Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

TiWorker.exe virus + log

Moderátoři: james008, JaRon, Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zpráva
Autor
Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

TiWorker.exe virus + log

#1 Příspěvek od Tedas »

Ahoj, včera jsem si všimnul, že mám na pozadí zaplý program TiWorker.exe, který mi bere většinu procesoru, ram a disku. Vím, že to má být spojené s akutalizacemi ve Windows, ale ty jsem všechny vypnul. Další věc je ta, že jakmile otevřu správce úloh, tak se TiWorker.exe sám od sebe vypne a snaží se ''schovat''. Neví někdo, jak to dát pryč, pokud je to teda virus.
Díky moc.
Ještě přidávám FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Tedas (administrator) on DESKTOP-11JAO0Q (MSI MS-7817) (01-11-2020 00:49:26)
Running from C:\Users\Tedas\Desktop
Loaded Profiles: Tedas
Platform: Windows 10 Home Version 1903 18362.959 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\hovna\ds4\DS4Windows.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-08-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Discord] => C:\Users\Tedas\AppData\Local\Discord\app-0.0.308\Discord.exe [91023672 2020-09-10] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [GoogleChromeAutoLaunch_AC42B993303A9B313EB69949F2D35547] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\MountPoints2: {a416e489-4c6f-11e8-aa2d-d8cb8a561954} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\Canon MG5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAT.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\Windows\system32\CNMLMAT.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\MPE3 Port: C:\Windows\system32\mpelocalmon.dll [27648 2016-03-21] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
Startup: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2018-11-05]
ShortcutTarget: DS4Windows.lnk -> C:\hovna\ds4\DS4Windows.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044D7DDC-13A0-4898-B71D-B9945340FD0E} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {1D32A704-F473-44D3-9035-E4389A05E2E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36650B59-1F5B-421A-9CEA-2BCDE4BB361A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36E03316-981A-4A92-A9BD-D327FFAFEC29} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE
Task: {3C0B4884-134A-408B-A677-D65219424A3B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {40123834-AB65-4B80-9A44-4637D4CA189E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {64E499E6-96AB-4ADB-9926-96283A28AEEF} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
Task: {78C31882-23B0-4365-87A5-D0DFA00FA67F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82C80C1E-7AC6-430E-B696-697881D6B70A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW" was unlocked. <==== ATTENTION
Task: {8DBDA4E4-6AAD-4E53-94A6-280516D43CF2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW => C:\WINDOWS\SysWOW64\Speech\Engines\Q-1-77-32\FD_1.3.73.85.exe [67896 2019-03-19] () [File not signed] <==== ATTENTION
Task: {8FD122C3-EC1B-484F-AF45-E33CD4782CDD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9181F4E2-0D7E-4A0E-847B-E88E65F9F20C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B545F0E7-550E-4D8B-965B-1595D5832CEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {C3902AD9-C574-478F-A8FA-F0B93408A0FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCC11C72-A0EF-4303-A4ED-C4323695A230} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DBE43F6F-740C-4D21-A1F5-9C860B268640} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DCC85488-DD26-400E-B5FA-76422A6E1CB4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E4B8E569-06F3-4DBA-90E1-8FD248099E74} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB8F9523-65D5-4EED-B790-0ECEAAFA7BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBA862CC-7EC6-481A-B0B6-B8E67B73B503} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0F0F582-32E5-45CA-B9F6-3923CCE00F4B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F23735F4-A3A2-468D-8DB9-5C219565A7BE} - System32\Tasks\Microsoft\Windows\PLA\Nová sada kolekcí dat => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1507328 2020-05-24] (Microsoft Windows -> Microsoft Corporation)
Task: {F353CF4E-B0A4-4312-908D-4667E47A1FD3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2
Tcpip\..\Interfaces\{0fef3b3e-9fcc-4dd8-9d0e-b5f69504820d}: [DhcpNameServer] 217.170.96.24 217.170.96.2

Edge:
======
Edge Profile: C:\Users\Tedas\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-04]

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-1359492776-2785733239-201844929-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Tedas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-25] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default [2020-11-01]
CHR Notifications: Default -> hxxps://steamcommunity.com
CHR HomePage: Default -> hxxps://www.google.cz/webhp?sourceid=chrome-ins ... 2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/?a=6PRfkUrXis&i=26&loc=skw","","hxxp://www.default-search.net?sid=503&aid=100& ... google.com"
CHR Extension: (Prezentace) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Dokumenty) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Disk Google) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2020-10-31]
CHR Extension: (Tabulky) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8730200 2020-09-23] (BattlEye Innovations e.K. -> )
R4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-09-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-03-29] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1358464 2020-10-29] (Rockstar Games, Inc. -> Rockstar Games)
S4 SU10Guard; C:\Program Files\UPDATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6933240 2020-10-22] (PUBG CORPORATION -> PUBG Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2018-12-14] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-05-15] (Martin Malik - REALiX -> REALiX(tm))
R3 MpKsl7bd835e2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF68E865-C744-4659-8560-36510AF62E07}\MpKslDrv.sys [47336 2020-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2020-01-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 00:49 - 2020-11-01 00:50 - 000021066 _____ C:\Users\Tedas\Desktop\FRST.txt
2020-11-01 00:49 - 2020-11-01 00:50 - 000000000 ____D C:\FRST
2020-11-01 00:48 - 2020-11-01 00:48 - 002299904 _____ (Farbar) C:\Users\Tedas\Desktop\FRST64.exe
2020-11-01 00:25 - 2020-11-01 00:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\Tedas\Desktop\hijackthis.exe
2020-10-31 23:52 - 2020-10-31 23:54 - 137386432 _____ (Microsoft Corporation) C:\Users\Tedas\Desktop\MSERT.exe
2020-10-29 16:42 - 2020-10-29 20:14 - 000000000 ____D C:\Users\Tedas\Downloads\Luther.S02.HDTV.XviD-soupuciaTPB
2020-10-22 09:29 - 2020-10-22 09:58 - 000000000 ____D C:\Program Files\Common Files\PUBG
2020-10-21 12:56 - 2020-10-21 12:59 - 000000000 ____D C:\Users\Tedas\Downloads\Luther Season 1 Complete 720p BluRay x264 [i_c]
2020-10-19 11:05 - 2020-10-19 11:05 - 000000222 _____ C:\Users\Tedas\Desktop\PUBG.url
2020-10-14 16:11 - 2020-10-14 16:11 - 000001186 _____ C:\Users\Tedas\Desktop\AC.lnk
2020-10-12 12:20 - 2020-10-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein Youngblood

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 00:28 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-01 00:26 - 2018-04-12 19:21 - 000000000 ____D C:\Users\Tedas\AppData\Local\VirtualStore
2020-11-01 00:17 - 2018-09-07 20:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\CrashDumps
2020-10-31 23:35 - 2020-05-30 00:03 - 000000000 ____D C:\Users\Tedas\AppData\Local\ElevatedDiagnostics
2020-10-31 23:27 - 2018-04-12 19:43 - 000000000 ____D C:\Program Files (x86)\Steam
2020-10-31 21:47 - 2018-04-12 19:30 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-31 21:06 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\discord
2020-10-31 20:09 - 2018-07-25 17:50 - 000007612 _____ C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-10-31 18:56 - 2018-05-29 16:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\PlaceholderTileLogoFolder
2020-10-31 17:37 - 2020-06-23 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-10-31 17:36 - 2019-08-17 17:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-31 17:36 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-30 12:39 - 2020-01-31 13:00 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\TS3Client
2020-10-29 20:32 - 2018-04-30 13:51 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\uTorrent
2020-10-29 16:42 - 2020-08-16 20:04 - 000000000 ____D C:\Users\Tedas\AppData\Local\BitTorrentHelper
2020-10-29 13:32 - 2019-08-17 17:51 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1359492776-2785733239-201844929-1001
2020-10-29 13:32 - 2019-08-17 11:32 - 000002361 _____ C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-29 13:32 - 2018-04-12 19:24 - 000000000 ___RD C:\Users\Tedas\OneDrive
2020-10-27 08:56 - 2019-08-17 17:43 - 001606106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-27 08:56 - 2019-03-19 12:55 - 000682526 _____ C:\WINDOWS\system32\perfh005.dat
2020-10-27 08:56 - 2019-03-19 12:55 - 000137244 _____ C:\WINDOWS\system32\perfc005.dat
2020-10-27 08:56 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-10-27 00:32 - 2019-08-17 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-21 23:18 - 2018-04-12 19:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-19 17:17 - 2018-05-28 21:53 - 000000000 ____D C:\Users\Tedas\AppData\Local\D3DSCache
2020-10-15 18:02 - 2020-09-30 18:29 - 000000000 ____D C:\Users\Tedas\Documents\Assassin's Creed Odyssey
2020-10-15 17:11 - 2019-08-17 17:51 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 17:11 - 2019-08-17 17:51 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 08:09 - 2020-09-30 17:14 - 000000000 ____D C:\Program Files (x86)\Assassins Creed Odyssey
2020-10-13 11:35 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-08 20:11 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-10-08 20:10 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Local\Discord
2020-10-07 13:17 - 2018-04-19 21:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-05 16:50 - 2018-05-04 13:18 - 000000000 ____D C:\Users\Tedas\Documents\My Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files (x86)\Rockstar Games

==================== Files in the root of some directories ========

2020-06-05 18:35 - 2020-06-05 18:43 - 000011938 _____ () C:\Program Files\devoir.docx
2019-03-11 19:07 - 2019-03-11 19:07 - 000003584 _____ () C:\Users\Tedas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-25 17:50 - 2020-10-31 20:09 - 000007612 _____ () C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-06-24 15:04 - 2020-06-24 15:04 - 000000000 _____ () C:\Users\Tedas\AppData\Local\{364767BB-2829-418F-B9FB-E8834887FC99}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Tedas (01-11-2020 00:51:03)
Running from C:\Users\Tedas\Desktop
Windows 10 Home Version 1903 18362.959 (X64) (2019-08-17 16:52:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1359492776-2785733239-201844929-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1359492776-2785733239-201844929-503 - Limited - Disabled)
Guest (S-1-5-21-1359492776-2785733239-201844929-501 - Limited - Disabled)
Tedas (S-1-5-21-1359492776-2785733239-201844929-1001 - Administrator - Enabled) => C:\Users\Tedas
WDAGUtilityAccount (S-1-5-21-1359492776-2785733239-201844929-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\uTorrent) (Version: 3.5.5.45776 - BitTorrent Inc.)
10 Second Ninja X (HKLM\...\MTBzZWNvbmRuaW5qYXg_is1) (Version: 1 - )
A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Alien Isolation version 1.0.0 (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0.0 - REPACKY BY TOMI2K9)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assassin's Creed Odyssey (HKLM-x32\...\{B7EC622B-1979-450E-8281-C5648506DB83}_is1) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bioshock Infinite verze v1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: v1.1.25.5165 - (R.G.Danik1B9))
BioShock Remastered (HKLM-x32\...\1439656515_is1) (Version: 1.0.122872 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Dark Souls III - The Fire Fades Edition (HKLM-x32\...\{C767B161-1DD8-4527-AC44-9B455E6ACEF2}) (Version: 1.0.0 - BANDAI NAMCO)
DARK SOULS REMASTERED (HKLM-x32\...\DARK SOULS REMASTERED_is1) (Version: - )
Dark Souls™ II verze v1.07 (HKLM-x32\...\Dark Souls™ II_is1) (Version: v1.07 - R.G. Danik1B9)
Diablo II (HKLM-x32\...\{BE91F536-19B8-45D8-A083-980E14C3A868}) (Version: 1.0.0 - BLIZZARD)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II Complete Edition MULTi6 - ElAmigos version 1.14D (HKLM-x32\...\{0FE1AA82-BF01-419E-B417-D03428435755}_is1) (Version: 1.14D - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FIFA 19 (HKLM-x32\...\FIFA 19_is1) (Version: - )
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Grand Theft Auto: San Andreas (HKLM-x32\...\Grand Theft Auto: San Andreas) (Version: 1.0.0.22 - Rockstar Games)
iTunes (HKLM\...\{A39EE3D3-411E-472C-AF73-9D751E37A7EE}) (Version: 12.10.0.7 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lords of the Fallen (HKLM-x32\...\Lords of the Fallen_is1) (Version: - )
Master PDF Editor 3.6 (HKLM\...\Master PDF Editor 3_is1) (Version: 3.6.30 - Code Industry Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.15 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: TiWorker.exe virus + log

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

Re: TiWorker.exe virus + log

#3 Příspěvek od Tedas »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-01-2020
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 14
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted default-search.net
Deleted default-search.net
Deleted http://mystart.incredibar.com/?a=6PRfkU ... 26&loc=skw
Deleted http://mystart.incredibar.com/?a=6PRfkU ... 26&loc=skw
Deleted http://www.default-search.net?sid=503&a ... 86&src=hmp
Deleted http://www.default-search.net?sid=503&a ... 86&src=hmp
Deleted http://www.mystartsearch.com/?type=hp&t ... 9ZT692KV9E
Deleted http://www.mystartsearch.com/?type=hp&t ... 9ZT692KV9E
Deleted http://www.mystartsearch.com/?type=hp&t ... 9ZT692KV9E
Deleted http://www.mystartsearch.com/?type=hp&t ... 9ZT692KV9E
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch
Deleted mystartsearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2782 octets] - [01/11/2020 10:14:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: TiWorker.exe virus + log

#4 Příspěvek od Diallix »

Poprosim o nove logy FRST + ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

Re: TiWorker.exe virus + log

#5 Příspěvek od Tedas »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Tedas (administrator) on DESKTOP-11JAO0Q (MSI MS-7817) (01-11-2020 10:24:14)
Running from C:\Users\Tedas\Desktop
Loaded Profiles: Tedas
Platform: Windows 10 Home Version 1903 18362.959 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\hovna\ds4\DS4Windows.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12007.1001.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-08-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Discord] => C:\Users\Tedas\AppData\Local\Discord\app-0.0.308\Discord.exe [91023672 2020-09-10] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [GoogleChromeAutoLaunch_AC42B993303A9B313EB69949F2D35547] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\MountPoints2: {a416e489-4c6f-11e8-aa2d-d8cb8a561954} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\Canon MG5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAT.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\Windows\system32\CNMLMAT.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\MPE3 Port: C:\Windows\system32\mpelocalmon.dll [27648 2016-03-21] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
Startup: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2018-11-05]
ShortcutTarget: DS4Windows.lnk -> C:\hovna\ds4\DS4Windows.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044D7DDC-13A0-4898-B71D-B9945340FD0E} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {1D32A704-F473-44D3-9035-E4389A05E2E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36650B59-1F5B-421A-9CEA-2BCDE4BB361A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36E03316-981A-4A92-A9BD-D327FFAFEC29} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE
Task: {37B156C4-C0DA-4B17-890F-21FE12900FC8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {3C0B4884-134A-408B-A677-D65219424A3B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {40123834-AB65-4B80-9A44-4637D4CA189E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {64E499E6-96AB-4ADB-9926-96283A28AEEF} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
Task: {78C31882-23B0-4365-87A5-D0DFA00FA67F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82C80C1E-7AC6-430E-B696-697881D6B70A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8DBDA4E4-6AAD-4E53-94A6-280516D43CF2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW => C:\WINDOWS\SysWOW64\Speech\Engines\Q-1-77-32\FD_1.3.73.85.exe (Access Denied) <==== ATTENTION
Task: {8FD122C3-EC1B-484F-AF45-E33CD4782CDD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9181F4E2-0D7E-4A0E-847B-E88E65F9F20C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B545F0E7-550E-4D8B-965B-1595D5832CEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {C13217DA-8E8E-4DC1-8001-EB99039BB94E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {C3902AD9-C574-478F-A8FA-F0B93408A0FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCC11C72-A0EF-4303-A4ED-C4323695A230} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DBE43F6F-740C-4D21-A1F5-9C860B268640} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DCC85488-DD26-400E-B5FA-76422A6E1CB4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E4B8E569-06F3-4DBA-90E1-8FD248099E74} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB5A09D9-90A5-439D-AB44-8CF1F5740F5A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {EB8F9523-65D5-4EED-B790-0ECEAAFA7BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBA862CC-7EC6-481A-B0B6-B8E67B73B503} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0F0F582-32E5-45CA-B9F6-3923CCE00F4B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F23735F4-A3A2-468D-8DB9-5C219565A7BE} - System32\Tasks\Microsoft\Windows\PLA\Nová sada kolekcí dat => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1507328 2020-05-24] (Microsoft Windows -> Microsoft Corporation)
Task: {F2FD76C5-793D-4F16-AA0C-B194580159CD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {F353CF4E-B0A4-4312-908D-4667E47A1FD3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2
Tcpip\..\Interfaces\{0fef3b3e-9fcc-4dd8-9d0e-b5f69504820d}: [DhcpNameServer] 217.170.96.24 217.170.96.2

Edge:
======
Edge Profile: C:\Users\Tedas\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-04]

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-1359492776-2785733239-201844929-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Tedas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-25] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default [2020-11-01]
CHR Notifications: Default -> hxxps://steamcommunity.com
CHR HomePage: Default -> hxxps://www.google.cz/webhp?sourceid=chrome-ins ... 2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/?a=6PRfkUrXis&i=26&loc=skw","","hxxp://www.default-search.net?sid=503&aid=100& ... oogle.com/"
CHR Extension: (Prezentace) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Dokumenty) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Disk Google) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2020-10-31]
CHR Extension: (Tabulky) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8730200 2020-09-23] (BattlEye Innovations e.K. -> )
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-09-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-03-29] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1358464 2020-10-29] (Rockstar Games, Inc. -> Rockstar Games)
S4 SU10Guard; C:\Program Files\UPDATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6933240 2020-10-22] (PUBG CORPORATION -> PUBG Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2018-12-14] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-05-15] (Martin Malik - REALiX -> REALiX(tm))
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2020-01-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
S3 MpKsl7bd835e2; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF68E865-C744-4659-8560-36510AF62E07}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 10:13 - 2020-11-01 10:15 - 000000000 ____D C:\AdwCleaner
2020-11-01 10:12 - 2020-11-01 10:12 - 008447152 _____ (Malwarebytes) C:\Users\Tedas\Desktop\adwcleaner_8.0.8.exe
2020-11-01 00:49 - 2020-11-01 10:25 - 000021399 _____ C:\Users\Tedas\Desktop\FRST.txt
2020-11-01 00:49 - 2020-11-01 10:25 - 000000000 ____D C:\FRST
2020-11-01 00:48 - 2020-11-01 00:48 - 002299904 _____ (Farbar) C:\Users\Tedas\Desktop\FRST64.exe
2020-11-01 00:25 - 2020-11-01 00:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\Tedas\Desktop\hijackthis.exe
2020-10-31 23:52 - 2020-10-31 23:54 - 137386432 _____ (Microsoft Corporation) C:\Users\Tedas\Desktop\MSERT.exe
2020-10-29 16:42 - 2020-10-29 20:14 - 000000000 ____D C:\Users\Tedas\Downloads\Luther.S02.HDTV.XviD-soupuciaTPB
2020-10-22 09:29 - 2020-10-22 09:58 - 000000000 ____D C:\Program Files\Common Files\PUBG
2020-10-21 12:56 - 2020-10-21 12:59 - 000000000 ____D C:\Users\Tedas\Downloads\Luther Season 1 Complete 720p BluRay x264 [i_c]
2020-10-19 11:05 - 2020-10-19 11:05 - 000000222 _____ C:\Users\Tedas\Desktop\PUBG.url
2020-10-14 16:11 - 2020-10-14 16:11 - 000001186 _____ C:\Users\Tedas\Desktop\AC.lnk
2020-10-12 12:20 - 2020-10-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein Youngblood

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 10:19 - 2018-04-12 19:30 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-01 10:18 - 2018-04-12 19:43 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-01 10:17 - 2020-06-23 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-11-01 10:17 - 2019-08-17 17:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-01 10:17 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-01 10:15 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-01 00:57 - 2018-07-25 17:50 - 000007610 _____ C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-11-01 00:26 - 2018-04-12 19:21 - 000000000 ____D C:\Users\Tedas\AppData\Local\VirtualStore
2020-11-01 00:17 - 2018-09-07 20:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\CrashDumps
2020-10-31 23:35 - 2020-05-30 00:03 - 000000000 ____D C:\Users\Tedas\AppData\Local\ElevatedDiagnostics
2020-10-31 21:06 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\discord
2020-10-31 18:56 - 2018-05-29 16:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\PlaceholderTileLogoFolder
2020-10-30 12:39 - 2020-01-31 13:00 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\TS3Client
2020-10-29 20:32 - 2018-04-30 13:51 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\uTorrent
2020-10-29 16:42 - 2020-08-16 20:04 - 000000000 ____D C:\Users\Tedas\AppData\Local\BitTorrentHelper
2020-10-29 13:32 - 2019-08-17 17:51 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1359492776-2785733239-201844929-1001
2020-10-29 13:32 - 2019-08-17 11:32 - 000002361 _____ C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-29 13:32 - 2018-04-12 19:24 - 000000000 ___RD C:\Users\Tedas\OneDrive
2020-10-27 08:56 - 2019-08-17 17:43 - 001606106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-27 08:56 - 2019-03-19 12:55 - 000682526 _____ C:\WINDOWS\system32\perfh005.dat
2020-10-27 08:56 - 2019-03-19 12:55 - 000137244 _____ C:\WINDOWS\system32\perfc005.dat
2020-10-27 08:56 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-10-27 00:32 - 2019-08-17 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-21 23:18 - 2018-04-12 19:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-19 17:17 - 2018-05-28 21:53 - 000000000 ____D C:\Users\Tedas\AppData\Local\D3DSCache
2020-10-15 18:02 - 2020-09-30 18:29 - 000000000 ____D C:\Users\Tedas\Documents\Assassin's Creed Odyssey
2020-10-15 17:11 - 2019-08-17 17:51 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 17:11 - 2019-08-17 17:51 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 08:09 - 2020-09-30 17:14 - 000000000 ____D C:\Program Files (x86)\Assassins Creed Odyssey
2020-10-13 11:35 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-08 20:11 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-10-08 20:10 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Local\Discord
2020-10-07 13:17 - 2018-04-19 21:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-05 16:50 - 2018-05-04 13:18 - 000000000 ____D C:\Users\Tedas\Documents\My Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files (x86)\Rockstar Games

==================== Files in the root of some directories ========

2020-06-05 18:35 - 2020-06-05 18:43 - 000011938 _____ () C:\Program Files\devoir.docx
2019-03-11 19:07 - 2019-03-11 19:07 - 000003584 _____ () C:\Users\Tedas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-25 17:50 - 2020-11-01 00:57 - 000007610 _____ () C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-06-24 15:04 - 2020-06-24 15:04 - 000000000 _____ () C:\Users\Tedas\AppData\Local\{364767BB-2829-418F-B9FB-E8834887FC99}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Tedas (01-11-2020 10:26:39)
Running from C:\Users\Tedas\Desktop
Windows 10 Home Version 1903 18362.959 (X64) (2019-08-17 16:52:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1359492776-2785733239-201844929-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1359492776-2785733239-201844929-503 - Limited - Disabled)
Guest (S-1-5-21-1359492776-2785733239-201844929-501 - Limited - Disabled)
Tedas (S-1-5-21-1359492776-2785733239-201844929-1001 - Administrator - Enabled) => C:\Users\Tedas
WDAGUtilityAccount (S-1-5-21-1359492776-2785733239-201844929-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\uTorrent) (Version: 3.5.5.45776 - BitTorrent Inc.)
10 Second Ninja X (HKLM\...\MTBzZWNvbmRuaW5qYXg_is1) (Version: 1 - )
A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Alien Isolation version 1.0.0 (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0.0 - REPACKY BY TOMI2K9)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assassin's Creed Odyssey (HKLM-x32\...\{B7EC622B-1979-450E-8281-C5648506DB83}_is1) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bioshock Infinite verze v1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: v1.1.25.5165 - (R.G.Danik1B9))
BioShock Remastered (HKLM-x32\...\1439656515_is1) (Version: 1.0.122872 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Dark Souls III - The Fire Fades Edition (HKLM-x32\...\{C767B161-1DD8-4527-AC44-9B455E6ACEF2}) (Version: 1.0.0 - BANDAI NAMCO)
DARK SOULS REMASTERED (HKLM-x32\...\DARK SOULS REMASTERED_is1) (Version: - )
Dark Souls™ II verze v1.07 (HKLM-x32\...\Dark Souls™ II_is1) (Version: v1.07 - R.G. Danik1B9)
Diablo II (HKLM-x32\...\{BE91F536-19B8-45D8-A083-980E14C3A868}) (Version: 1.0.0 - BLIZZARD)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II Complete Edition MULTi6 - ElAmigos version 1.14D (HKLM-x32\...\{0FE1AA82-BF01-419E-B417-D03428435755}_is1) (Version: 1.14D - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FIFA 19 (HKLM-x32\...\FIFA 19_is1) (Version: - )
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Grand Theft Auto: San Andreas (HKLM-x32\...\Grand Theft Auto: San Andreas) (Version: 1.0.0.22 - Rockstar Games)
iTunes (HKLM\...\{A39EE3D3-411E-472C-AF73-9D751E37A7EE}) (Version: 12.10.0.7 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lords of the Fallen (HKLM-x32\...\Lords of the Fallen_is1) (Version: - )
Master PDF Editor 3.6 (HKLM\...\Master PDF Editor 3_is1) (Version: 3.6.30 - Code Industry Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.15 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - )
Mortal Shell (HKLM-x32\...\Mortal Shell_is1) (Version: - )
MuseScore 3 (HKLM\...\{778D5D3D-5448-40F4-AACC-47D443C3E8A1}) (Version: 3.4.2.9788 - Werner Schweer and Others)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted) (Version: - )
Need for Speed Most Wanted 2012 v1.0.0.0 (HKLM-x32\...\Need for Speed Most Wanted 2012_is1) (Version: 1.0.0.0 - EA Games)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - )
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 451.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.67 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Outlast + DLC Whistleblower verze 1.0 (HKLM-x32\...\Outlast + DLC Whistleblower_is1) (Version: 1.0 - Danik1B9)
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 11.02 - )
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{2DB9CC90-24C4-4260-935D-511973B75707}) (Version: 7.6 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{DC327764-A1B1-4EF3-A07C-38741E3557E7}) (Version: 7.6 - Apple Inc.)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.30.299 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.0 - Rockstar Games)
ScpToolkit (HKLM\...\{1EA84ED4-28D4-4836-BF8B-0E31BF1704C5}) (Version: 1.7.277.16103 - Nefarius Software Solutions)
Sekiro Shadows Die Twice (HKLM-x32\...\Sekiro Shadows Die Twice_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH)
The Long Dark Steadfast Ranger (HKLM-x32\...\The Long Dark Steadfast Ranger_is1) (Version: - )
The Long Dark Vigilant Flame (HKLM-x32\...\The Long Dark Vigilant Flame_is1) (Version: - )
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Tony Hawks Pro Skater HD verze 1.1 (HKLM-x32\...\{B237974A-A9DB-4A1A-9ABF-4CFA4050F646}_is1) (Version: 1.1 - tomi2k9)
Tony Hawk's Underground 2 (HKLM-x32\...\{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision) Hidden
Tony Hawk's Underground 2 (HKLM-x32\...\InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision)
Tony Hawk's Underground 2 (HKLM-x32\...\Tony Hawk's Underground 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Torchlight 2 (HKLM-x32\...\Torchlight 2_is1) (Version: - )
Torchlight II v1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: - CzTorrent.net)
Trine 3 - Artifacts of Power (HKLM-x32\...\1431599567_is1) (Version: 2.2.0.5 - GOG.com)
Trine 3: The Artifacts of Power (HKLM-x32\...\Trine 3: The Artifacts of Power_is1) (Version: - )
Trine 4 The Nightmare Prince (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Trine 4 The Nightmare Prince) (Version: - HOODLUM)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F3874F6F-EA00-487D-BEAD-5FAA010E78F2}) (Version: 1.15.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 57.0 - Ubisoft)
WhoCrashed 6.65 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfenstein II - The New Colossus (HKLM-x32\...\Wolfenstein II - The New Colossus_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Wolfenstein New Order version 1.1.0 (HKLM-x32\...\Wolfenstein New Order_is1) (Version: 1.1.0 - REPACKY BY TOMI2K9)
Wolfenstein Youngblood (HKLM-x32\...\Wolfenstein Youngblood_is1) (Version: - )
Worms W.M.D (HKLM-x32\...\Worms W.M.D_is1) (Version: - )
Wreckfest (HKLM-x32\...\Wreckfest_is1) (Version: - )
Zoom (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.174.500.0_x86__kgqvnymyfvs32 [2020-08-12] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8042.0_x64__8wekyb3d8bbwe [2020-08-08] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvshext.dll [2020-07-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Tedas\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) =============

