D-407B-AA65-0FF765E6CA9C}) (Version: 2.2.4 - Urban Security) Hidden
UrbanVPN (HKLM\...\UrbanVPN 2.2.4) (Version: 2.2.4 - Urban Security)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
XGAMER Audio 7.1 (HKLM-x32\...\SSS16xxAudioExt) (Version: 3.21.2018.104 - SADES)

Packages:
=========
Best of Wallpapers 2019 Exclusive -> C:\Program Files\WindowsApps\Microsoft.BestofWallpapers2019Exclusive_2.0.0.0_neutral__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-19] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-12] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10913.5785.0_x64__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-21] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4261871939-3680644312-2290833728-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\nvshext.dll [2021-09-16] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-4261871939-3680644312-2290833728-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\micha\Desktop\Michal - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\micha\Desktop\Terezka - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2021-04-18 17:23 - 2014-11-02 19:45 - 000029184 _____ () [File not signed] C:\Program Files\PSPad editor\pspshellx64.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\Desktop\Foceni - Vanoce 2019\DSC_9982.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Trust GXT 354 Headset"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{29458DEB-89BE-4F55-B362-0A79FF315AC2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{D73F25B8-73D8-4612-9013-00AFC67C6490}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{C535DEAE-95B1-4EC1-9AE3-90F16FB847B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{D00CE7CD-302D-4FC5-9DBD-BF6946EB2BC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{B53ED26A-6585-40CB-83AB-D1034BE5A986}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{EB245AB9-82A0-4DED-8851-4DBFE046EDA1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{F873DD99-DACE-47FB-ACB7-FAF5D2D438EF}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [TCP Query User{A54F25F0-65EF-41E6-9DB2-01F8F95FD1E9}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [UDP Query User{446488F3-6A65-4A40-84ED-6D7DD85BC5F2}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{0A1E29E9-17F5-49FA-831C-74E987176127}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{54446129-352F-4716-A57E-817CFBE15A09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{45E25852-2436-49B6-8730-460ABC3C1F32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{864198A2-5A02-402B-BFBE-2A6092CE7CBA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{89CCDD86-5ABB-49F9-ADA2-3AA16A9C0DFA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D790B858-A34F-48F3-BAB6-30E18C8B86A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E45CB1FF-8765-4764-B6E5-03B0CFB43CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [UDP Query User{11C83DD6-66C1-4B2A-95B9-F5595BAAE73F}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{36435545-4B21-4506-82B2-85572F619B25}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DBF5FAC2-3ED8-4AB7-A39F-2F9A785F9F5A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{975D2953-97C3-42CD-98A5-83734BE1D7B2}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E1397ADB-175E-4CD9-B12F-39A92FBF12B3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3114659E-1964-4B01-88CD-D008340CB6FA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0356A693-A394-4772-B76B-BF4C327CF3EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E292D98-5399-4BC6-8E9D-0B1CB269BB82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0586D70B-5F9B-4AE4-905B-6D8A0EB68614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6C369FD2-5CA0-46A5-AE4C-89BC129BAD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{04EE9578-4475-4C45-8938-31CFCAC72E37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1422F21A-0FE6-4E04-8608-E0AB2E1E74A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59EC471F-33CD-4B0E-8E0A-29665C636ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{B908D25C-2BCF-4188-BD0F-E397AC0F6BEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB818E50-B3CC-495D-8B88-B0DEBB6617EB}] => (Allow) C:\Program Files\UrbanVPN\bin\urbanvpn.exe (Urban Cyber Security Inc. -> Urban Cyber Security Inc.)
FirewallRules: [{6B348ED9-2076-478A-9359-7E403AFAF5E3}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{D95E5CD8-28BC-4058-8287-219908D11827}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{625E2928-9C58-49DF-B17F-B50F389E6882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E55FA02-62B7-487C-A936-926AA212BA3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5B049C5A-4686-4D48-971A-1FA1CE78FDB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{EDB90044-B689-459D-A928-70A8E53D2179}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{10816914-AC23-4957-AFA6-FF812C9B1605}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{D941A9B7-F0DD-4690-9B9E-BA858CBD8690}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [UDP Query User{E3FF217D-D5A2-4FBB-9AA2-46E08FD69504}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{9E5EEF55-8997-4079-8F9B-08FEAB040366}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96C5992A-9238-42AB-A486-3B4269D5D5BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAE3C048-FAF0-427D-8EA0-3F4D9F3BE496}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23DEC2C8-A016-4EB9-945C-0199CEA8AD4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F4AE76EB-006D-40BC-BA62-6C277AA1CC70}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F019F4A2-AA14-4DE6-A911-5194DC187A46}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{174932D6-6697-4504-9CC9-BF7F25EA6F64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D56936D4-1FD9-4590-BA26-F2F4416C32A5}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{DE0DF6E2-40AE-4912-B825-B7621C54FEA0}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{37E4D05E-2ADF-410A-B96A-4FE1603EB75E}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{41A171F7-2F8E-4D4F-95D8-B31FB070B856}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{16CB7910-8372-4FA5-B5A7-0EBBE0A43FC3}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{521A084B-40C8-4B58-8C12-53F500198CC1}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{B9BF3CDA-B02D-439F-B07D-5D3F05AA1C7B}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [UDP Query User{86270292-CED8-4063-A839-B359E378F341}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [{0FB5E399-96E2-41DD-A301-26C16DCFDA7F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0CF97578-F0B7-4384-ABE4-6E22252BF073}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D7AEC660-94B5-447F-9266-E27103DF26D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{D8108455-A271-4AC5-B9E4-14D8F60BE516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{52C486E9-ADF6-4E8F-9EE3-EB2BC7D878F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6526B3D6-F464-4BCD-950E-C57C1644F7A5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E8A345-380A-429B-AC24-C432D39527F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C93EDD0D-A67F-41F0-895E-2D38640EBE4C}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [UDP Query User{A95835B6-3EC1-4296-8418-29BB5940536B}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]