2019-01-02 10:45 - 2016-03-21 23:15 - 000027648 _____ (Copyright (c) Code Industry Ltd) [File not signed] C:\WINDOWS\System32\mpelocalmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [242]
AlternateDataStreams: C:\Users\Tedas\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Tedas\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Tedas\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Tedas\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tedas\Desktop\idivt1b0al8x.jpg
DNS Servers: 217.170.96.24 - 217.170.96.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SU10Guard => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{7396ED8E-1E65-46DC-99EE-43D848A78727}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe => No File
FirewallRules: [TCP Query User{25948E3B-C9A0-42F9-A487-B269A73EA7BF}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe => No File
FirewallRules: [{980C41C3-B48C-41A4-933D-B804F957DAE7}] => (Block) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [{D5DFCB38-2E5F-4DC5-B1BF-06E49BDA5E3F}] => (Block) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [UDP Query User{409EC883-842E-41F5-85A6-51BE7B96339F}C:\program files (x86)\the long dark steadfast ranger\tld.exe] => (Allow) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [TCP Query User{BD622AC8-82B9-4619-82F3-360A3AED4062}C:\program files (x86)\the long dark steadfast ranger\tld.exe] => (Allow) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [UDP Query User{3314939B-547E-41B7-A090-1B7B6D4AB2DC}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe] => (Block) C:\games\trine 3 - the artifacts of power\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{05BDD902-4270-4E69-9707-2254C13D661F}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe] => (Block) C:\games\trine 3 - the artifacts of power\trine3_64bit.exe => No File
FirewallRules: [{85507CE8-DF40-4EC6-89BE-A2201484A27B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{6940DC36-2679-4102-A3CD-85777AC5AD41}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{F4F86300-F2D6-4E87-B2FC-D8EF92AFB16D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{29F85D0A-B7C1-4844-A59F-FB73396D4DCE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{90D72EAC-A684-42F9-A164-B616E0B16703}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe => No File
FirewallRules: [{E7414CF4-B353-4800-8062-7581ADC4F846}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe => No File
FirewallRules: [{ADA574E6-E312-413B-9F8A-4368AB73563F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe => No File
FirewallRules: [{B6CB1D70-ADB3-4445-95A7-3D7DF7DABCD5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe => No File
FirewallRules: [{592126C4-AEDF-4AB5-B84C-B5766D229B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trials Rising - Open Beta\datapack\trialsrising.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{524098FC-5525-43B1-B553-7A09CC878B4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trials Rising - Open Beta\datapack\trialsrising.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{E6EBBDC6-0CAF-4412-AB10-86FD4E305974}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{1226E320-109E-466B-8076-E64C51E09D67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{2BB760E0-CC47-485D-B43C-8674422470D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe => No File
FirewallRules: [{A147EB3A-EDEA-4747-BE46-6D3B94703C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe => No File
FirewallRules: [UDP Query User{1EEC41D0-C8EE-494E-BB67-FA98180C0BB7}C:\program files (x86)\fifa19\fifa19.exe] => (Block) C:\program files (x86)\fifa19\fifa19.exe => No File
FirewallRules: [TCP Query User{45D84EED-7BFB-4342-B947-7BC53551244E}C:\program files (x86)\fifa19\fifa19.exe] => (Block) C:\program files (x86)\fifa19\fifa19.exe => No File
FirewallRules: [{74BAB2D8-1F0E-4C61-82FC-68AFEC9CE3CB}] => (Allow) C:\Program Files (x86)\FIFA19\FIFASetup\fifaconfig.exe => No File
FirewallRules: [{274B6D98-42F9-4F7B-8E75-7D4121587511}] => (Allow) C:\Program Files (x86)\FIFA19\FIFASetup\fifaconfig.exe => No File
FirewallRules: [UDP Query User{6BD73436-3F6F-4175-9B7B-F44425DA6662}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe => No File
FirewallRules: [TCP Query User{CBA86B3A-35FD-410F-984B-494F1345515E}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe => No File
FirewallRules: [UDP Query User{5C9A80C7-CFA9-4605-A16A-2E1B82C9AD19}C:\users\tedas\downloads\the forest v.0.73\theforest.exe] => (Block) C:\users\tedas\downloads\the forest v.0.73\theforest.exe => No File
FirewallRules: [TCP Query User{B63AC315-FE02-4BA9-8189-B24C472B38BC}C:\users\tedas\downloads\the forest v.0.73\theforest.exe] => (Block) C:\users\tedas\downloads\the forest v.0.73\theforest.exe => No File
FirewallRules: [UDP Query User{7D51EAE8-EF64-4C9F-9F6B-7F49DF01BB39}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe] => (Allow) C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe => No File
FirewallRules: [TCP Query User{D104A184-B420-4811-8E6F-047CC421BB64}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe] => (Allow) C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe => No File
FirewallRules: [UDP Query User{DE04A716-F8BD-475E-B350-FF1EF0AA388D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{A8DC5135-7233-4C9E-AFF6-005D31D0BFD5}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{CC332781-45C2-4BAF-BCA3-47C86FE5859D}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [TCP Query User{BBAB187B-06CE-4469-A900-A6C0DFD769B5}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [{76734872-8C3C-47BF-BAB7-C340349F9761}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E007425F-2D70-4979-96B6-27FC6A13185D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{8F8D3B71-C1BD-4179-9F1E-EE6C89892B15}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [TCP Query User{A38ED5A4-BD3C-42CE-AD94-469ADB68AF89}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{25103342-429F-472B-B9A8-E88D9B70B6D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{ABED4824-A38C-4106-B3A9-4B901CDB0FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [UDP Query User{3D676169-FF89-4C18-98F5-AD92CE91E814}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{3030479B-4EB7-437C-8ED8-8B984754B111}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{3BA9EE82-7DB6-4517-8715-CC6B09D29CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{B78844CE-1B7B-4D16-849F-9DFE01DE2B4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{5DA0ADD8-3CA0-4F7B-AF40-FE135963897D}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe] => (Allow) C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{5B845F6A-4055-4438-8FF3-10C5E8D06A96}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe] => (Allow) C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{33395D06-1840-45D7-87E8-F2A31E203DCD}C:\program files (x86)\the long dark vigilant flame\tld.exe] => (Block) C:\program files (x86)\the long dark vigilant flame\tld.exe => No File
FirewallRules: [TCP Query User{6252D054-BD46-4E30-80F1-2DA9AD3B67B7}C:\program files (x86)\the long dark vigilant flame\tld.exe] => (Block) C:\program files (x86)\the long dark vigilant flame\tld.exe => No File
FirewallRules: [UDP Query User{FE3B6426-F8D3-4CA0-8FBD-BFCA96399DC5}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe => No File
FirewallRules: [TCP Query User{2D1AFB2B-9FC2-42F1-A30F-44971D709480}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe => No File
FirewallRules: [UDP Query User{776B30AC-5CDF-48F7-9FC5-2560FF949CD7}C:\program files\fifa18\fifa18.exe] => (Block) C:\program files\fifa18\fifa18.exe => No File
FirewallRules: [TCP Query User{A7781CE2-19C5-4D31-A180-7CFB7251E08E}C:\program files\fifa18\fifa18.exe] => (Block) C:\program files\fifa18\fifa18.exe => No File
FirewallRules: [UDP Query User{ABD04650-2B6D-4E03-AAC4-934B4323881B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{C6D299BC-902E-41C5-BE88-15F3B2A0B1C0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{449D2B97-65BB-4D48-83D7-AC056797CEC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{A5C8B59B-4A1B-49E8-950B-51B020BE7989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [UDP Query User{170788E9-AE6D-42C3-AC8D-57E872E5D7EB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{BB4E4914-7140-4B39-9CC9-F9DCB7503BE2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D9AE2D97-4B39-4153-A857-4EE3906B57E4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B458AD72-13A2-4F0C-99D1-97687E36FF3B}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{E15672D6-DFCA-4D3E-8A38-B35C8C7973E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C48B6BDD-6CAD-4CA2-A554-08D3EE1E9328}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1F7082D4-A68F-465B-9C89-6BCE113DC073}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CEC4A1E0-D74F-4A22-8B99-D8748891F91F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{37E3160C-171F-490E-AA83-13F916297705}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{8BFE602C-1536-4B8C-8BC3-3B3FF140538D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [{A1DD1316-6ADC-4794-90B0-FF5916A48380}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C11AD1B1-42DF-4617-ACAE-D08497375B5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A2FDB465-7C3C-46CD-AD24-DA7E2EE5A846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CDEF1903-38A9-46DD-A33B-C7718A737C8A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{442523A3-8445-43A0-974A-C2F915105B45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{F5ADE993-B18F-4978-BA99-090BEFD6FF1E}C:\users\tedas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tedas\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{5DA23990-7224-48B5-A997-627E45C0A7D4}C:\users\tedas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tedas\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C060A4E8-7A65-4A80-AF8F-86247E278FF0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A63360C6-C41A-4FDD-954B-CDD3819B6C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{D8E4114B-1153-45E1-8AB6-099DF72964BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{FE4F0061-D370-4D38-BFFE-49BEF0A365BA}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{A1FDCBC8-30FE-4D8A-A122-3555F081EB2E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{696C35F9-8740-45AD-9903-AFA191FE5379}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{6DC7B3AD-A0C9-4B06-AF43-4B3652EE3521}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [{FE21A22C-6D23-4B5E-8718-C0DB5A448CF9}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{2F865EB5-ACAE-4574-9AB3-7F4B28A70E05}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{263AF11F-D393-4CBE-B53C-55CF9CE654B3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{616F69E6-1BFA-47A6-9A59-C40F3D17F40B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [UDP Query User{D90B1929-7C22-4020-BFBF-0A5D44466D9C}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [TCP Query User{34BAB011-1C63-4841-8F9A-DADE3FB84FAC}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe => No File
FirewallRules: [UDP Query User{3C81E7C8-1A87-42B5-AFBB-3DD8002BB000}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe => No File
FirewallRules: [{C595BE4F-A4C5-4737-98AF-876373BB6978}] => (Allow) C:\Users\Tedas\Desktop\bin\BlackDesert32.exe => No File
FirewallRules: [{92A16771-6498-48CB-94E2-27008F5489A1}] => (Allow) C:\Users\Tedas\Desktop\bin64\BlackDesert64.exe => No File
FirewallRules: [{07F1F5BE-F3FE-4141-9D41-6EAF65432B29}] => (Allow) C:\Users\Tedas\Desktop\BlackDesert_Launcher.exe => No File
FirewallRules: [{B7DA36E3-C838-4FB0-8A4C-9A0369185CED}] => (Allow) C:\Users\Tedas\Desktop\BlackDesert_Downloader.exe => No File
FirewallRules: [{44057F5E-A82C-4259-9785-A6F4F4048D74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{F024066F-9F59-4C61-A4ED-E439022404FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8D7C053B-0AF7-41B7-905D-A57B7497E3F1}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut.exe => No File
FirewallRules: [{CA7CF4D2-44BC-454B-B97F-25942C2829C4}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut.exe => No File
FirewallRules: [{1D190272-D04B-4DA8-9676-CCB3E0638E4F}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe => No File
FirewallRules: [{11398128-B9C6-4C3D-A0CE-C0FE8395A4B1}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe => No File
FirewallRules: [{A695587D-AC1F-4973-9422-8CF2031E999A}] => (Allow) C:\Users\Tedas\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{628F2F21-48C2-4D29-96AA-787FD301FDB9}] => (Allow) C:\Users\Tedas\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AAB424C2-BAF9-44E0-895F-369278D773F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{9512A72D-CEA3-46FF-A43E-D290F313DC62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{C59F77D7-8677-475F-BB56-84FAA0BFEB3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [{2347421A-4C43-4180-BA28-5B15404F31C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [TCP Query User{8DABF29E-30BB-426C-A970-C87129451DF0}C:\users\tedas\desktop\forest\theforest.exe] => (Allow) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [UDP Query User{D3E90E97-A677-4766-8870-C98F990C58A0}C:\users\tedas\desktop\forest\theforest.exe] => (Allow) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [{B6435047-652D-47B2-A57D-1615C155798A}] => (Block) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [{483F794F-E640-4BF4-9A17-91D23560C62D}] => (Block) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [{972D10C0-0D2D-472F-A719-BC0451474FDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed]
FirewallRules: [{5F7C5DF1-5F17-4387-AF58-B224CAD38D0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{4B86ECF9-FC21-4285-8E91-FD0E419AED74}C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{AECA89BA-421D-4920-9312-381351B5CAA1}C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [{1AC7E7D4-CA30-44D2-A52E-039FEA01B5C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{97C27DBE-2E75-4B05-BE98-DB6D5DE89631}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3C285D53-44B9-46B0-A668-1F9746C1CDB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D19BC948-5823-481C-A5EF-45A37CF07487}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C6FC39B-BA40-409B-AB63-E35F80C931C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9FF0CD1E-78E5-4494-A400-C9D0A33F722B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{65FE2971-0A1B-4D4C-8355-EE503F98F99B}C:\games\diablo ii complete edition\game.exe] => (Block) C:\games\diablo ii complete edition\game.exe (Blizzard North) [File not signed]
FirewallRules: [UDP Query User{09360440-C99A-4333-9B30-D0293EE49A0F}C:\games\diablo ii complete edition\game.exe] => (Block) C:\games\diablo ii complete edition\game.exe (Blizzard North) [File not signed]
FirewallRules: [{02574EFF-BD5E-4609-92EE-82C5535DBE0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71C56C50-DB23-4FA2-99EF-013D108BED3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{00D21AD3-1330-495E-A1E3-CA469189A3B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{22FDEA66-E937-4850-86FD-A24D9276387F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EBFE8D35-0F35-49CB-855A-6C6CE7D2F60E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> PUBG Corporation)
FirewallRules: [{733BDA2E-CD40-484E-ACD0-80510B974DF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> PUBG Corporation)
FirewallRules: [{3F23122B-4E3B-4B8D-91AB-C0CB227E265B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-10-2020 22:57:52 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/01/2020 10:26:29 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4252,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/01/2020 10:15:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (11/01/2020 10:15:49 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (11/01/2020 10:12:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3368,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/01/2020 12:51:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10072,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/01/2020 12:20:05 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1728,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/01/2020 12:17:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.18362.752, časové razítko: 0x5e7049d9
Název chybujícího modulu: dcomp.dll, verze: 10.0.18362.959, časové razítko: 0x2ba0a53f
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000009c47a
ID chybujícího procesu: 0x13fc
Čas spuštění chybující aplikace: 0x01d6afa4252c5eca
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\dcomp.dll
ID zprávy: e87de5c1-a2cc-4338-9a37-e696f75c2e21
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (11/01/2020 12:05:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7856,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (11/01/2020 10:24:58 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku ?? bylo zjištěno poškození.

Hlavní tabulka souborů (MFT) obsahuje poškozený záznam souboru. Referenční číslo souboru je 0x9000000000009. Název souboru je <nelze určit název souboru>.

Error: (11/01/2020 10:19:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Microsoft Edge Update (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/01/2020 10:15:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/01/2020 10:15:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/01/2020 10:15:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/01/2020 10:15:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/01/2020 10:15:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/01/2020 10:09:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Microsoft Edge Update (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
===================================
Date: 2020-10-23 15:24:43.866
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {CDE2FC70-CEE1-48D9-894A-50DBAE2DC18D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-20 22:52:56.268
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5B8A23F9-0065-4EED-BF15-BCA464162E3D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-14 09:02:12.236
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/CrackSearch
ID: 2147730914
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files (x86)\Assassins Creed Odyssey\dbdata.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-11JAO0Q\Tedas
Název procesu: C:\Program Files (x86)\Assassins Creed Odyssey\ACOdyssey.exe
Verze bezpečnostních informací: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-14 09:01:59.329
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/CrackSearch
ID: 2147730914
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files (x86)\Assassins Creed Odyssey\dbdata.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-11JAO0Q\Tedas
Název procesu: C:\Program Files (x86)\Assassins Creed Odyssey\ACOdyssey.exe
Verze bezpečnostních informací: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-14 09:01:30.016
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/CrackSearch
ID: 2147730914
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files (x86)\Assassins Creed Odyssey\dbdata.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-11JAO0Q\Tedas
Název procesu: C:\Program Files (x86)\Assassins Creed Odyssey\ACOdyssey.exe
Verze bezpečnostních informací: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-11-01 00:59:33.954
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Zálohování
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.325.1617.0;1.325.1617.0
Verze modulu: 1.1.17500.4

Date: 2020-11-01 00:59:24.389
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.327.79.0;1.327.79.0
Verze modulu: 1.1.17600.5

Date: 2020-10-31 17:53:29.386
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.79.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2020-10-31 14:00:48.217
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1617.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2020-10-30 09:00:38.970
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1617.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.8 12/25/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 8136 MB
Available physical RAM: 5159.07 MB
Total Virtual: 18376 MB
Available Virtual: 13865.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.76 GB) (Free:115.28 GB) NTFS

\\?\Volume{c1d0dba7-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{c1d0dba7-0000-0000-0000-003774000000}\ () (Fixed) (Total:0.46 GB) (Free:0.04 GB) NTFS
\\?\Volume{c1d0dba7-0000-0000-0000-905474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C1D0DBA7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=472 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: TiWorker.exe virus + log

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\hovna\ds4\DS4Windows.exe
C:\Program Files (x86)\Bonjour
C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\MountPoints2: {a416e489-4c6f-11e8-aa2d-d8cb8a561954} - "F:\setup.exe"
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
Startup: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2018-11-05]
ShortcutTarget: DS4Windows.lnk -> C:\hovna\ds4\DS4Windows.exe () [File not signed]
Task: {044D7DDC-13A0-4898-B71D-B9945340FD0E} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {40123834-AB65-4B80-9A44-4637D4CA189E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {64E499E6-96AB-4ADB-9926-96283A28AEEF} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
Task: {B545F0E7-550E-4D8B-965B-1595D5832CEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {DCC85488-DD26-400E-B5FA-76422A6E1CB4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2FD76C5-793D-4F16-AA0C-B194580159CD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {F353CF4E-B0A4-4312-908D-4667E47A1FD3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: C:\WINDOWS\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
CHR Notifications: Default -> hxxps://steamcommunity.com
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe" [X]
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
S3 MpKsl7bd835e2; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF68E865-C744-4659-8560-36510AF62E07}\MpKslDrv.sys [X]
2020-11-01 10:17 - 2020-06-23 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Shortcut: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Tedas\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
AlternateDataStreams: C:\Users\Public\AppData:CSM [242]
AlternateDataStreams: C:\Users\Tedas\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Tedas\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Tedas\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Tedas\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
FirewallRules: [{C11AD1B1-42DF-4617-ACAE-D08497375B5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A2FDB465-7C3C-46CD-AD24-DA7E2EE5A846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CDEF1903-38A9-46DD-A33B-C7718A737C8A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{442523A3-8445-43A0-974A-C2F915105B45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SU10Guard => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "Discord"
FirewallRules: [UDP Query User{7396ED8E-1E65-46DC-99EE-43D848A78727}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe => No File
FirewallRules: [TCP Query User{25948E3B-C9A0-42F9-A487-B269A73EA7BF}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe => No File
FirewallRules: [{980C41C3-B48C-41A4-933D-B804F957DAE7}] => (Block) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [{D5DFCB38-2E5F-4DC5-B1BF-06E49BDA5E3F}] => (Block) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [UDP Query User{409EC883-842E-41F5-85A6-51BE7B96339F}C:\program files (x86)\the long dark steadfast ranger\tld.exe] => (Allow) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [TCP Query User{BD622AC8-82B9-4619-82F3-360A3AED4062}C:\program files (x86)\the long dark steadfast ranger\tld.exe] => (Allow) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [UDP Query User{3314939B-547E-41B7-A090-1B7B6D4AB2DC}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe] => (Block) C:\games\trine 3 - the artifacts of power\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{05BDD902-4270-4E69-9707-2254C13D661F}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe] => (Block) C:\games\trine 3 - the artifacts of power\trine3_64bit.exe => No File
FirewallRules: [{85507CE8-DF40-4EC6-89BE-A2201484A27B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{6940DC36-2679-4102-A3CD-85777AC5AD41}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{F4F86300-F2D6-4E87-B2FC-D8EF92AFB16D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{29F85D0A-B7C1-4844-A59F-FB73396D4DCE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{90D72EAC-A684-42F9-A164-B616E0B16703}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe => No File
FirewallRules: [{E7414CF4-B353-4800-8062-7581ADC4F846}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe => No File
FirewallRules: [{ADA574E6-E312-413B-9F8A-4368AB73563F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe => No File
FirewallRules: [{B6CB1D70-ADB3-4445-95A7-3D7DF7DABCD5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe => No File
FirewallRules: [{592126C4-AEDF-4AB5-B84C-B5766D229B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trials Rising - Open Beta\datapack\trialsrising.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{524098FC-5525-43B1-B553-7A09CC878B4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trials Rising - Open Beta\datapack\trialsrising.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{E6EBBDC6-0CAF-4412-AB10-86FD4E305974}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{1226E320-109E-466B-8076-E64C51E09D67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{2BB760E0-CC47-485D-B43C-8674422470D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe => No File
FirewallRules: [{A147EB3A-EDEA-4747-BE46-6D3B94703C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe => No File
FirewallRules: [UDP Query User{1EEC41D0-C8EE-494E-BB67-FA98180C0BB7}C:\program files (x86)\fifa19\fifa19.exe] => (Block) C:\program files (x86)\fifa19\fifa19.exe => No File
FirewallRules: [TCP Query User{45D84EED-7BFB-4342-B947-7BC53551244E}C:\program files (x86)\fifa19\fifa19.exe] => (Block) C:\program files (x86)\fifa19\fifa19.exe => No File
FirewallRules: [{74BAB2D8-1F0E-4C61-82FC-68AFEC9CE3CB}] => (Allow) C:\Program Files (x86)\FIFA19\FIFASetup\fifaconfig.exe => No File
FirewallRules: [{274B6D98-42F9-4F7B-8E75-7D4121587511}] => (Allow) C:\Program Files (x86)\FIFA19\FIFASetup\fifaconfig.exe => No File
FirewallRules: [UDP Query User{6BD73436-3F6F-4175-9B7B-F44425DA6662}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe => No File
FirewallRules: [TCP Query User{CBA86B3A-35FD-410F-984B-494F1345515E}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe => No File
FirewallRules: [UDP Query User{5C9A80C7-CFA9-4605-A16A-2E1B82C9AD19}C:\users\tedas\downloads\the forest v.0.73\theforest.exe] => (Block) C:\users\tedas\downloads\the forest v.0.73\theforest.exe => No File
FirewallRules: [TCP Query User{B63AC315-FE02-4BA9-8189-B24C472B38BC}C:\users\tedas\downloads\the forest v.0.73\theforest.exe] => (Block) C:\users\tedas\downloads\the forest v.0.73\theforest.exe => No File
FirewallRules: [UDP Query User{7D51EAE8-EF64-4C9F-9F6B-7F49DF01BB39}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe] => (Allow) C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe => No File
FirewallRules: [TCP Query User{D104A184-B420-4811-8E6F-047CC421BB64}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe] => (Allow) C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe => No File
FirewallRules: [UDP Query User{DE04A716-F8BD-475E-B350-FF1EF0AA388D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{A8DC5135-7233-4C9E-AFF6-005D31D0BFD5}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{CC332781-45C2-4BAF-BCA3-47C86FE5859D}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [TCP Query User{BBAB187B-06CE-4469-A900-A6C0DFD769B5}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [UDP Query User{5DA0ADD8-3CA0-4F7B-AF40-FE135963897D}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe] => (Allow) C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{5B845F6A-4055-4438-8FF3-10C5E8D06A96}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe] => (Allow) C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{33395D06-1840-45D7-87E8-F2A31E203DCD}C:\program files (x86)\the long dark vigilant flame\tld.exe] => (Block) C:\program files (x86)\the long dark vigilant flame\tld.exe => No File
FirewallRules: [TCP Query User{6252D054-BD46-4E30-80F1-2DA9AD3B67B7}C:\program files (x86)\the long dark vigilant flame\tld.exe] => (Block) C:\program files (x86)\the long dark vigilant flame\tld.exe => No File
FirewallRules: [UDP Query User{FE3B6426-F8D3-4CA0-8FBD-BFCA96399DC5}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe => No File
FirewallRules: [TCP Query User{2D1AFB2B-9FC2-42F1-A30F-44971D709480}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe => No File
FirewallRules: [UDP Query User{776B30AC-5CDF-48F7-9FC5-2560FF949CD7}C:\program files\fifa18\fifa18.exe] => (Block) C:\program files\fifa18\fifa18.exe => No File
FirewallRules: [TCP Query User{A7781CE2-19C5-4D31-A180-7CFB7251E08E}C:\program files\fifa18\fifa18.exe] => (Block) C:\program files\fifa18\fifa18.exe => No File
FirewallRules: [UDP Query User{ABD04650-2B6D-4E03-AAC4-934B4323881B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{C6D299BC-902E-41C5-BE88-15F3B2A0B1C0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{E15672D6-DFCA-4D3E-8A38-B35C8C7973E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C48B6BDD-6CAD-4CA2-A554-08D3EE1E9328}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{FE21A22C-6D23-4B5E-8718-C0DB5A448CF9}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{2F865EB5-ACAE-4574-9AB3-7F4B28A70E05}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{263AF11F-D393-4CBE-B53C-55CF9CE654B3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{616F69E6-1BFA-47A6-9A59-C40F3D17F40B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [UDP Query User{D90B1929-7C22-4020-BFBF-0A5D44466D9C}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [TCP Query User{34BAB011-1C63-4841-8F9A-DADE3FB84FAC}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe => No File
FirewallRules: [UDP Query User{3C81E7C8-1A87-42B5-AFBB-3DD8002BB000}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe => No File
FirewallRules: [{C595BE4F-A4C5-4737-98AF-876373BB6978}] => (Allow) C:\Users\Tedas\Desktop\bin\BlackDesert32.exe => No File
FirewallRules: [{92A16771-6498-48CB-94E2-27008F5489A1}] => (Allow) C:\Users\Tedas\Desktop\bin64\BlackDesert64.exe => No File
FirewallRules: [{07F1F5BE-F3FE-4141-9D41-6EAF65432B29}] => (Allow) C:\Users\Tedas\Desktop\BlackDesert_Launcher.exe => No File
FirewallRules: [{B7DA36E3-C838-4FB0-8A4C-9A0369185CED}] => (Allow) C:\Users\Tedas\Desktop\BlackDesert_Downloader.exe => No File
FirewallRules: [{44057F5E-A82C-4259-9785-A6F4F4048D74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{F024066F-9F59-4C61-A4ED-E439022404FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8D7C053B-0AF7-41B7-905D-A57B7497E3F1}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut.exe => No File
FirewallRules: [{CA7CF4D2-44BC-454B-B97F-25942C2829C4}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut.exe => No File
FirewallRules: [{1D190272-D04B-4DA8-9676-CCB3E0638E4F}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe => No File
FirewallRules: [{11398128-B9C6-4C3D-A0CE-C0FE8395A4B1}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe => No File
FirewallRules: [{A695587D-AC1F-4973-9422-8CF2031E999A}] => (Allow) C:\Users\Tedas\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{628F2F21-48C2-4D29-96AA-787FD301FDB9}] => (Allow) C:\Users\Tedas\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AAB424C2-BAF9-44E0-895F-369278D773F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{9512A72D-CEA3-46FF-A43E-D290F313DC62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{C59F77D7-8677-475F-BB56-84FAA0BFEB3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [{2347421A-4C43-4180-BA28-5B15404F31C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [TCP Query User{8DABF29E-30BB-426C-A970-C87129451DF0}C:\users\tedas\desktop\forest\theforest.exe] => (Allow) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [UDP Query User{D3E90E97-A677-4766-8870-C98F990C58A0}C:\users\tedas\desktop\forest\theforest.exe] => (Allow) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [{B6435047-652D-47B2-A57D-1615C155798A}] => (Block) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [{483F794F-E640-4BF4-9A17-91D23560C62D}] => (Block) C:\users\tedas\desktop\forest\theforest.exe => No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

Re: TiWorker.exe virus + log

#7 Příspěvek od Tedas »

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Tedas (01-11-2020 11:24:03) Run:2
Running from C:\Users\Tedas\Desktop\zu
Loaded Profiles: Tedas
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\hovna\ds4\DS4Windows.exe
C:\Program Files (x86)\Bonjour
C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\MountPoints2: {a416e489-4c6f-11e8-aa2d-d8cb8a561954} - "F:\setup.exe"
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
Startup: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2018-11-05]
ShortcutTarget: DS4Windows.lnk -> C:\hovna\ds4\DS4Windows.exe () [File not signed]
Task: {044D7DDC-13A0-4898-B71D-B9945340FD0E} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {40123834-AB65-4B80-9A44-4637D4CA189E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {64E499E6-96AB-4ADB-9926-96283A28AEEF} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
Task: {B545F0E7-550E-4D8B-965B-1595D5832CEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {DCC85488-DD26-400E-B5FA-76422A6E1CB4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F2FD76C5-793D-4F16-AA0C-B194580159CD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {F353CF4E-B0A4-4312-908D-4667E47A1FD3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: C:\WINDOWS\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
CHR Notifications: Default -> hxxps://steamcommunity.com
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe" [X]
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
S3 MpKsl7bd835e2; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF68E865-C744-4659-8560-36510AF62E07}\MpKslDrv.sys [X]
2020-11-01 10:17 - 2020-06-23 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Shortcut: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Tedas\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
AlternateDataStreams: C:\Users\Public\AppData:CSM [242]
AlternateDataStreams: C:\Users\Tedas\Data aplikací:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Tedas\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Tedas\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Tedas\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
FirewallRules: [{C11AD1B1-42DF-4617-ACAE-D08497375B5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A2FDB465-7C3C-46CD-AD24-DA7E2EE5A846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CDEF1903-38A9-46DD-A33B-C7718A737C8A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{442523A3-8445-43A0-974A-C2F915105B45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SU10Guard => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\StartupApproved\Run: => "Discord"
FirewallRules: [UDP Query User{7396ED8E-1E65-46DC-99EE-43D848A78727}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe => No File
FirewallRules: [TCP Query User{25948E3B-C9A0-42F9-A487-B269A73EA7BF}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe] => (Block) C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe => No File
FirewallRules: [{980C41C3-B48C-41A4-933D-B804F957DAE7}] => (Block) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [{D5DFCB38-2E5F-4DC5-B1BF-06E49BDA5E3F}] => (Block) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [UDP Query User{409EC883-842E-41F5-85A6-51BE7B96339F}C:\program files (x86)\the long dark steadfast ranger\tld.exe] => (Allow) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [TCP Query User{BD622AC8-82B9-4619-82F3-360A3AED4062}C:\program files (x86)\the long dark steadfast ranger\tld.exe] => (Allow) C:\program files (x86)\the long dark steadfast ranger\tld.exe => No File
FirewallRules: [UDP Query User{3314939B-547E-41B7-A090-1B7B6D4AB2DC}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe] => (Block) C:\games\trine 3 - the artifacts of power\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{05BDD902-4270-4E69-9707-2254C13D661F}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe] => (Block) C:\games\trine 3 - the artifacts of power\trine3_64bit.exe => No File
FirewallRules: [{85507CE8-DF40-4EC6-89BE-A2201484A27B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{6940DC36-2679-4102-A3CD-85777AC5AD41}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{F4F86300-F2D6-4E87-B2FC-D8EF92AFB16D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{29F85D0A-B7C1-4844-A59F-FB73396D4DCE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{90D72EAC-A684-42F9-A164-B616E0B16703}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe => No File
FirewallRules: [{E7414CF4-B353-4800-8062-7581ADC4F846}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe => No File
FirewallRules: [{ADA574E6-E312-413B-9F8A-4368AB73563F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe => No File
FirewallRules: [{B6CB1D70-ADB3-4445-95A7-3D7DF7DABCD5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe => No File
FirewallRules: [{592126C4-AEDF-4AB5-B84C-B5766D229B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trials Rising - Open Beta\datapack\trialsrising.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{524098FC-5525-43B1-B553-7A09CC878B4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trials Rising - Open Beta\datapack\trialsrising.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{E6EBBDC6-0CAF-4412-AB10-86FD4E305974}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{1226E320-109E-466B-8076-E64C51E09D67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe => No File
FirewallRules: [{2BB760E0-CC47-485D-B43C-8674422470D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe => No File
FirewallRules: [{A147EB3A-EDEA-4747-BE46-6D3B94703C8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe => No File
FirewallRules: [UDP Query User{1EEC41D0-C8EE-494E-BB67-FA98180C0BB7}C:\program files (x86)\fifa19\fifa19.exe] => (Block) C:\program files (x86)\fifa19\fifa19.exe => No File
FirewallRules: [TCP Query User{45D84EED-7BFB-4342-B947-7BC53551244E}C:\program files (x86)\fifa19\fifa19.exe] => (Block) C:\program files (x86)\fifa19\fifa19.exe => No File
FirewallRules: [{74BAB2D8-1F0E-4C61-82FC-68AFEC9CE3CB}] => (Allow) C:\Program Files (x86)\FIFA19\FIFASetup\fifaconfig.exe => No File
FirewallRules: [{274B6D98-42F9-4F7B-8E75-7D4121587511}] => (Allow) C:\Program Files (x86)\FIFA19\FIFASetup\fifaconfig.exe => No File
FirewallRules: [UDP Query User{6BD73436-3F6F-4175-9B7B-F44425DA6662}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe => No File
FirewallRules: [TCP Query User{CBA86B3A-35FD-410F-984B-494F1345515E}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe] => (Allow) C:\program files\nefarius software solutions\scptoolkit\scpserver.exe => No File
FirewallRules: [UDP Query User{5C9A80C7-CFA9-4605-A16A-2E1B82C9AD19}C:\users\tedas\downloads\the forest v.0.73\theforest.exe] => (Block) C:\users\tedas\downloads\the forest v.0.73\theforest.exe => No File
FirewallRules: [TCP Query User{B63AC315-FE02-4BA9-8189-B24C472B38BC}C:\users\tedas\downloads\the forest v.0.73\theforest.exe] => (Block) C:\users\tedas\downloads\the forest v.0.73\theforest.exe => No File
FirewallRules: [UDP Query User{7D51EAE8-EF64-4C9F-9F6B-7F49DF01BB39}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe] => (Allow) C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe => No File
FirewallRules: [TCP Query User{D104A184-B420-4811-8E6F-047CC421BB64}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe] => (Allow) C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe => No File
FirewallRules: [UDP Query User{DE04A716-F8BD-475E-B350-FF1EF0AA388D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{A8DC5135-7233-4C9E-AFF6-005D31D0BFD5}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{CC332781-45C2-4BAF-BCA3-47C86FE5859D}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [TCP Query User{BBAB187B-06CE-4469-A900-A6C0DFD769B5}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe => No File
FirewallRules: [UDP Query User{5DA0ADD8-3CA0-4F7B-AF40-FE135963897D}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe] => (Allow) C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{5B845F6A-4055-4438-8FF3-10C5E8D06A96}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe] => (Allow) C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{33395D06-1840-45D7-87E8-F2A31E203DCD}C:\program files (x86)\the long dark vigilant flame\tld.exe] => (Block) C:\program files (x86)\the long dark vigilant flame\tld.exe => No File
FirewallRules: [TCP Query User{6252D054-BD46-4E30-80F1-2DA9AD3B67B7}C:\program files (x86)\the long dark vigilant flame\tld.exe] => (Block) C:\program files (x86)\the long dark vigilant flame\tld.exe => No File
FirewallRules: [UDP Query User{FE3B6426-F8D3-4CA0-8FBD-BFCA96399DC5}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe => No File
FirewallRules: [TCP Query User{2D1AFB2B-9FC2-42F1-A30F-44971D709480}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe => No File
FirewallRules: [UDP Query User{776B30AC-5CDF-48F7-9FC5-2560FF949CD7}C:\program files\fifa18\fifa18.exe] => (Block) C:\program files\fifa18\fifa18.exe => No File
FirewallRules: [TCP Query User{A7781CE2-19C5-4D31-A180-7CFB7251E08E}C:\program files\fifa18\fifa18.exe] => (Block) C:\program files\fifa18\fifa18.exe => No File
FirewallRules: [UDP Query User{ABD04650-2B6D-4E03-AAC4-934B4323881B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{C6D299BC-902E-41C5-BE88-15F3B2A0B1C0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{E15672D6-DFCA-4D3E-8A38-B35C8C7973E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C48B6BDD-6CAD-4CA2-A554-08D3EE1E9328}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{FE21A22C-6D23-4B5E-8718-C0DB5A448CF9}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{2F865EB5-ACAE-4574-9AB3-7F4B28A70E05}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{263AF11F-D393-4CBE-B53C-55CF9CE654B3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{616F69E6-1BFA-47A6-9A59-C40F3D17F40B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [UDP Query User{D90B1929-7C22-4020-BFBF-0A5D44466D9C}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe => No File
FirewallRules: [TCP Query User{34BAB011-1C63-4841-8F9A-DADE3FB84FAC}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe => No File
FirewallRules: [UDP Query User{3C81E7C8-1A87-42B5-AFBB-3DD8002BB000}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe => No File
FirewallRules: [{C595BE4F-A4C5-4737-98AF-876373BB6978}] => (Allow) C:\Users\Tedas\Desktop\bin\BlackDesert32.exe => No File
FirewallRules: [{92A16771-6498-48CB-94E2-27008F5489A1}] => (Allow) C:\Users\Tedas\Desktop\bin64\BlackDesert64.exe => No File
FirewallRules: [{07F1F5BE-F3FE-4141-9D41-6EAF65432B29}] => (Allow) C:\Users\Tedas\Desktop\BlackDesert_Launcher.exe => No File
FirewallRules: [{B7DA36E3-C838-4FB0-8A4C-9A0369185CED}] => (Allow) C:\Users\Tedas\Desktop\BlackDesert_Downloader.exe => No File
FirewallRules: [{44057F5E-A82C-4259-9785-A6F4F4048D74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{F024066F-9F59-4C61-A4ED-E439022404FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8D7C053B-0AF7-41B7-905D-A57B7497E3F1}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut.exe => No File
FirewallRules: [{CA7CF4D2-44BC-454B-B97F-25942C2829C4}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut.exe => No File
FirewallRules: [{1D190272-D04B-4DA8-9676-CCB3E0638E4F}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe => No File
FirewallRules: [{11398128-B9C6-4C3D-A0CE-C0FE8395A4B1}] => (Allow) C:\Program Files (x86)\AWayOut\Haze1\Binaries\Win64\AWayOut_friend.exe => No File
FirewallRules: [{A695587D-AC1F-4973-9422-8CF2031E999A}] => (Allow) C:\Users\Tedas\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{628F2F21-48C2-4D29-96AA-787FD301FDB9}] => (Allow) C:\Users\Tedas\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AAB424C2-BAF9-44E0-895F-369278D773F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{9512A72D-CEA3-46FF-A43E-D290F313DC62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe => No File
FirewallRules: [{C59F77D7-8677-475F-BB56-84FAA0BFEB3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [{2347421A-4C43-4180-BA28-5B15404F31C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe => No File
FirewallRules: [TCP Query User{8DABF29E-30BB-426C-A970-C87129451DF0}C:\users\tedas\desktop\forest\theforest.exe] => (Allow) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [UDP Query User{D3E90E97-A677-4766-8870-C98F990C58A0}C:\users\tedas\desktop\forest\theforest.exe] => (Allow) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [{B6435047-652D-47B2-A57D-1615C155798A}] => (Block) C:\users\tedas\desktop\forest\theforest.exe => No File
FirewallRules: [{483F794F-E640-4BF4-9A17-91D23560C62D}] => (Block) C:\users\tedas\desktop\forest\theforest.exe => No File

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\hovna\ds4\DS4Windows.exe => moved successfully
C:\Program Files (x86)\Bonjour => moved successfully
C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-1359492776-2785733239-201844929-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a416e489-4c6f-11e8-aa2d-d8cb8a561954} => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dismHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EOSNOTIFY.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\InstallAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MusNotification.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MUSNOTIFICATIONUX.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\remsh.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SIHClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UpdateAssistant.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPFC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UsoClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaaSMedic.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaasMedicAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Windows10Upgrade.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINDOWS10UPGRADERAPP.EXE => removed successfully
"C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk" => not found
"C:\hovna\ds4\DS4Windows.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{044D7DDC-13A0-4898-B71D-B9945340FD0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044D7DDC-13A0-4898-B71D-B9945340FD0E}" => removed successfully
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40123834-AB65-4B80-9A44-4637D4CA189E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40123834-AB65-4B80-9A44-4637D4CA189E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64E499E6-96AB-4ADB-9926-96283A28AEEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64E499E6-96AB-4ADB-9926-96283A28AEEF}" => removed successfully
C:\WINDOWS\System32\Tasks\ScpUpdater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScpUpdater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B545F0E7-550E-4D8B-965B-1595D5832CEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B545F0E7-550E-4D8B-965B-1595D5832CEA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCC85488-DD26-400E-B5FA-76422A6E1CB4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCC85488-DD26-400E-B5FA-76422A6E1CB4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F2FD76C5-793D-4F16-AA0C-B194580159CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2FD76C5-793D-4F16-AA0C-B194580159CD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F353CF4E-B0A4-4312-908D-4667E47A1FD3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F353CF4E-B0A4-4312-908D-4667E47A1FD3}" => removed successfully
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\Tasks\ScpUpdater.job => moved successfully
"Chrome Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\edgeupdate => removed successfully
edgeupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\edgeupdatem => removed successfully
edgeupdatem => service removed successfully
HKLM\System\CurrentControlSet\Services\MicrosoftEdgeElevationService => removed successfully
MicrosoftEdgeElevationService => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz149 => removed successfully
cpuz149 => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKsl7bd835e2 => removed successfully
MpKsl7bd835e2 => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk => moved successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Tedas\Data aplikací => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
C:\Users\Tedas\Data aplikací => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
"C:\Users\Tedas\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found.
"C:\Users\Tedas\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C11AD1B1-42DF-4617-ACAE-D08497375B5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2FDB465-7C3C-46CD-AD24-DA7E2EE5A846}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDEF1903-38A9-46DD-A33B-C7718A737C8A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{442523A3-8445-43A0-974A-C2F915105B45}" => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device Service => removed successfully
HKLM\System\CurrentControlSet\Services\Apple Mobile Device Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BEService => removed successfully
HKLM\System\CurrentControlSet\Services\BEService => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service => removed successfully
HKLM\System\CurrentControlSet\Services\Bonjour Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Disc Soft Lite Bus Service => removed successfully
HKLM\System\CurrentControlSet\Services\Disc Soft Lite Bus Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EasyAntiCheat => removed successfully
HKLM\System\CurrentControlSet\Services\EasyAntiCheat => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Hamachi2Svc => removed successfully
HKLM\System\CurrentControlSet\Services\Hamachi2Svc => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\InstallService => removed successfully
HKLM\System\CurrentControlSet\Services\InstallService => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service => removed successfully
HKLM\System\CurrentControlSet\Services\iPod Service => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMIGuardianSvc => removed successfully
HKLM\System\CurrentControlSet\Services\LMIGuardianSvc => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SU10Guard => removed successfully
HKLM\System\CurrentControlSet\Services\SU10Guard => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\iTunesHelper" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SecurityHealth" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SecurityHealth" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\LogMeIn Hamachi Ui" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui" => removed successfully
"HKU\S-1-5-21-1359492776-2785733239-201844929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\OneDrive" => removed successfully
"HKU\S-1-5-21-1359492776-2785733239-201844929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OneDrive" => removed successfully
"HKU\S-1-5-21-1359492776-2785733239-201844929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\DAEMON Tools Lite Automount" => removed successfully
"HKU\S-1-5-21-1359492776-2785733239-201844929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount" => removed successfully
"HKU\S-1-5-21-1359492776-2785733239-201844929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Discord" => removed successfully
"HKU\S-1-5-21-1359492776-2785733239-201844929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Discord" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7396ED8E-1E65-46DC-99EE-43D848A78727}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{25948E3B-C9A0-42F9-A487-B269A73EA7BF}C:\program files (x86)\repacky by tomi2k9\wolfenstein new order\wolfneworder_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{980C41C3-B48C-41A4-933D-B804F957DAE7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5DFCB38-2E5F-4DC5-B1BF-06E49BDA5E3F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{409EC883-842E-41F5-85A6-51BE7B96339F}C:\program files (x86)\the long dark steadfast ranger\tld.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BD622AC8-82B9-4619-82F3-360A3AED4062}C:\program files (x86)\the long dark steadfast ranger\tld.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3314939B-547E-41B7-A090-1B7B6D4AB2DC}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{05BDD902-4270-4E69-9707-2254C13D661F}C:\games\trine 3 - the artifacts of power\trine3_64bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85507CE8-DF40-4EC6-89BE-A2201484A27B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6940DC36-2679-4102-A3CD-85777AC5AD41}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4F86300-F2D6-4E87-B2FC-D8EF92AFB16D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29F85D0A-B7C1-4844-A59F-FB73396D4DCE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90D72EAC-A684-42F9-A164-B616E0B16703}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7414CF4-B353-4800-8062-7581ADC4F846}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADA574E6-E312-413B-9F8A-4368AB73563F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6CB1D70-ADB3-4445-95A7-3D7DF7DABCD5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{592126C4-AEDF-4AB5-B84C-B5766D229B59}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{524098FC-5525-43B1-B553-7A09CC878B4F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6EBBDC6-0CAF-4412-AB10-86FD4E305974}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1226E320-109E-466B-8076-E64C51E09D67}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BB760E0-CC47-485D-B43C-8674422470D5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A147EB3A-EDEA-4747-BE46-6D3B94703C8F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1EEC41D0-C8EE-494E-BB67-FA98180C0BB7}C:\program files (x86)\fifa19\fifa19.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{45D84EED-7BFB-4342-B947-7BC53551244E}C:\program files (x86)\fifa19\fifa19.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74BAB2D8-1F0E-4C61-82FC-68AFEC9CE3CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{274B6D98-42F9-4F7B-8E75-7D4121587511}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6BD73436-3F6F-4175-9B7B-F44425DA6662}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CBA86B3A-35FD-410F-984B-494F1345515E}C:\program files\nefarius software solutions\scptoolkit\scpserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5C9A80C7-CFA9-4605-A16A-2E1B82C9AD19}C:\users\tedas\downloads\the forest v.0.73\theforest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B63AC315-FE02-4BA9-8189-B24C472B38BC}C:\users\tedas\downloads\the forest v.0.73\theforest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7D51EAE8-EF64-4C9F-9F6B-7F49DF01BB39}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D104A184-B420-4811-8E6F-047CC421BB64}C:\program files (x86)\repacky by tomi2k9\alien isolation\ai.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DE04A716-F8BD-475E-B350-FF1EF0AA388D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A8DC5135-7233-4C9E-AFF6-005D31D0BFD5}C:\program files (x86)\diablo iii\x64\diablo iii64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CC332781-45C2-4BAF-BCA3-47C86FE5859D}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BBAB187B-06CE-4469-A900-A6C0DFD769B5}C:\program files (x86)\origin games\fifa 19 demo\fifa19_demo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5DA0ADD8-3CA0-4F7B-AF40-FE135963897D}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5B845F6A-4055-4438-8FF3-10C5E8D06A96}C:\gog games\trine 3 - artifacts of power\trine3_64bit.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{33395D06-1840-45D7-87E8-F2A31E203DCD}C:\program files (x86)\the long dark vigilant flame\tld.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6252D054-BD46-4E30-80F1-2DA9AD3B67B7}C:\program files (x86)\the long dark vigilant flame\tld.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FE3B6426-F8D3-4CA0-8FBD-BFCA96399DC5}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2D1AFB2B-9FC2-42F1-A30F-44971D709480}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{776B30AC-5CDF-48F7-9FC5-2560FF949CD7}C:\program files\fifa18\fifa18.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7781CE2-19C5-4D31-A180-7CFB7251E08E}C:\program files\fifa18\fifa18.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ABD04650-2B6D-4E03-AAC4-934B4323881B}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C6D299BC-902E-41C5-BE88-15F3B2A0B1C0}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E15672D6-DFCA-4D3E-8A38-B35C8C7973E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C48B6BDD-6CAD-4CA2-A554-08D3EE1E9328}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE21A22C-6D23-4B5E-8718-C0DB5A448CF9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F865EB5-ACAE-4574-9AB3-7F4B28A70E05}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{263AF11F-D393-4CBE-B53C-55CF9CE654B3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{616F69E6-1BFA-47A6-9A59-C40F3D17F40B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D90B1929-7C22-4020-BFBF-0A5D44466D9C}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{34BAB011-1C63-4841-8F9A-DADE3FB84FAC}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3C81E7C8-1A87-42B5-AFBB-3DD8002BB000}C:\program files (x86)\outlast + dlc whistleblower\binaries\win64\olgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C595BE4F-A4C5-4737-98AF-876373BB6978}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92A16771-6498-48CB-94E2-27008F5489A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07F1F5BE-F3FE-4141-9D41-6EAF65432B29}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7DA36E3-C838-4FB0-8A4C-9A0369185CED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44057F5E-A82C-4259-9785-A6F4F4048D74}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F024066F-9F59-4C61-A4ED-E439022404FC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D7C053B-0AF7-41B7-905D-A57B7497E3F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA7CF4D2-44BC-454B-B97F-25942C2829C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D190272-D04B-4DA8-9676-CCB3E0638E4F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11398128-B9C6-4C3D-A0CE-C0FE8395A4B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A695587D-AC1F-4973-9422-8CF2031E999A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{628F2F21-48C2-4D29-96AA-787FD301FDB9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AAB424C2-BAF9-44E0-895F-369278D773F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9512A72D-CEA3-46FF-A43E-D290F313DC62}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C59F77D7-8677-475F-BB56-84FAA0BFEB3C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2347421A-4C43-4180-BA28-5B15404F31C6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8DABF29E-30BB-426C-A970-C87129451DF0}C:\users\tedas\desktop\forest\theforest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D3E90E97-A677-4766-8870-C98F990C58A0}C:\users\tedas\desktop\forest\theforest.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6435047-652D-47B2-A57D-1615C155798A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{483F794F-E640-4BF4-9A17-91D23560C62D}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4209448 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 1248348512 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 102190 B
NetworkService => 12274118 B
Tedas => 74580469 B

RecycleBin => 1228834 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:26:29 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: TiWorker.exe virus + log

#8 Příspěvek od Diallix »

Ok, Poprosim o nove logy FRST + ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

Re: TiWorker.exe virus + log

#9 Příspěvek od Tedas »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Tedas (administrator) on DESKTOP-11JAO0Q (MSI MS-7817) (01-11-2020 11:40:57)
Running from C:\Users\Tedas\Desktop\zu
Loaded Profiles: Tedas
Platform: Windows 10 Home Version 1903 18362.959 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [GoogleChromeAutoLaunch_AC42B993303A9B313EB69949F2D35547] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\...\Windows x64\Print Processors\Canon MG5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAT.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\Windows\system32\CNMLMAT.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\MPE3 Port: C:\Windows\system32\mpelocalmon.dll [27648 2016-03-21] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D32A704-F473-44D3-9035-E4389A05E2E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36650B59-1F5B-421A-9CEA-2BCDE4BB361A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36E03316-981A-4A92-A9BD-D327FFAFEC29} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE
Task: {37B156C4-C0DA-4B17-890F-21FE12900FC8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {3C0B4884-134A-408B-A677-D65219424A3B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {78C31882-23B0-4365-87A5-D0DFA00FA67F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82C80C1E-7AC6-430E-B696-697881D6B70A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8DBDA4E4-6AAD-4E53-94A6-280516D43CF2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW => C:\WINDOWS\SysWOW64\Speech\Engines\Q-1-77-32\FD_1.3.73.85.exe (Access Denied) <==== ATTENTION
Task: {8FD122C3-EC1B-484F-AF45-E33CD4782CDD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9181F4E2-0D7E-4A0E-847B-E88E65F9F20C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C13217DA-8E8E-4DC1-8001-EB99039BB94E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {C3902AD9-C574-478F-A8FA-F0B93408A0FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCC11C72-A0EF-4303-A4ED-C4323695A230} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DBE43F6F-740C-4D21-A1F5-9C860B268640} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4B8E569-06F3-4DBA-90E1-8FD248099E74} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB5A09D9-90A5-439D-AB44-8CF1F5740F5A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {EB8F9523-65D5-4EED-B790-0ECEAAFA7BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBA862CC-7EC6-481A-B0B6-B8E67B73B503} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0F0F582-32E5-45CA-B9F6-3923CCE00F4B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F23735F4-A3A2-468D-8DB9-5C219565A7BE} - System32\Tasks\Microsoft\Windows\PLA\Nová sada kolekcí dat => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1507328 2020-05-24] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2
Tcpip\..\Interfaces\{0fef3b3e-9fcc-4dd8-9d0e-b5f69504820d}: [DhcpNameServer] 217.170.96.24 217.170.96.2

Edge:
======
Edge Profile: C:\Users\Tedas\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-04]

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-1359492776-2785733239-201844929-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Tedas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-25] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default [2020-11-01]
CHR HomePage: Default -> hxxps://www.google.cz/webhp?sourceid=chrome-ins ... 2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/?a=6PRfkUrXis&i=26&loc=skw","","hxxp://www.default-search.net?sid=503&aid=100& ... oogle.com/"
CHR Extension: (Prezentace) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Dokumenty) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Disk Google) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2020-10-31]
CHR Extension: (Tabulky) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-03-29] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1358464 2020-10-29] (Rockstar Games, Inc. -> Rockstar Games)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6933240 2020-10-22] (PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2018-12-14] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-05-15] (Martin Malik - REALiX -> REALiX(tm))
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2020-01-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 11:28 - 2020-11-01 11:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-11-01 11:17 - 2020-11-01 11:40 - 000000000 ____D C:\Users\Tedas\Desktop\zu
2020-11-01 10:13 - 2020-11-01 10:15 - 000000000 ____D C:\AdwCleaner
2020-11-01 10:12 - 2020-11-01 10:12 - 008447152 _____ (Malwarebytes) C:\Users\Tedas\Desktop\adwcleaner_8.0.8.exe
2020-11-01 00:49 - 2020-11-01 11:41 - 000000000 ____D C:\FRST
2020-11-01 00:25 - 2020-11-01 00:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\Tedas\Desktop\hijackthis.exe
2020-10-31 23:52 - 2020-10-31 23:54 - 137386432 _____ (Microsoft Corporation) C:\Users\Tedas\Desktop\MSERT.exe
2020-10-29 16:42 - 2020-10-29 20:14 - 000000000 ____D C:\Users\Tedas\Downloads\Luther.S02.HDTV.XviD-soupuciaTPB
2020-10-22 09:29 - 2020-10-22 09:58 - 000000000 ____D C:\Program Files\Common Files\PUBG
2020-10-21 12:56 - 2020-10-21 12:59 - 000000000 ____D C:\Users\Tedas\Downloads\Luther Season 1 Complete 720p BluRay x264 [i_c]
2020-10-19 11:05 - 2020-10-19 11:05 - 000000222 _____ C:\Users\Tedas\Desktop\PUBG.url
2020-10-14 16:11 - 2020-10-14 16:11 - 000001186 _____ C:\Users\Tedas\Desktop\AC.lnk
2020-10-12 12:20 - 2020-10-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein Youngblood

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-01 11:35 - 2018-04-12 19:43 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-01 11:32 - 2018-04-12 21:24 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-11-01 11:30 - 2018-04-12 19:30 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-01 11:28 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-01 11:27 - 2019-08-17 17:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-01 11:26 - 2019-10-14 15:49 - 000000000 ____D C:\Users\Tedas\AppData\LocalLow\Temp
2020-11-01 11:26 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-01 11:24 - 2019-04-26 13:57 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2020-11-01 00:57 - 2018-07-25 17:50 - 000007610 _____ C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-11-01 00:26 - 2018-04-12 19:21 - 000000000 ____D C:\Users\Tedas\AppData\Local\VirtualStore
2020-11-01 00:17 - 2018-09-07 20:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\CrashDumps
2020-10-31 23:35 - 2020-05-30 00:03 - 000000000 ____D C:\Users\Tedas\AppData\Local\ElevatedDiagnostics
2020-10-31 21:06 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\discord
2020-10-31 18:56 - 2018-05-29 16:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\PlaceholderTileLogoFolder
2020-10-30 12:39 - 2020-01-31 13:00 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\TS3Client
2020-10-29 20:32 - 2018-04-30 13:51 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\uTorrent
2020-10-29 16:42 - 2020-08-16 20:04 - 000000000 ____D C:\Users\Tedas\AppData\Local\BitTorrentHelper
2020-10-29 13:32 - 2019-08-17 17:51 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1359492776-2785733239-201844929-1001
2020-10-29 13:32 - 2019-08-17 11:32 - 000002361 _____ C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-29 13:32 - 2018-04-12 19:24 - 000000000 ___RD C:\Users\Tedas\OneDrive
2020-10-27 08:56 - 2019-08-17 17:43 - 001606106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-27 08:56 - 2019-03-19 12:55 - 000682526 _____ C:\WINDOWS\system32\perfh005.dat
2020-10-27 08:56 - 2019-03-19 12:55 - 000137244 _____ C:\WINDOWS\system32\perfc005.dat
2020-10-27 08:56 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-10-27 00:32 - 2019-08-17 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-21 23:18 - 2018-04-12 19:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-19 17:17 - 2018-05-28 21:53 - 000000000 ____D C:\Users\Tedas\AppData\Local\D3DSCache
2020-10-15 18:02 - 2020-09-30 18:29 - 000000000 ____D C:\Users\Tedas\Documents\Assassin's Creed Odyssey
2020-10-14 08:09 - 2020-09-30 17:14 - 000000000 ____D C:\Program Files (x86)\Assassins Creed Odyssey
2020-10-13 11:35 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-08 20:11 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-10-08 20:10 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Local\Discord
2020-10-07 13:17 - 2018-04-19 21:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-05 16:50 - 2018-05-04 13:18 - 000000000 ____D C:\Users\Tedas\Documents\My Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files (x86)\Rockstar Games

==================== Files in the root of some directories ========

2020-06-05 18:35 - 2020-06-05 18:43 - 000011938 _____ () C:\Program Files\devoir.docx
2019-03-11 19:07 - 2019-03-11 19:07 - 000003584 _____ () C:\Users\Tedas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-25 17:50 - 2020-11-01 00:57 - 000007610 _____ () C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-06-24 15:04 - 2020-06-24 15:04 - 000000000 _____ () C:\Users\Tedas\AppData\Local\{364767BB-2829-418F-B9FB-E8834887FC99}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Tedas (01-11-2020 11:42:40)
Running from C:\Users\Tedas\Desktop\zu
Windows 10 Home Version 1903 18362.959 (X64) (2019-08-17 16:52:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1359492776-2785733239-201844929-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1359492776-2785733239-201844929-503 - Limited - Disabled)
Guest (S-1-5-21-1359492776-2785733239-201844929-501 - Limited - Disabled)
Tedas (S-1-5-21-1359492776-2785733239-201844929-1001 - Administrator - Enabled) => C:\Users\Tedas
WDAGUtilityAccount (S-1-5-21-1359492776-2785733239-201844929-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\uTorrent) (Version: 3.5.5.45776 - BitTorrent Inc.)
10 Second Ninja X (HKLM\...\MTBzZWNvbmRuaW5qYXg_is1) (Version: 1 - )
A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Alien Isolation version 1.0.0 (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0.0 - REPACKY BY TOMI2K9)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assassin's Creed Odyssey (HKLM-x32\...\{B7EC622B-1979-450E-8281-C5648506DB83}_is1) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bioshock Infinite verze v1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: v1.1.25.5165 - (R.G.Danik1B9))
BioShock Remastered (HKLM-x32\...\1439656515_is1) (Version: 1.0.122872 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Dark Souls III - The Fire Fades Edition (HKLM-x32\...\{C767B161-1DD8-4527-AC44-9B455E6ACEF2}) (Version: 1.0.0 - BANDAI NAMCO)
DARK SOULS REMASTERED (HKLM-x32\...\DARK SOULS REMASTERED_is1) (Version: - )
Dark Souls™ II verze v1.07 (HKLM-x32\...\Dark Souls™ II_is1) (Version: v1.07 - R.G. Danik1B9)
Diablo II (HKLM-x32\...\{BE91F536-19B8-45D8-A083-980E14C3A868}) (Version: 1.0.0 - BLIZZARD)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II Complete Edition MULTi6 - ElAmigos version 1.14D (HKLM-x32\...\{0FE1AA82-BF01-419E-B417-D03428435755}_is1) (Version: 1.14D - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FIFA 19 (HKLM-x32\...\FIFA 19_is1) (Version: - )
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Grand Theft Auto: San Andreas (HKLM-x32\...\Grand Theft Auto: San Andreas) (Version: 1.0.0.22 - Rockstar Games)
iTunes (HKLM\...\{A39EE3D3-411E-472C-AF73-9D751E37A7EE}) (Version: 12.10.0.7 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lords of the Fallen (HKLM-x32\...\Lords of the Fallen_is1) (Version: - )
Master PDF Editor 3.6 (HKLM\...\Master PDF Editor 3_is1) (Version: 3.6.30 - Code Industry Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.15 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - )
Mortal Shell (HKLM-x32\...\Mortal Shell_is1) (Version: - )
MuseScore 3 (HKLM\...\{778D5D3D-5448-40F4-AACC-47D443C3E8A1}) (Version: 3.4.2.9788 - Werner Schweer and Others)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted) (Version: - )
Need for Speed Most Wanted 2012 v1.0.0.0 (HKLM-x32\...\Need for Speed Most Wanted 2012_is1) (Version: 1.0.0.0 - EA Games)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version: - )
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 451.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.67 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Outlast + DLC Whistleblower verze 1.0 (HKLM-x32\...\Outlast + DLC Whistleblower_is1) (Version: 1.0 - Danik1B9)
PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 11.02 - )
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{2DB9CC90-24C4-4260-935D-511973B75707}) (Version: 7.6 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{DC327764-A1B1-4EF3-A07C-38741E3557E7}) (Version: 7.6 - Apple Inc.)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.30.299 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.0 - Rockstar Games)
ScpToolkit (HKLM\...\{1EA84ED4-28D4-4836-BF8B-0E31BF1704C5}) (Version: 1.7.277.16103 - Nefarius Software Solutions)
Sekiro Shadows Die Twice (HKLM-x32\...\Sekiro Shadows Die Twice_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH)
The Long Dark Steadfast Ranger (HKLM-x32\...\The Long Dark Steadfast Ranger_is1) (Version: - )
The Long Dark Vigilant Flame (HKLM-x32\...\The Long Dark Vigilant Flame_is1) (Version: - )
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Tony Hawks Pro Skater HD verze 1.1 (HKLM-x32\...\{B237974A-A9DB-4A1A-9ABF-4CFA4050F646}_is1) (Version: 1.1 - tomi2k9)
Tony Hawk's Underground 2 (HKLM-x32\...\{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision) Hidden
Tony Hawk's Underground 2 (HKLM-x32\...\InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}) (Version: 1.00.0000 - Activision)
Tony Hawk's Underground 2 (HKLM-x32\...\Tony Hawk's Underground 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Torchlight 2 (HKLM-x32\...\Torchlight 2_is1) (Version: - )
Torchlight II v1.25.5.2 (HKLM-x32\...\Torchlight II_is1) (Version: - CzTorrent.net)
Trine 3 - Artifacts of Power (HKLM-x32\...\1431599567_is1) (Version: 2.2.0.5 - GOG.com)
Trine 3: The Artifacts of Power (HKLM-x32\...\Trine 3: The Artifacts of Power_is1) (Version: - )
Trine 4 The Nightmare Prince (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Trine 4 The Nightmare Prince) (Version: - HOODLUM)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F3874F6F-EA00-487D-BEAD-5FAA010E78F2}) (Version: 1.15.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 57.0 - Ubisoft)
WhoCrashed 6.65 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfenstein II - The New Colossus (HKLM-x32\...\Wolfenstein II - The New Colossus_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Wolfenstein New Order version 1.1.0 (HKLM-x32\...\Wolfenstein New Order_is1) (Version: 1.1.0 - REPACKY BY TOMI2K9)
Wolfenstein Youngblood (HKLM-x32\...\Wolfenstein Youngblood_is1) (Version: - )
Worms W.M.D (HKLM-x32\...\Worms W.M.D_is1) (Version: - )
Wreckfest (HKLM-x32\...\Wreckfest_is1) (Version: - )
Zoom (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.174.500.0_x86__kgqvnymyfvs32 [2020-08-12] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8042.0_x64__8wekyb3d8bbwe [2020-08-08] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvshext.dll [2020-07-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-01-02 10:45 - 2016-03-21 23:15 - 000027648 _____ (Copyright (c) Code Industry Ltd) [File not signed] C:\WINDOWS\System32\mpelocalmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tedas\Desktop\idivt1b0al8x.jpg
DNS Servers: 217.170.96.24 - 217.170.96.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{76734872-8C3C-47BF-BAB7-C340349F9761}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E007425F-2D70-4979-96B6-27FC6A13185D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{8F8D3B71-C1BD-4179-9F1E-EE6C89892B15}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [TCP Query User{A38ED5A4-BD3C-42CE-AD94-469ADB68AF89}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{25103342-429F-472B-B9A8-E88D9B70B6D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{ABED4824-A38C-4106-B3A9-4B901CDB0FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [UDP Query User{3D676169-FF89-4C18-98F5-AD92CE91E814}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{3030479B-4EB7-437C-8ED8-8B984754B111}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{3BA9EE82-7DB6-4517-8715-CC6B09D29CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{B78844CE-1B7B-4D16-849F-9DFE01DE2B4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{449D2B97-65BB-4D48-83D7-AC056797CEC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{A5C8B59B-4A1B-49E8-950B-51B020BE7989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [UDP Query User{170788E9-AE6D-42C3-AC8D-57E872E5D7EB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{BB4E4914-7140-4B39-9CC9-F9DCB7503BE2}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D9AE2D97-4B39-4153-A857-4EE3906B57E4}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B458AD72-13A2-4F0C-99D1-97687E36FF3B}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{1F7082D4-A68F-465B-9C89-6BCE113DC073}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CEC4A1E0-D74F-4A22-8B99-D8748891F91F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{37E3160C-171F-490E-AA83-13F916297705}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [UDP Query User{8BFE602C-1536-4B8C-8BC3-3B3FF140538D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe => No File
FirewallRules: [{A1DD1316-6ADC-4794-90B0-FF5916A48380}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{F5ADE993-B18F-4978-BA99-090BEFD6FF1E}C:\users\tedas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tedas\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{5DA23990-7224-48B5-A997-627E45C0A7D4}C:\users\tedas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tedas\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C060A4E8-7A65-4A80-AF8F-86247E278FF0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A63360C6-C41A-4FDD-954B-CDD3819B6C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{D8E4114B-1153-45E1-8AB6-099DF72964BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{FE4F0061-D370-4D38-BFFE-49BEF0A365BA}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{A1FDCBC8-30FE-4D8A-A122-3555F081EB2E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{696C35F9-8740-45AD-9903-AFA191FE5379}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{6DC7B3AD-A0C9-4B06-AF43-4B3652EE3521}C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [{972D10C0-0D2D-472F-A719-BC0451474FDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed]
FirewallRules: [{5F7C5DF1-5F17-4387-AF58-B224CAD38D0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tModLoader\tModLoader.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{4B86ECF9-FC21-4285-8E91-FD0E419AED74}C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{AECA89BA-421D-4920-9312-381351B5CAA1}C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tmodloader\tmodloaderserver.exe (Re-Logic) [File not signed]
FirewallRules: [{1AC7E7D4-CA30-44D2-A52E-039FEA01B5C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{97C27DBE-2E75-4B05-BE98-DB6D5DE89631}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3C285D53-44B9-46B0-A668-1F9746C1CDB0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D19BC948-5823-481C-A5EF-45A37CF07487}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C6FC39B-BA40-409B-AB63-E35F80C931C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9FF0CD1E-78E5-4494-A400-C9D0A33F722B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{65FE2971-0A1B-4D4C-8355-EE503F98F99B}C:\games\diablo ii complete edition\game.exe] => (Block) C:\games\diablo ii complete edition\game.exe (Blizzard North) [File not signed]
FirewallRules: [UDP Query User{09360440-C99A-4333-9B30-D0293EE49A0F}C:\games\diablo ii complete edition\game.exe] => (Block) C:\games\diablo ii complete edition\game.exe (Blizzard North) [File not signed]
FirewallRules: [{02574EFF-BD5E-4609-92EE-82C5535DBE0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71C56C50-DB23-4FA2-99EF-013D108BED3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{00D21AD3-1330-495E-A1E3-CA469189A3B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{22FDEA66-E937-4850-86FD-A24D9276387F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EBFE8D35-0F35-49CB-855A-6C6CE7D2F60E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> PUBG Corporation)
FirewallRules: [{733BDA2E-CD40-484E-ACD0-80510B974DF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG CORPORATION -> PUBG Corporation)
FirewallRules: [{3F23122B-4E3B-4B8D-91AB-C0CB227E265B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-10-2020 22:57:52 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/01/2020 11:42:04 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4840,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/01/2020 11:32:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.18362.628, časové razítko: 0x01699b36
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.18362.815, časové razítko: 0x32a6df9a
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000006db9e
ID chybujícího procesu: 0x27fc
Čas spuštění chybující aplikace: 0x01d6b03a5ab2b828
Cesta k chybující aplikaci: C:\WINDOWS\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: d49af2ba-755f-44b7-b0de-fb8df483613a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/01/2020 11:24:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (11/01/2020 11:20:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (11/01/2020 11:18:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {c3209ae3-46ba-4555-9a58-0c5dc407e0de}

Error: (11/01/2020 10:39:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (268,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/01/2020 10:32:48 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4116,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (11/01/2020 10:26:29 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4252,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (11/01/2020 11:41:30 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku ?? bylo zjištěno poškození.

Hlavní tabulka souborů (MFT) obsahuje poškozený záznam souboru. Referenční číslo souboru je 0x9000000000009. Název souboru je <nelze určit název souboru>.

Error: (11/01/2020 11:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/01/2020 11:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/01/2020 11:24:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/01/2020 11:19:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/01/2020 11:19:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/01/2020 11:19:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/01/2020 11:19:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2020-10-23 15:24:43.866
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {CDE2FC70-CEE1-48D9-894A-50DBAE2DC18D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-20 22:52:56.268
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5B8A23F9-0065-4EED-BF15-BCA464162E3D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-14 09:02:12.236
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/CrackSearch
ID: 2147730914
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files (x86)\Assassins Creed Odyssey\dbdata.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-11JAO0Q\Tedas
Název procesu: C:\Program Files (x86)\Assassins Creed Odyssey\ACOdyssey.exe
Verze bezpečnostních informací: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-14 09:01:59.329
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/CrackSearch
ID: 2147730914
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files (x86)\Assassins Creed Odyssey\dbdata.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-11JAO0Q\Tedas
Název procesu: C:\Program Files (x86)\Assassins Creed Odyssey\ACOdyssey.exe
Verze bezpečnostních informací: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-14 09:01:30.016
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/CrackSearch
ID: 2147730914
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files (x86)\Assassins Creed Odyssey\dbdata.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-11JAO0Q\Tedas
Název procesu: C:\Program Files (x86)\Assassins Creed Odyssey\ACOdyssey.exe
Verze bezpečnostních informací: AV: 1.325.683.0, AS: 1.325.683.0, NIS: 1.325.683.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-11-01 10:30:10.790
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1617.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2020-11-01 00:59:33.954
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Zálohování
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.325.1617.0;1.325.1617.0
Verze modulu: 1.1.17500.4

Date: 2020-11-01 00:59:24.389
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.327.79.0;1.327.79.0
Verze modulu: 1.1.17600.5

Date: 2020-10-31 17:53:29.386
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.79.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2020-10-31 14:00:48.217
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1617.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.8 12/25/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8136 MB
Available physical RAM: 4199.55 MB
Total Virtual: 18376 MB
Available Virtual: 12591.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.76 GB) (Free:117.16 GB) NTFS

\\?\Volume{c1d0dba7-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{c1d0dba7-0000-0000-0000-003774000000}\ () (Fixed) (Total:0.46 GB) (Free:0.04 GB) NTFS
\\?\Volume{c1d0dba7-0000-0000-0000-905474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C1D0DBA7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=472 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: TiWorker.exe virus + log

#10 Příspěvek od Diallix »

Ako je na tom pocitac? Doporucujem precitis s programom CCLEANER.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

Re: TiWorker.exe virus + log

#11 Příspěvek od Tedas »

Jak to myslíte? TiWorker.exe je stále v počítači a pořád zatěžuje systém. Zkusím Ccleaner

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: TiWorker.exe virus + log

#12 Příspěvek od Diallix »

Z akej lokacie bezi?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

Re: TiWorker.exe virus + log

#13 Příspěvek od Tedas »

Z jaké lokace? Bohužel nevím, co tím myslíte

Tedas
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 01 lis 2020 00:51

Re: TiWorker.exe virus + log

#14 Příspěvek od Tedas »

Ccleaner jsem použil, bohužel je TiWorker.exe stále zde a používá přes 50% procesoru, disku i ram

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15193
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: TiWorker.exe virus + log

#15 Příspěvek od JaRon »

Tedas píše: 01 lis 2020 13:01 Z jaké lokace? Bohužel nevím, co tím myslíte
Kolega myslel uplnu cestu k suboru
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Zamčeno