==================== Restore Points =========================

15-10-2021 13:20:16 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/21/2021 02:28:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (L:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (K:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (J:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (H:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 11:52:15 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Nelze určit, zda se zásobník nachází v oboru procházení (chyba=0x8007045b).


System errors:
=============
Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba UrbanVPNServiceInteractive byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 300000 milisekund: Restartovat službu.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (10/21/2021 07:38:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/21/2021 07:38:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/21/2021 07:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.


CodeIntegrity:
===============
Date: 2021-10-21 19:38:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-10-21 19:37:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P3.90 12/09/2019
Motherboard: ASRock B450M Pro4
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 16313.72 MB
Available physical RAM: 12334.58 MB
Total Virtual: 18745.72 MB
Available Virtual: 13171.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.87 GB) (Free:42.74 GB) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:224.84 GB) (Free:54.58 GB) NTFS
Drive h: () (Fixed) (Total:224.84 GB) (Free:14.61 GB) NTFS
Drive i: () (Fixed) (Total:222.95 GB) (Free:28.79 GB) NTFS
Drive j: () (Fixed) (Total:146.38 GB) (Free:20.54 GB) NTFS
Drive k: () (Fixed) (Total:247.82 GB) (Free:115.57 GB) NTFS
Drive l: () (Fixed) (Total:683.59 GB) (Free:506.87 GB) NTFS

\\?\Volume{c4029046-716d-441f-a03d-cce2ceeeb070}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c6b8d1f4-ded1-4088-bf7e-f6bafaa17d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{7e630a01-0000-0000-0000-10c337000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ff619c6-97c5-4a7f-bd2f-8251e43ed227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7E630A01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=533 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E274E274)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0775D37C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#13 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR StartupUrls: Profile 1 -> ""
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware

#14 Příspěvek od mikkie »

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by micha (22-10-2021 07:04:07) Run:1
Running from C:\Users\micha\Desktop
Loaded Profiles: micha
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR StartupUrls: Profile 1 -> ""
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3D81636-F54F-4623-B32D-33BF2977B115}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{247BFA83-BBA5-4DFD-BC69-53C774B934EC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5614D24F-F9EB-45A0-946F-3235201B76E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF27492D-C72C-4CBA-B0FC-8509033C16A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95319F9B-01FA-43AE-9635-99937B8EEA2D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26C84179-5608-4C5B-9D54-1C880D10398D}" => removed successfully
"HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSDNMON" => removed successfully
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc6f74ba-7658-11ea-a65b-a8a159192c9e} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A9E82D6-74F5-4102-B85D-FB9C9E910BA7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A9E82D6-74F5-4102-B85D-FB9C9E910BA7}" => removed successfully
C:\WINDOWS\System32\Tasks\SoundBass => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoundBass" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E59CA9B8-C816-4521-AD84-B6882148F34F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E59CA9B8-C816-4521-AD84-B6882148F34F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Chrome StartupUrls" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 315525995 B
Java, Flash, Steam htmlcache => 422183967 B
Windows/system/drivers => 21945632 B
Edge => 1018662 B
Chrome => 1084634111 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 167100 B
NetworkService => 167100 B
micha => 376468479 B

RecycleBin => 90661548 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:07:37 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Malware

#15 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno