Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

První preventivní prohlídka - Díky!

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Woytman
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 16 úno 2021 22:51

První preventivní prohlídka - Díky!

#1 Příspěvek od Woytman »

Krásný večer, den či ráno.
Ntb ze kterého píši, je již 2 roky starý, tudíž jsem se rozhodl otočit se na vás na profíky a zkusit zda něco společně nenajdeme v NTB co tam být nemá, předem mockrát děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2021
Ran by PRDOSLAV (administrator) on PRDOSLAV-NTB (Micro-Star International Co., Ltd. GF75 Thin 9SC) (16-02-2021 23:14:51)
Running from C:\Users\PRDOSLAV\Desktop
Loaded Profiles: PRDOSLAV
Platform: Windows 10 Home Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c52b34f1b30918c5\RstMwService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93cd1ac04c27c7e5\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93cd1ac04c27c7e5\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\PRDOSLAV\AppData\Local\Microsoft\OneDrive\21.002.0104.0005_1\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_4ea4d8037d4ef09c\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ec5ad85a0fbc74ea\RtkAudUService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ec5ad85a0fbc74ea\RtkAudUService64.exe [1212720 2020-12-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [UseDesktopIniCache] 0
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {78b509bc-0bb6-11ea-bbfe-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {bdf40bce-6348-11eb-8b27-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {d0c7d56e-2519-11eb-8b13-00d861097152} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-10] (Google LLC -> Google LLC)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0155BADE-7884-4379-926F-66417DFCC696} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D400830-B1A2-4EA0-BD81-B372E7E40E73} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {14778D44-2904-4267-9BAA-20F0689D6CEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1745BFA6-6086-4E92-819E-35720B3DD999} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {1AB97E9E-CFE0-4EFD-80FB-955E21788E82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3EE2AC5E-03C6-40FE-AF5A-E906EDEF11AE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {4A9F6C2B-6DDE-48B4-9B98-712C67150892} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BF72C72-5BDD-4988-85EC-6BD16CFB3318} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {4E07B5A1-F2D2-499D-AEAD-A04920869685} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {520F4D1F-B380-4B01-AC87-9A6FBD574A69} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe
Task: {5327C3DF-F647-4A83-840F-168E914C6BA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53EBC5AB-12E6-4820-AAA0-2330B162294B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {61C44446-659F-4733-A38E-01F97D66D026} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {71A08FD4-D7A4-4A92-AC13-43C473AE275E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {82CE4E14-F94F-4633-874E-3EEBA5F4FD13} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {8365A554-A145-4287-8B05-40273CD552F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {8DD0C37A-030E-43FF-9E04-6D45CA4B1CD0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F9052F3-91A8-4C28-AE4D-23D0444116FA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {9347D433-71B8-4212-9A00-0F7739617127} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9824F88F-2A45-4137-A897-7CAA341D2B87} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [344184 2020-02-13] (Micro-Star International CO., LTD. -> Application)
Task: {9C8F7EC6-246A-4B94-9EEB-A0C4A69FF0C2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AF598F00-9DFB-4DF8-B7F7-0F0080CECFC6} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0D5E313-5E53-4A4B-8E90-77C9F12F831C} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6255104 2020-05-06] (Micro-Star International Co., Ltd.) [File not signed]
Task: {B9B1F186-BE08-43B5-BFFF-F9DE2713DC53} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE52EDE5-1462-44E6-A46E-8B67EF41534A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CB8BD3A2-561C-4ED3-A1D0-4046B522800A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {DF4E0E85-709C-4A45-B038-95ACAF234616} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E1F48C05-5539-4673-81FB-03B865505914} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E6DAA935-B8C1-413F-8F78-4B1B2DD10A0A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E82084AB-3F9E-43CE-ADBD-BFD60C57499B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {EB6C4619-A6AD-4128-ACC0-B7582CA1AB99} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F87C7FBA-5684-4790-A686-8BD78F3C8344} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{41390136-14d9-4ad4-b140-a0d1b94d90a2}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{bcbdebf0-34e1-4d08-879c-a923554a03f8}: [DhcpNameServer] 192.168.10.1 0.0.0.0

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default [2021-02-16]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com ... duckgo.com"
CHR Extension: (Prezentace) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-16]
CHR Extension: (Just Black) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-02-16]
CHR Extension: (Dokumenty) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-16]
CHR Extension: (Disk Google) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-16]
CHR Extension: (YouTube) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-02-16]
CHR Extension: (Vysoký kontrast) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2021-02-16]
CHR Extension: (Tabulky) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-02-16]
CHR Extension: (Excel Online) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2021-02-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-16]
CHR Extension: (Gmail) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-16]
CHR HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [2863472 2020-05-14] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-29] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
S4 NahimicService; C:\WINDOWS\system32\NahimicService.exe [2719664 2020-11-04] (A-Volute -> Nahimic)
S3 Rockstar Service; D:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ec5ad85a0fbc74ea\RtkAudUService64.exe [1212720 2020-12-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_4ea4d8037d4ef09c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_4ea4d8037d4ef09c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-11-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-11-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [42472 2020-10-09] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MpKslb25b05cd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE18F8DB-1342-4964-91B9-769E32E6BC94}\MpKslDrv.sys [47344 2021-02-16] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-06-16] (A-Volute -> Windows (R) Win 7 DDK provider)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [398984 2020-08-18] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [448904 2020-08-18] (IBM -> IBM Corp.)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RT-USB; C:\WINDOWS\system32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech, LLC -> Ross-Tech LLC)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SjtWinIo20; C:\WINDOWS\System32\drivers\SjtWinIo_v2_0.sys [11776 2021-01-28] (Microsoft Windows Hardware Compatibility Publisher -> SpeedJet Technology INC.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [18688 2018-07-18] (WDKTestCert heavenluo,131620253795976757 -> )
S3 WiseUnlock; C:\WINDOWS\WiseUnlock64.sys [33864 2020-09-26] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U4 dmwappushservice; no ImagePath
S4 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]
U4 Partizan; system32\drivers\Partizan.sys [X]
S1 RapportCerberus_2004080; \??\c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_2004080.sys [X]
S3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-16 23:14 - 2021-02-16 23:15 - 000025498 _____ C:\Users\PRDOSLAV\Desktop\FRST.txt
2021-02-16 23:14 - 2021-02-16 23:14 - 000000000 ____D C:\FRST
2021-02-16 23:12 - 2021-02-16 23:12 - 002297856 _____ (Farbar) C:\Users\PRDOSLAV\Downloads\FRST64.exe
2021-02-16 23:12 - 2021-02-16 23:12 - 002297856 _____ (Farbar) C:\Users\PRDOSLAV\Desktop\FRST64.exe
2021-02-16 22:27 - 2021-02-16 22:27 - 000004920 _____ C:\Users\PRDOSLAV\Desktop\Emaily-part1-korekce.txt
2021-02-16 22:04 - 2021-02-16 22:04 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\DAEMON Tools Pro
2021-02-16 22:01 - 2021-02-16 22:42 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\VirtualStore
2021-02-16 21:44 - 2021-02-16 22:35 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\AMSDK
2021-02-16 09:14 - 2021-02-16 09:14 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Sun
2021-02-16 08:45 - 2021-02-16 09:07 - 000000000 ____D C:\ProgramData\ADiag
2021-02-15 14:18 - 2021-02-15 14:18 - 000000000 ____D C:\Users\PRDOSLAV\Documents\backup
2021-02-15 11:31 - 2021-02-15 11:31 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Mozilla
2021-02-15 11:31 - 2021-02-15 11:31 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Trusteer
2021-02-15 11:31 - 2020-08-18 17:24 - 000448904 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2021-02-15 11:31 - 2020-08-18 17:24 - 000398984 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2021-02-15 11:30 - 2021-02-15 11:30 - 000000000 ____D C:\ProgramData\Trusteer
2021-02-14 00:05 - 2021-02-14 00:07 - 000000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2021-02-14 00:05 - 2021-02-14 00:05 - 000000000 ____D C:\ProgramData\RzSurroundVAD_1.1.63.0
2021-02-14 00:05 - 2021-02-14 00:05 - 000000000 _____ C:\WINDOWS\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2021-02-13 22:34 - 2021-02-16 11:11 - 000011315 _____ C:\Users\PRDOSLAV\Documents\Sešit1.xlsm
2021-02-13 21:28 - 2021-02-13 21:28 - 008049538 _____ C:\Users\PRDOSLAV\Documents\13úno2144-212820story_esports_BuildPlayer-Workshop_DLC1_Starter.csv
2021-02-13 20:33 - 2021-02-13 20:33 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\OneDrive
2021-02-13 20:32 - 2021-02-16 22:01 - 000000000 ___RD C:\Users\PRDOSLAV\OneDrive
2021-02-13 20:32 - 2021-02-13 20:33 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3110588475-2115266248-3539613761-1001
2021-02-13 20:32 - 2021-02-13 20:33 - 000002420 _____ C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-13 20:32 - 2021-02-13 20:32 - 000000000 ___HD C:\OneDriveTemp
2021-02-13 20:32 - 2021-02-13 20:32 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-02-13 19:44 - 2021-02-13 21:07 - 000000000 ____D C:\KVRT_Data
2021-02-13 11:31 - 2021-02-09 22:11 - 000052988 _____ C:\Users\PRDOSLAV\Desktop\Text_CZ.txt
2021-02-12 16:04 - 2021-02-12 21:56 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-12 16:04 - 2021-02-12 16:04 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-12 16:04 - 2021-02-12 16:04 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-02-12 15:55 - 2021-02-12 15:55 - 000002441 _____ C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nahimic Companion.lnk
2021-02-11 22:34 - 2021-02-11 22:34 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Vlastní šablony Office
2021-02-11 22:22 - 2021-02-13 20:37 - 000000000 ____D C:\Users\PRDOSLAV\Documents\temp
2021-02-11 22:22 - 2021-02-11 22:22 - 000003014 _____ C:\WINDOWS\system32\Tasks\MSI_Dragon Center
2021-02-11 22:22 - 2021-02-11 22:22 - 000000000 ____D C:\Program Files (x86)\MSI
2021-02-10 22:24 - 2021-02-16 08:57 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-10 22:24 - 2021-02-10 22:24 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Wise Force Deleter
2021-02-10 22:23 - 2021-02-10 22:23 - 000000000 ____R C:\WINDOWS\SysWOW64\version_IObitDel.dll
2021-02-10 22:11 - 2020-12-16 17:08 - 005994080 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2021-02-10 22:11 - 2020-12-16 16:57 - 043517749 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2021-02-10 22:11 - 2019-12-19 08:07 - 002877104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2021-02-10 22:03 - 2021-02-16 22:48 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-10 22:03 - 2021-02-10 22:03 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-10 21:59 - 2021-02-10 21:59 - 000000000 ____D C:\Program Files\Intel
2021-02-10 21:58 - 2021-02-10 21:58 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-02-10 21:57 - 2021-02-10 22:12 - 000000000 ___HD C:\Program Files (x86)\Temp
2021-02-10 21:52 - 2021-02-16 22:01 - 000000000 ____D C:\Intel
2021-02-10 21:52 - 2021-02-10 21:52 - 000000000 ____D C:\Users\PRDOSLAV\ansel
2021-02-10 21:49 - 2021-02-10 21:49 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\SaraResults
2021-02-10 21:46 - 2021-02-10 21:46 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\WinRAR
2021-02-10 21:46 - 2021-02-10 21:46 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\SaRALogs
2021-02-10 21:45 - 2021-02-10 22:17 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\BitTorrentHelper
2021-02-10 21:41 - 2021-02-10 22:27 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Deployment
2021-02-10 21:41 - 2021-02-10 21:41 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Apps\2.0
2021-02-10 20:44 - 2021-02-10 20:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-10 20:43 - 2021-02-10 20:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-10 20:43 - 2021-02-10 20:43 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-10 20:43 - 2021-02-10 20:43 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-10 20:43 - 2021-02-10 20:43 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-10 18:34 - 2021-02-10 18:34 - 000003294 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2021-02-10 18:34 - 2021-02-10 18:34 - 000003242 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2021-02-10 18:34 - 2021-02-10 18:34 - 000003238 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_itype_exe
2021-02-07 15:15 - 2021-02-07 15:15 - 000000222 _____ C:\Users\PRDOSLAV\Desktop\PC Building Simulator.url
2021-02-07 15:10 - 2021-02-07 15:11 - 000000000 ____D C:\Riot Games
2021-02-07 01:27 - 2021-02-07 01:27 - 000000000 ____D C:\Users\PRDOSLAV\Downloads\UnityText
2021-02-06 14:24 - 2021-02-06 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2021-02-06 14:24 - 2021-02-06 14:24 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2021-02-06 14:19 - 2021-02-06 14:19 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Xiaomi
2021-02-06 13:42 - 2021-02-16 10:56 - 000000000 ____D C:\adb
2021-02-06 11:53 - 2021-02-06 12:00 - 000000160 _____ C:\Users\PRDOSLAV\AppData\LocalLow\rbxcsettings.rbx
2021-02-05 22:04 - 2021-02-06 20:59 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Disney Interactive
2021-02-05 17:54 - 2021-02-05 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Staxel [GOG.com]
2021-02-05 17:48 - 2021-02-05 17:48 - 000000000 ____D C:\GOG Games
2021-02-04 20:41 - 2021-02-04 20:41 - 000000000 ____D C:\WINDOWS\system32\A-Volute
2021-02-01 13:16 - 2021-02-01 13:16 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\GIMP
2021-02-01 13:16 - 2021-02-01 13:16 - 000000000 ____D C:\Users\PRDOSLAV\.cache
2021-02-01 13:06 - 2021-02-01 13:06 - 000000913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.22.lnk
2021-02-01 13:04 - 2021-02-01 13:05 - 000000000 ____D C:\Program Files\GIMP 2
2021-02-01 12:50 - 2021-02-14 01:23 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Nicepage Templates
2021-02-01 12:09 - 2021-02-01 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-02-01 12:07 - 2021-02-01 13:09 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Nicepage
2021-02-01 12:02 - 2021-02-01 12:02 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Lightshot
2021-02-01 12:01 - 2021-02-14 01:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2021-01-31 08:24 - 2021-01-31 08:24 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\ElevatedDiagnostics
2021-01-30 18:29 - 2021-01-30 22:28 - 000000223 _____ C:\Users\PRDOSLAV\Desktop\Mad Games Tycoon 2.url
2021-01-30 00:54 - 2021-01-30 00:54 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2021-01-30 00:54 - 2021-01-30 00:54 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\GHISLER
2021-01-30 00:54 - 2021-01-30 00:54 - 000000000 ____D C:\totalcmd
2021-01-28 22:44 - 2021-02-11 22:22 - 000003116 _____ C:\WINDOWS\system32\Tasks\MSISCMTsk
2021-01-28 22:44 - 2021-02-11 22:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-01-28 22:16 - 2021-01-28 22:16 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nová složka
2021-01-28 22:00 - 2021-01-28 22:00 - 000011776 _____ (SpeedJet Technology INC.) C:\WINDOWS\system32\Drivers\SjtWinIo_v2_0.sys
2021-01-28 21:46 - 2021-01-28 21:46 - 008823656 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw08.sys
2021-01-28 21:46 - 2021-01-28 21:46 - 002673724 _____ C:\WINDOWS\system32\Drivers\Netwfw08.dat
2021-01-28 21:46 - 2021-01-28 21:46 - 001058152 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter08.dll
2021-01-28 21:45 - 2021-01-28 21:45 - 006161712 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2021-01-28 21:45 - 2021-01-28 21:45 - 000539440 _____ (Intel Corporation) C:\WINDOWS\system32\ibtsiva.exe
2021-01-28 21:45 - 2021-01-28 21:45 - 000441648 _____ (Intel Corporation) C:\WINDOWS\system32\ibtproppage.dll
2021-01-26 23:30 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-26 23:30 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-26 23:30 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-26 23:30 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-26 23:30 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-26 23:30 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-26 23:30 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-26 23:30 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 001512096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 001164960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000689312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-26 23:30 - 2021-01-23 09:12 - 000680096 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000672928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000613536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000558240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000547488 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 008262304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 007392928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 004611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 002731168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 002103456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 001589408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 000813216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 000657056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 000446624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-26 23:30 - 2021-01-23 09:10 - 006070848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-26 23:30 - 2021-01-23 09:10 - 000850080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-26 23:30 - 2021-01-22 23:59 - 000084264 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-25 23:24 - 2021-02-10 21:31 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\obs-studio
2021-01-25 23:24 - 2021-01-25 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-01-23 14:18 - 2021-01-24 10:42 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\blitz-updater
2021-01-22 23:19 - 2021-01-22 23:19 - 000000322 _____ C:\WINDOWS\system32\.crusader
2021-01-22 23:03 - 2021-02-10 22:17 - 000000000 ____D C:\Users\PRDOSLAV\AppData\LocalLow\uTorrent
2021-01-22 19:23 - 2021-01-22 19:23 - 000000000 ____D C:\Users\PRDOSLAV\AppData\LocalLow\Eggcode

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-16 22:37 - 2020-12-26 18:46 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-16 22:37 - 2020-09-27 08:30 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-02-16 22:37 - 2020-09-27 08:30 - 000000000 ____D C:\Program Files\CCleaner
2021-02-16 22:37 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\INF
2021-02-16 22:21 - 2021-01-03 11:35 - 000000000 ____D C:\ProgramData\Common
2021-02-16 22:08 - 2020-09-26 22:58 - 000717844 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-16 22:08 - 2020-09-26 22:58 - 000144986 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-16 22:08 - 2020-09-26 22:20 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-16 22:04 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-16 22:03 - 2020-09-26 22:51 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-16 22:01 - 2020-09-26 23:00 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-02-16 22:01 - 2020-09-26 22:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-16 22:00 - 2020-09-26 22:53 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-16 22:00 - 2020-06-12 23:13 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-16 21:58 - 2021-01-02 20:26 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-02-16 21:58 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-02-16 21:58 - 2020-09-26 22:11 - 000000000 ____D C:\Users\PRDOSLAV
2021-02-16 21:42 - 2020-09-26 22:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-16 17:21 - 2020-10-05 21:12 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\vlc
2021-02-16 09:26 - 2021-01-10 10:00 - 000000128 _____ C:\Users\PRDOSLAV\AppData\Roaming\winscp.rnd
2021-02-16 09:16 - 2020-09-26 22:45 - 000000000 ____D C:\Program Files\Java
2021-02-16 09:16 - 2020-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-02-16 09:15 - 2020-09-26 22:46 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-02-16 09:11 - 2020-09-26 22:32 - 000000844 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2021-02-16 09:11 - 2020-09-26 22:32 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Notepad++
2021-02-16 09:11 - 2020-09-26 22:32 - 000000000 ____D C:\Program Files\Notepad++
2021-02-16 08:59 - 2021-01-09 10:28 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Plány
2021-02-15 22:03 - 2020-09-26 22:56 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-15 22:02 - 2020-09-26 22:20 - 000000000 ____D C:\ProgramData\Packages
2021-02-15 22:01 - 2020-09-26 22:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Packages
2021-02-15 15:02 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2021-02-15 11:33 - 2021-01-09 10:38 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Adobe
2021-02-15 11:33 - 2020-10-22 21:03 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Adobe
2021-02-13 20:36 - 2020-11-01 10:35 - 002505048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-12 21:55 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SystemApps
2021-02-12 18:23 - 2020-11-21 11:21 - 000001476 _____ C:\Users\PRDOSLAV\Desktop\Roblox Player.lnk
2021-02-12 18:23 - 2020-11-21 11:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-02-12 15:53 - 2021-01-09 10:38 - 000000000 ____D C:\ProgramData\Adobe
2021-02-12 15:49 - 2020-10-23 20:04 - 000000000 ____D C:\Program Files\DIFX
2021-02-12 15:48 - 2021-01-09 10:42 - 000000000 ____D C:\Users\PRDOSLAV\AppData\LocalLow\Adobe
2021-02-11 23:35 - 2020-09-26 22:31 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\D3DSCache
2021-02-11 23:35 - 2020-09-26 22:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 22:29 - 2020-09-26 22:46 - 000000000 ____D C:\ProgramData\MSI
2021-02-11 22:22 - 2020-09-26 22:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-02-11 22:22 - 2019-03-14 01:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2021-02-10 22:10 - 2019-11-20 18:19 - 000000000 __SHD C:\Users\PRDOSLAV\IntelGraphicsProfiles
2021-02-10 22:03 - 2020-10-31 23:08 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-10 21:59 - 2020-09-26 22:56 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-02-10 21:54 - 2020-10-17 06:51 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Intel
2021-02-10 21:45 - 2021-01-16 16:27 - 000001102 _____ C:\Users\PRDOSLAV\Desktop\Grand Theft Auto V.lnk
2021-02-10 21:45 - 2021-01-16 09:01 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-02-10 21:38 - 2021-01-16 09:02 - 000000000 ____D C:\Program Files\Rockstar Games
2021-02-10 21:31 - 2021-01-16 09:01 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Rockstar Games
2021-02-10 21:31 - 2020-09-26 22:30 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\.minecraft
2021-02-10 21:31 - 2020-09-26 22:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Publishers
2021-02-10 21:30 - 2020-12-28 23:03 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Google
2021-02-10 21:30 - 2020-09-26 23:00 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\NVIDIA Corporation
2021-02-10 21:00 - 2020-09-26 22:54 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-10 20:52 - 2020-09-26 22:53 - 000000000 ____D C:\WINDOWS\servicing
2021-02-10 20:36 - 2020-10-02 18:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 20:34 - 2020-10-02 18:54 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 17:45 - 2020-09-26 22:25 - 000002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-07 20:58 - 2020-10-05 14:51 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-07 16:26 - 2020-11-14 00:11 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\DS4Windows
2021-02-07 15:21 - 2020-10-05 14:51 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Riot Games
2021-02-07 15:11 - 2019-11-20 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-02-07 01:23 - 2020-10-11 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-02-06 14:31 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-06 11:55 - 2020-11-21 11:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Roblox
2021-02-06 11:46 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-05 17:15 - 2020-09-18 22:12 - 000000766 _____ C:\Users\PRDOSLAV\Desktop\House Flipper.lnk
2021-02-05 16:24 - 2020-09-26 22:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 16:24 - 2020-09-26 22:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-01 21:18 - 2020-09-26 22:25 - 000000000 ____D C:\Program Files\Google
2021-02-01 13:11 - 2020-09-26 22:25 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-01 12:45 - 2020-10-22 21:05 - 000055045 _____ C:\WINDOWS\system32\sfcdetails.txt
2021-02-01 12:09 - 2020-10-31 23:09 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-30 00:49 - 2020-11-01 01:54 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-01-30 00:49 - 2020-11-01 01:54 - 000000000 ____D C:\Program Files (x86)\WinSCP
2021-01-29 18:50 - 2020-09-26 22:13 - 000000000 ____D C:\ProgramData\Intel
2021-01-29 16:19 - 2020-09-26 23:00 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\NVIDIA
2021-01-28 22:13 - 2020-09-27 08:30 - 000003048 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-01-27 23:55 - 2020-10-23 22:04 - 000000000 ____D C:\Users\PRDOSLAV\Downloads\Naruto
2021-01-23 09:10 - 2020-09-25 23:08 - 007116680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-22 19:01 - 2020-09-27 00:31 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-20 21:15 - 2021-01-09 10:44 - 000002672 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-17 09:21 - 2021-01-16 09:01 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Rockstar Games

==================== Files in the root of some directories ========

2021-01-10 10:00 - 2021-02-16 09:26 - 000000128 _____ () C:\Users\PRDOSLAV\AppData\Roaming\winscp.rnd

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-02-10] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

/////////////////////////////////////

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2021
Ran by PRDOSLAV (16-02-2021 23:15:34)
Running from C:\Users\PRDOSLAV\Desktop
Windows 10 Home Version 20H2 19042.804 (X64) (2020-09-26 21:20:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3110588475-2115266248-3539613761-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3110588475-2115266248-3539613761-503 - Limited - Disabled)
Guest (S-1-5-21-3110588475-2115266248-3539613761-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3110588475-2115266248-3539613761-504 - Limited - Disabled)
PRDOSLAV (S-1-5-21-3110588475-2115266248-3539613761-1001 - Administrator - Enabled) => C:\Users\PRDOSLAV

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Balíček ovladače systému Windows - Ross-Tech HIDClass (01/05/2014 6.3.0.3) (HKLM\...\3A9B09BBD4F12A76FBBD3A428729660930BA5F13) (Version: 01/05/2014 6.3.0.3 - Ross-Tech)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 8.3.0.0767 - Disc Soft Ltd)
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.6.2005.0601 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.6.2005.0601 - Micro-Star International Co., Ltd.)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)
House Flipper v.1.2122 (a24be) (44415) (HKLM-x32\...\House Flipper_is1) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
League of Legends (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Microsoft Excel 2019 - cs-cz (HKLM\...\Excel2019Retail - cs-cz) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Word 2019 - cs-cz (HKLM\...\Word2019Retail - cs-cz) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.3 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20380 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Passpartout: The Starving Artist (HKLM-x32\...\1427891789_is1) (Version: 1.7.2 - GOG.com)
Planet Zoo (HKLM-x32\...\Planet Zoo_is1) (Version: - )
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9084.1 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Revo Uninstaller Pro 4.3.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.8 - VS Revo Group, Ltd.)
Roblox Player for PRDOSLAV (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for PRDOSLAV (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\roblox-studio) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Staxel (HKLM-x32\...\1780262881_is1) (Version: Staxel 1.5.56 (201118a) - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
VCDS SVO 19.6 (HKLM-x32\...\VCDS SVO) (Version: SVO 19.6.2 - Ross-Tech, LLC)
VEGAS Pro 18.0 (HKLM\...\{82C2EEEE-F7A1-11EA-B428-00155D8D255C}) (Version: 18.0.334 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
Wise Force Deleter 1.5.3 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.5.3 - WiseCleaner.com, Inc.)

Packages:
=========
MSI Driver & App Center -> C:\Program Files\WindowsApps\msiappadm.MSIDriverAppCenter_1.2009.1001.0_x64__7f61qv3vk9gn2 [2021-02-10] (msiappadm)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-26] (NVIDIA Corp.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.11.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2021-02-10] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => C:\Users\PRDOSLAV\OneDrive [2021-02-13 20:32]
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [DaemonShellExtDrive] -> [CC]{A5415364-784A-41A5-B47A-D452909CA8FF} => -> No File
ContextMenuHandlers3: [DaemonShellExtImage] -> [CC]{40966797-8FFE-46C8-9EF8-7003F33CCF0F} => -> No File
ContextMenuHandlers6: [RUShellExt] -> [CC]{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-05-14 06:59 - 2020-10-09 23:35 - 005353328 _____ (AVB Disc Soft, SIA -> Disc Soft Ltd) [File not signed] C:\Program Files\DAEMON Tools Pro\Engine.dll
2016-08-10 20:34 - 2016-08-10 20:34 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\WinIo64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62195876.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62195876.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-09-26 22:56 - 2021-02-16 21:46 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2020-12-31 16:28 - 2020-09-26 22:55 - 000000407 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Users\PRDOSLAV\AppData\Local\Microsoft\WindowsApps;C:\adb
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PRDOSLAV\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\tapeta programu windows prohlížeč fotografií.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AGMService => 3
MSCONFIG\Services: AGSService => 3
MSCONFIG\Services: Disc Soft Pro Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: sshd => 3
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "errorlog.txt"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "RZSurroundHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "RT-Updater-SVO.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "Dragon Center.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "com.blitz.app"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "RzAppEngine"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EC9F76DB-F118-413B-8391-DC66EA4C0354}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9A29FAFA-7910-4F68-A013-21DD95B67925}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{72417710-F769-42AC-A88F-A262E2FBAA07}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCIConfig.EXE (Ross-Tech, LLC -> Ross-Tech, LLC)
FirewallRules: [{4D9B1368-2E99-43FA-A2BE-279D727EE38A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4765405B-7F9F-48B8-88B2-04E2CEEAE450}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1BF2223F-ACD5-414E-9315-757AA6B1A8F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3AB8DC26-53FF-4805-9655-6F5388AF1833}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{23A8467D-98E9-49AD-B52B-509680804E65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5B4AD96C-D946-4703-BBA3-119710294B15}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{346FDF41-E355-4578-BBD0-8C4AA9E64850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{F4398B6B-6FCC-4936-BC94-37F78B223C7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{9E3D3026-AE61-476C-983F-130A4900278C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [{F58FC49C-B51D-451F-BBB3-982021550F72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [TCP Query User{C9B71383-DE35-4E2B-8308-FCA1EB4996A1}D:\games\planet zoo\planetzoo.exe] => (Allow) D:\games\planet zoo\planetzoo.exe (Frontier Developments) [File not signed]
FirewallRules: [UDP Query User{AE59501E-807B-40FB-BBA7-5D32E1D085B1}D:\games\planet zoo\planetzoo.exe] => (Allow) D:\games\planet zoo\planetzoo.exe (Frontier Developments) [File not signed]
FirewallRules: [{EC8593E2-83C6-4A00-8B54-2EAC311BB074}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{04BBB615-B8E1-45C2-B0E1-8EEB02DC8A52}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5BD36732-E769-44DA-AB31-746AF3BC2471}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [File not signed]
FirewallRules: [{F6812CB4-D053-418B-A309-12811F31CFDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [File not signed]
FirewallRules: [{CC230264-1CA6-4378-80A0-DB8B57600383}] => (Allow) LPort=32682
FirewallRules: [TCP Query User{D264C3EC-FA01-44BF-A95C-B603D85ECAFF}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{319B8886-7384-48F2-8088-9FEE5B4DA7F7}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{31523857-B8AF-44A0-830D-9EC768B33F64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{DDD127CF-B0F1-4137-9D5E-DF16F1040CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{2615EE9B-5298-45E2-86C7-E03C94CA2562}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Client.exe (Plukit BV) [File not signed]
FirewallRules: [{FAE1251D-DAEC-4AF7-8608-AACC074C64C4}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Client.exe (Plukit BV) [File not signed]
FirewallRules: [{ADE22A5B-BD54-4E64-8211-23BB1E5CDCE6}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Client.exe (Plukit BV) [File not signed]
FirewallRules: [{4A4B921E-4A12-4DE6-B19B-633D5522D2B1}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Client.exe (Plukit BV) [File not signed]
FirewallRules: [{DCC29FB0-AE06-4AEB-8099-7440AA6F05F7}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.exe () [File not signed]
FirewallRules: [{4D55CC42-ABDE-4F41-99BB-7AF5F39A2A1E}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.exe () [File not signed]
FirewallRules: [{3A306336-9F37-4CC7-A358-DDA392C56012}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.exe () [File not signed]
FirewallRules: [{064C1C5B-2511-4734-BF6E-EEFE09C7B2FA}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.exe () [File not signed]
FirewallRules: [{2C3433F0-FE20-4312-81BB-FFB8CB23068C}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.NoConsole.exe () [File not signed]
FirewallRules: [{F294292C-7653-4544-98AB-8027D372B04F}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.NoConsole.exe () [File not signed]
FirewallRules: [{3F2E3F46-715C-45F3-8F3E-7DCE624CA7B9}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.NoConsole.exe () [File not signed]
FirewallRules: [{0B140738-E7A9-406F-82FE-3C467EA34447}] => (Allow) C:\GOG Games\Staxel\bin\Staxel.Server.NoConsole.exe () [File not signed]
FirewallRules: [{709A43D3-4D17-4772-B82C-36236E887219}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

15-02-2021 11:31:10 Installed Rapport
15-02-2021 11:36:53 Removed Rapport
16-02-2021 08:57:42 JRT Pre-Junkware Removal
16-02-2021 08:58:47 JRT Pre-Junkware Removal
16-02-2021 09:36:42 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/16/2021 10:37:27 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3110588475-2115266248-3539613761-1001}/>.

Error: (02/16/2021 10:21:01 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (02/16/2021 10:00:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/16/2021 10:00:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (02/16/2021 10:00:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/16/2021 10:00:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (02/16/2021 09:46:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/16/2021 10:31:49 AM) (Source: MsiInstaller) (EventID: 11606) (User: PRDOSLAV-NTB)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.


System errors:
=============
Error: (02/16/2021 10:02:35 PM) (Source: DCOM) (EventID: 10001) (User: PRDOSLAV-NTB)
Description: Nelze spustit server DCOM: Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXeb42j1vh6rk395pm0vmcx57dxqjhej5d.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (02/16/2021 10:02:35 PM) (Source: DCOM) (EventID: 10001) (User: PRDOSLAV-NTB)
Description: Nelze spustit server DCOM: Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXeb42j1vh6rk395pm0vmcx57dxqjhej5d.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (02/16/2021 09:57:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:57:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:57:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:57:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:57:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 10:05:09 AM) (Source: DCOM) (EventID: 10001) (User: PRDOSLAV-NTB)
Description: Nelze spustit server DCOM: Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe!MicrosoftEdge.AppXeb42j1vh6rk395pm0vmcx57dxqjhej5d.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Windows Defender:
================
Date: 2021-02-16 22:12:02
Description:
Prohled�v�n� Antivirov� ochrana v programu Microsoft Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {B97877E4-3D82-4420-A434-628ED222F6F2}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM

Date: 2021-02-15 10:13:08
Description:
Prohled�v�n� Antivirov� ochrana v programu Microsoft Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {DB619582-C698-4654-A569-F522119EBD61}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM

Date: 2021-02-13 09:49:12
Description:
Prohled�v�n� Antivirov� ochrana v programu Microsoft Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {C4D57146-1A58-4EDC-A056-0D226FE872AE}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM

Date: 2021-02-12 22:05:01
Description:
Antivirov� ochrana v programu Microsoft Defender zjistil malware nebo jin� potenci�ln� ne��douc� software.
Dal�� informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
N�zev: Rogue:Win32/PrivacyCenter
ID: 140760
Z�va�nost: V�n�
Kategorie: Trojsk� k��
Cesta: file:_C:\Users\PRDOSLAV\Downloads\pre-scan_V9_18.10.19.1.exe; webfile:_C:\Users\PRDOSLAV\Downloads\pre-scan_V9_18.10.19.1.exe|https://download.toolslib.net/download/ ... 5005176146
P�vod detekce: Internet
Typ detekce: Konkr�tn�
Zdroj detekce: Soubory ke sta�en� a p��lohy
U�ivatel: PRDOSLAV-NTB\PRDOSLAV
N�zev procesu: Unknown
Verze bezpe�nostn�ch informac�: AV: 1.331.830.0, AS: 1.331.830.0, NIS: 1.331.830.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-12 00:19:11
Description:
Prohled�v�n� Antivirov� ochrana v programu Microsoft Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {0F72122E-9F7F-4D9F-8F7E-5C4A1FCCE56D}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM

Date: 2021-02-11 23:35:16
Description:
Prohled�v�n� Antivirov� ochrana v programu Microsoft Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {ED186A56-4B5E-4FFF-AB86-40B8C539BA7A}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM

Date: 2021-02-11 23:30:54
Description:
Prohled�v�n� Antivirov� ochrana v programu Microsoft Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {00B76F13-2863-4BD8-84E3-194B4C22D1F4}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM

Date: 2021-02-09 19:50:56
Description:
Antivirov� ochrana v programu Microsoft Defender narazil na chybu p�i pokusu o aktualizaci bezpe�nostn�ch informac�.
Nov� verze bezpe�nostn�ch informac�:
P�edchoz� verze bezpe�nostn�ch informac�: 1.331.545.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpe�nostn�ch informac�: Antivirov� program
Typ aktualizace: �pln�
U�ivatel: NT AUTHORITY\SYSTEM
Aktu�ln� verze modulu:
P�edchoz� verze modulu: 1.1.17800.5
K�d chyby: 0x8024402c
Popis chyby: P�i zji��ov�n� aktualizac� do�lo k neo�ek�van�m pot��m. Informace o instalaci nebo �e�en� pot�� s aktualizacemi naleznete v n�pov�d� a podpo�e.

CodeIntegrity:
===============
Date: 2021-02-15 15:01:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. E17F2IMS.109 05/19/2020
Motherboard: Micro-Star International Co., Ltd. MS-17F2
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16227.32 MB
Available physical RAM: 11298.89 MB
Total Virtual: 17251.32 MB
Available Virtual: 11322.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:280.5 GB) (Free:167.24 GB) NTFS
Drive d: (Data) (Fixed) (Total:177.5 GB) (Free:44.31 GB) NTFS

\\?\Volume{ac5adbe9-eb71-4de3-b174-579b4d3f00f2}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.43 GB) NTFS
\\?\Volume{68105432-156c-48c2-9dc5-3545d3fd71f2}\ (BIOS_RVY) (Fixed) (Total:17.64 GB) (Free:1.57 GB) NTFS
\\?\Volume{4abc0b6c-3530-4e6b-9ee2-f1feaa4985b1}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FF7B3DBC)

Partition: GPT.

==================== End of Addition.txt =======================
Naposledy upravil(a) Woytman dne 03 dub 2022 03:58, celkem upraveno 2 x.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: První preventivní prohlídka - Díky!

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Woytman
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 16 úno 2021 22:51

Re: První preventivní prohlídka - Díky!

#3 Příspěvek od Woytman »

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-19-2021
# Duration: 00:00:05
# OS: Windows 10 Home
# Scanned: 7021
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: První preventivní prohlídka - Díky!

#4 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [UseDesktopIniCache] 0
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {78b509bc-0bb6-11ea-bbfe-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {bdf40bce-6348-11eb-8b27-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {d0c7d56e-2519-11eb-8b13-00d861097152} - "F:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {4BF72C72-5BDD-4988-85EC-6BD16CFB3318} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {71A08FD4-D7A4-4A92-AC13-43C473AE275E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {DF4E0E85-709C-4A45-B038-95ACAF234616} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E82084AB-3F9E-43CE-ADBD-BFD60C57499B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com ... duckgo.com"
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U4 dmwappushservice; no ImagePath
S4 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]
U4 Partizan; system32\drivers\Partizan.sys [X]
S1 RapportCerberus_2004080; \??\c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_2004080.sys [X]
S3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [X]
2021-02-12 16:04 - 2021-02-12 21:56 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-10 22:23 - 2021-02-10 22:23 - 000000000 ____R C:\WINDOWS\SysWOW64\version_IObitDel.dll
2021-02-05 16:24 - 2020-09-26 22:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 16:24 - 2020-09-26 22:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-02-10] <==== ATTENTION (zero byte File/Folder)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [DaemonShellExtDrive] -> [CC]{A5415364-784A-41A5-B47A-D452909CA8FF} => -> No File
ContextMenuHandlers3: [DaemonShellExtImage] -> [CC]{40966797-8FFE-46C8-9EF8-7003F33CCF0F} => -> No File
ContextMenuHandlers6: [RUShellExt] -> [CC]{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62195876.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62195876.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
FirewallRules: [{CC230264-1CA6-4378-80A0-DB8B57600383}] => (Allow) LPort=32682

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Woytman
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 16 úno 2021 22:51

Re: První preventivní prohlídka - Díky!

#5 Příspěvek od Woytman »

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021 01
Ran by PRDOSLAV (21-02-2021 00:08:57) Run:1
Running from C:\Users\PRDOSLAV\Desktop
Loaded Profiles: PRDOSLAV
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [UseDesktopIniCache] 0
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {78b509bc-0bb6-11ea-bbfe-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {bdf40bce-6348-11eb-8b27-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {d0c7d56e-2519-11eb-8b13-00d861097152} - "F:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {4BF72C72-5BDD-4988-85EC-6BD16CFB3318} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {71A08FD4-D7A4-4A92-AC13-43C473AE275E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Task: {DF4E0E85-709C-4A45-B038-95ACAF234616} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E82084AB-3F9E-43CE-ADBD-BFD60C57499B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com ... duckgo.com"
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
U4 dmwappushservice; no ImagePath
S4 EneTechIo; \??\C:\WINDOWS\system32\drivers\ene.sys [X]
U4 Partizan; system32\drivers\Partizan.sys [X]
S1 RapportCerberus_2004080; \??\c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_2004080.sys [X]
S3 RapportIaso; \??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [X]
2021-02-12 16:04 - 2021-02-12 21:56 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-10 22:23 - 2021-02-10 22:23 - 000000000 ____R C:\WINDOWS\SysWOW64\version_IObitDel.dll
2021-02-05 16:24 - 2020-09-26 22:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 16:24 - 2020-09-26 22:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-02-10] <==== ATTENTION (zero byte File/Folder)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [DaemonShellExtDrive] -> [CC]{A5415364-784A-41A5-B47A-D452909CA8FF} => -> No File
ContextMenuHandlers3: [DaemonShellExtImage] -> [CC]{40966797-8FFE-46C8-9EF8-7003F33CCF0F} => -> No File
ContextMenuHandlers6: [RUShellExt] -> [CC]{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62195876.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62195876.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
FirewallRules: [{CC230264-1CA6-4378-80A0-DB8B57600383}] => (Allow) LPort=32682

EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\UseDesktopIniCache" => not found
"HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation" => not found
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78b509bc-0bb6-11ea-bbfe-4889e716f2dc} => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdf40bce-6348-11eb-8b27-4889e716f2dc} => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0c7d56e-2519-11eb-8b13-00d861097152} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BF72C72-5BDD-4988-85EC-6BD16CFB3318}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BF72C72-5BDD-4988-85EC-6BD16CFB3318}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71A08FD4-D7A4-4A92-AC13-43C473AE275E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A08FD4-D7A4-4A92-AC13-43C473AE275E}" => removed successfully
C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF4E0E85-709C-4A45-B038-95ACAF234616}" => not found
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E82084AB-3F9E-43CE-ADBD-BFD60C57499B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E82084AB-3F9E-43CE-ADBD-BFD60C57499B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => removed successfully
"Chrome StartupUrls" => removed successfully
HKLM\System\CurrentControlSet\Services\amsdk => removed successfully
amsdk => service removed successfully
HKLM\System\CurrentControlSet\Services\dmwappushservice => removed successfully
dmwappushservice => service removed successfully
HKLM\System\CurrentControlSet\Services\EneTechIo => removed successfully
EneTechIo => service removed successfully
HKLM\System\CurrentControlSet\Services\Partizan => removed successfully
Partizan => service removed successfully
HKLM\System\CurrentControlSet\Services\RapportCerberus_2004080 => removed successfully
RapportCerberus_2004080 => service removed successfully
HKLM\System\CurrentControlSet\Services\RapportIaso => removed successfully
RapportIaso => service removed successfully
"C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task" => not found
C:\WINDOWS\SysWOW64\version_IObitDel.dll => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"C:\WINDOWS\SysWOW64\version_IObitDel.dll" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict) => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress) => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync) => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\DaemonShellExtDrive => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\DaemonShellExtImage => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\RUShellExt => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\62195876.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\62195876.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeGCInvoker-1.0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeGCInvoker-1.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC230264-1CA6-4378-80A0-DB8B57600383}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 120003673 B
Java, Flash, Steam htmlcache => 361396880 B
Windows/system/drivers => 11931026 B
Edge => 0 B
Chrome => 509380893 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 26342 B
PRDOSLAV => 323593354 B

RecycleBin => 210882247 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:09:42 ====
Naposledy upravil(a) Woytman dne 03 dub 2022 04:01, celkem upraveno 2 x.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: První preventivní prohlídka - Díky!

#6 Příspěvek od Diallix »

Poprosim o nove logy FRAT + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Woytman
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 16 úno 2021 22:51

Re: První preventivní prohlídka - Díky!

#7 Příspěvek od Woytman »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-02-2021
Ran by PRDOSLAV (administrator) on PRDOSLAV-NTB (Micro-Star International Co., Ltd. GF75 Thin 9SC) (22-02-2021 07:14:01)
Running from C:\Users\PRDOSLAV\Desktop
Loaded Profiles: PRDOSLAV
Platform: Windows 10 Home Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(A-Volute SAS -> A-Volute) C:\Users\PRDOSLAV\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(A-Volute SAS -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c52b34f1b30918c5\RstMwService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_233e086e960c2400\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_233e086e960c2400\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.740_none_e752aa59261f271f\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_4ea4d8037d4ef09c\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ec5ad85a0fbc74ea\RtkAudUService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ec5ad85a0fbc74ea\RtkAudUService64.exe [1212720 2020-12-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [8068168 2021-02-21] (McAfee, Inc. -> McAfee, LLC.)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5703528 2020-11-20] (Adguard Software Limited -> Adguard Software Ltd)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\PRDOSLAV\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {0a25ba03-733f-11eb-8b37-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {0a25ba42-733f-11eb-8b37-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-19] (Google LLC -> Google LLC)
Startup: C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater-SVO.lnk [2021-02-18]
ShortcutTarget: RT-Updater-SVO.lnk -> C:\Ross-Tech\VCDS-SVO\VCDS.exe (No File)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A8A729B-8270-4184-BECC-490D3116D024} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {13B3396A-39D8-46A7-8E3E-D5A00D94A309} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {14778D44-2904-4267-9BAA-20F0689D6CEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1745BFA6-6086-4E92-819E-35720B3DD999} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {1AB97E9E-CFE0-4EFD-80FB-955E21788E82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A056B6F-011F-4A34-9DF3-D0F61C7BEACB} - System32\Tasks\NahimicSvc32Run => C:\WINDOWS\SysWOW64\NahimicSvc32.exe [823304 2020-12-09] (A-Volute SAS -> Nahimic)
Task: {3C6B3A1A-15FF-4D27-8D6D-6E76860B97E7} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32\.\NahimicSvc64.exe [1067016 2020-12-09] (A-Volute SAS -> Nahimic)
Task: {3EE2AC5E-03C6-40FE-AF5A-E906EDEF11AE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {4DABF43B-4E44-4688-8894-567F0B9E8436} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {520F4D1F-B380-4B01-AC87-9A6FBD574A69} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe
Task: {5327C3DF-F647-4A83-840F-168E914C6BA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5656C497-8CB5-4040-99B7-592C317E6B46} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {57B9E487-0579-4B81-981C-E3B433AA47CF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {5877EC20-A755-413C-9BD4-EF05F4CE19E4} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {5F361A70-9843-4B43-BDD5-4EA0AE102407} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {63714D00-F448-47B5-89C9-9CB642DF10B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {675D02F5-D0F5-4AD1-B2D3-A2B20B960008} - System32\Tasks\NahimicSvc64Run => C:\WINDOWS\system32\NahimicSvc64.exe [1067016 2020-12-09] (A-Volute SAS -> Nahimic)
Task: {67690B0C-0906-4D86-99A9-1507A67939E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {69AC8258-4D53-4734-9CDB-36ED12B69C45} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {707E84D1-7BFE-48EC-A6E7-3D8A468BF055} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73DFBA8A-F9CF-49C6-907E-0E2D454BF80C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7618DBCE-1C03-4B53-B361-B23B0ED09A22} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8365A554-A145-4287-8B05-40273CD552F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {925C82F9-4A08-4140-A0F1-BCC25A407666} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {9347D433-71B8-4212-9A00-0F7739617127} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {94E2F2CE-3D59-424F-B2EB-420EBBABD1D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9734D2F1-A2F0-49AF-803F-BC86B6AF23E6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9824F88F-2A45-4137-A897-7CAA341D2B87} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [344184 2020-02-13] (Micro-Star International CO., LTD. -> Application)
Task: {B0D5E313-5E53-4A4B-8E90-77C9F12F831C} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6255104 2020-05-06] (Micro-Star International Co., Ltd.) [File not signed]
Task: {B81C3947-E1C5-4D6D-BC8F-1F7B872A2B6D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BE52EDE5-1462-44E6-A46E-8B67EF41534A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6088A59-FDF9-44F8-9436-D3BCA7400F9B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8BCFB85-E798-4986-A5AE-5641B3217C82} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32\..\SysWOW64\NahimicSvc32.exe [823304 2020-12-09] (A-Volute SAS -> Nahimic)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{41390136-14d9-4ad4-b140-a0d1b94d90a2}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{bcbdebf0-34e1-4d08-879c-a923554a03f8}: [DhcpNameServer] 192.168.10.1 0.0.0.0

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default [2021-02-22]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com ... duckgo.com"
CHR Extension: (Just Black) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-02-21]
CHR Extension: (YouTube) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-21]
CHR Extension: (Vysoký kontrast) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2021-02-21]
CHR Extension: (AdGuard asistent prohlížeče) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbohpolgemkbfphodcfgnpjcmedcjhpn [2021-02-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-02-21]
CHR Extension: (Excel Online) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2021-02-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-21]
CHR Extension: (Gmail) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-21]
CHR Extension: (Chrome Media Router) - C:\Users\PRDOSLAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-21]
CHR HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [177000 2020-11-20] (Adguard Software Limited -> Adguard Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [2863472 2020-05-14] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-29] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1633288 2020-12-09] (A-Volute SAS -> Nahimic)
S3 Rockstar Service; D:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ec5ad85a0fbc74ea\RtkAudUService64.exe [1212720 2020-12-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_4ea4d8037d4ef09c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_4ea4d8037d4ef09c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworktdidrv; C:\WINDOWS\System32\drivers\adgnetworktdidrv.sys [67584 2020-04-07] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-11-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-11-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [42472 2020-10-09] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MpKsl5af7bb23; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C348D673-B11B-40B7-948D-0A6B788988E7}\MpKslDrv.sys [47344 2021-02-21] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-06-16] (A-Volute -> Windows (R) Win 7 DDK provider)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [398984 2020-08-18] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [448904 2020-08-18] (IBM -> IBM Corp.)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RT-USB; C:\WINDOWS\system32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech, LLC -> Ross-Tech LLC)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SjtWinIo20; C:\WINDOWS\System32\drivers\SjtWinIo_v2_0.sys [11776 2021-01-28] (Microsoft Windows Hardware Compatibility Publisher -> SpeedJet Technology INC.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [611728 2021-02-21] (Bitdefender SRL -> Bitdefender)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [18688 2018-07-18] (WDKTestCert heavenluo,131620253795976757 -> )
R3 WiseUnlock; C:\WINDOWS\WiseUnlock64.sys [33864 2020-09-26] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
U3 DiagTrack; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 07:14 - 2021-02-22 07:14 - 000025092 _____ C:\Users\PRDOSLAV\Desktop\FRST.txt
2021-02-22 07:13 - 2021-02-22 07:13 - 000000098 _____ C:\WINDOWS\ntbtlog.txt
2021-02-22 07:07 - 2021-02-22 07:09 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Messenger
2021-02-22 07:07 - 2021-02-22 07:09 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Messenger
2021-02-22 07:07 - 2021-02-22 07:07 - 000002396 _____ C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2021-02-22 07:07 - 2021-02-22 07:07 - 000002388 _____ C:\Users\PRDOSLAV\Desktop\Messenger.lnk
2021-02-22 07:07 - 2021-02-22 07:07 - 000000000 ____D C:\Users\PRDOSLAV\AppData\LocalLow\Messenger
2021-02-22 07:07 - 2021-02-22 07:07 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\messenger-updater
2021-02-21 23:33 - 2021-02-21 23:33 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\FSDART
2021-02-21 23:15 - 2021-02-21 23:15 - 000183803 _____ C:\Users\PRDOSLAV\Desktop\CZ_Mad_Games_Tycoon_2_-_2021.02.21A.rar
2021-02-21 23:13 - 2021-02-21 23:13 - 000000000 __SHD C:\ZIL.QUAR
2021-02-21 15:37 - 2021-02-21 15:37 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\java
2021-02-21 15:37 - 2021-02-21 15:37 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\.tlauncher
2021-02-21 15:29 - 2021-02-21 15:30 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\.technic
2021-02-21 13:32 - 2021-02-21 13:43 - 000000056 _____ C:\WINDOWS\Lic.xxx
2021-02-21 13:31 - 2021-02-21 13:31 - 000611728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2021-02-21 13:31 - 2021-02-21 13:27 - 000632064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr80.dll
2021-02-21 13:31 - 2021-02-21 13:27 - 000554240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp80.dll
2021-02-21 13:31 - 2021-02-21 13:26 - 000176760 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\SysWOW64\eEmpty.exe
2021-02-21 13:26 - 2021-02-21 13:26 - 000000000 ____D C:\ProgramData\MicroWorld
2021-02-21 09:02 - 2021-02-21 09:02 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2021-02-21 09:02 - 2021-02-21 09:02 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2021-02-21 09:01 - 2021-02-21 09:04 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\NPE
2021-02-21 09:01 - 2021-02-21 09:01 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Trend Micro
2021-02-21 09:01 - 2021-02-21 09:01 - 000000000 ____D C:\ProgramData\Norton
2021-02-21 09:01 - 2021-02-21 09:01 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2021-02-21 08:43 - 2021-02-21 08:43 - 001351894 _____ C:\Users\PRDOSLAV\AppData\Local\census.cache
2021-02-21 08:42 - 2021-02-21 08:42 - 000411020 _____ C:\Users\PRDOSLAV\AppData\Local\ars.cache
2021-02-21 08:29 - 2021-02-21 08:29 - 000000010 _____ C:\Users\PRDOSLAV\AppData\Local\sponge.last.runtime.cache
2021-02-21 08:25 - 2021-02-21 09:01 - 000000000 ____D C:\ProgramData\Trend Micro
2021-02-21 08:25 - 2021-02-21 08:25 - 000000000 ____D C:\WINDOWS\Trend Micro
2021-02-21 08:24 - 2021-02-21 08:24 - 000000036 _____ C:\Users\PRDOSLAV\AppData\Local\housecall.guid.cache
2021-02-21 02:18 - 2021-02-21 02:18 - 000000000 ____D C:\ProgramData\Emsisoft
2021-02-20 19:54 - 2021-02-20 20:12 - 000000000 ____D C:\Users\PRDOSLAV\Documents\HiSuite
2021-02-20 19:54 - 2021-02-20 19:54 - 000000000 ____D C:\Users\PRDOSLAV\.android
2021-02-20 00:53 - 2021-02-20 00:53 - 026664336 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 013509520 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000499088 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000419240 _____ C:\WINDOWS\system32\ze_loader.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000361888 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000330184 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000272344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000161416 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000140200 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2021-02-20 00:53 - 2021-02-20 00:53 - 000136920 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-02-20 00:50 - 2021-02-20 00:58 - 000000000 ____D C:\ProgramData\ProductData
2021-02-19 22:01 - 2021-02-19 22:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-19 13:05 - 2020-04-07 08:30 - 000067584 _____ () C:\WINDOWS\system32\Drivers\adgnetworktdidrv.sys
2021-02-19 12:56 - 2021-02-21 01:29 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\qBittorrent
2021-02-19 12:56 - 2021-02-19 12:56 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\qBittorrent
2021-02-19 12:56 - 2021-02-19 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-02-19 12:56 - 2021-02-19 12:56 - 000000000 ____D C:\Program Files\qBittorrent
2021-02-19 12:35 - 2021-02-22 07:14 - 000000000 ____D C:\ProgramData\Adguard
2021-02-19 12:35 - 2021-02-22 00:15 - 000000000 ____D C:\Program Files (x86)\Adguard
2021-02-19 12:35 - 2021-02-19 12:35 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Adguard Software Ltd
2021-02-19 12:35 - 2021-02-19 12:35 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Adguard_Software_Ltd
2021-02-19 12:35 - 2021-02-19 12:35 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-19 12:35 - 2021-02-19 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
2021-02-19 12:11 - 2021-02-19 12:10 - 008463216 _____ (Malwarebytes) C:\Users\PRDOSLAV\Desktop\adwcleaner_8.1.exe
2021-02-18 08:36 - 2021-02-21 13:34 - 000000298 _____ C:\Users\PRDOSLAV\Desktop\kratom§.txt
2021-02-17 11:13 - 2021-02-17 11:13 - 000003152 _____ C:\WINDOWS\system32\Tasks\NahimicSvc64Run
2021-02-17 11:13 - 2021-02-17 11:13 - 000003152 _____ C:\WINDOWS\system32\Tasks\NahimicSvc32Run
2021-02-17 11:13 - 2020-12-16 17:08 - 005994080 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2021-02-17 11:13 - 2020-12-16 16:57 - 043517749 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2021-02-17 11:12 - 2021-02-17 11:13 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\NhNotifSys
2021-02-17 11:12 - 2021-02-17 11:12 - 000002441 _____ C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nahimic Companion.lnk
2021-02-17 11:12 - 2021-02-17 11:12 - 000000000 ____D C:\WINDOWS\system32\A-Volute
2021-02-17 11:12 - 2021-02-17 11:12 - 000000000 ____D C:\ProgramData\A-Volute
2021-02-17 11:07 - 2021-02-21 22:53 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\CrashDumps
2021-02-17 08:46 - 2021-02-17 16:29 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\PlaceholderTileLogoFolder
2021-02-17 00:02 - 2021-02-17 00:02 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-16 23:39 - 2021-02-16 23:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Group Policy
2021-02-16 23:34 - 2021-02-16 23:34 - 000001536 _____ C:\WINDOWS\unins000.dat
2021-02-16 23:34 - 2021-02-16 23:34 - 000000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2021-02-16 23:34 - 2021-02-16 23:33 - 000707354 _____ C:\WINDOWS\unins000.exe
2021-02-16 23:34 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2021-02-16 23:34 - 2008-04-14 02:11 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2021-02-16 23:34 - 2001-08-23 13:00 - 000034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2021-02-16 23:14 - 2021-02-22 07:14 - 000000000 ____D C:\FRST
2021-02-16 23:12 - 2021-02-22 00:12 - 002301440 _____ (Farbar) C:\Users\PRDOSLAV\Desktop\FRST64.exe
2021-02-16 22:27 - 2021-02-16 22:27 - 000004920 _____ C:\Users\PRDOSLAV\Desktop\Emaily-part1-korekce.txt
2021-02-16 22:04 - 2021-02-16 22:04 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\DAEMON Tools Pro
2021-02-16 22:01 - 2021-02-16 22:42 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\VirtualStore
2021-02-16 22:00 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2021-02-16 21:44 - 2021-02-17 10:50 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-02-16 21:44 - 2021-02-16 22:36 - 000135512 _____ C:\WINDOWS\ZAM.krnl.trace
2021-02-16 21:44 - 2021-02-16 22:35 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\AMSDK
2021-02-16 09:14 - 2021-02-16 09:14 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Sun
2021-02-16 08:45 - 2021-02-16 09:07 - 000000000 ____D C:\ProgramData\ADiag
2021-02-15 14:18 - 2021-02-15 14:18 - 000000000 ____D C:\Users\PRDOSLAV\Documents\backup
2021-02-15 11:31 - 2021-02-15 11:31 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Mozilla
2021-02-15 11:31 - 2020-08-18 17:24 - 000448904 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2021-02-15 11:31 - 2020-08-18 17:24 - 000398984 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2021-02-15 11:30 - 2021-02-15 11:30 - 000000000 ____D C:\ProgramData\Trusteer
2021-02-14 00:05 - 2021-02-14 00:07 - 000000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2021-02-14 00:05 - 2021-02-14 00:05 - 000000000 ____D C:\ProgramData\RzSurroundVAD_1.1.63.0
2021-02-14 00:05 - 2021-02-14 00:05 - 000000000 _____ C:\WINDOWS\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2021-02-13 22:34 - 2021-02-18 09:16 - 000011414 _____ C:\Users\PRDOSLAV\Documents\Sešit1.xlsm
2021-02-13 21:28 - 2021-02-13 21:28 - 008049538 _____ C:\Users\PRDOSLAV\Documents\13úno2144-212820story_esports_BuildPlayer-Workshop_DLC1_Starter.csv
2021-02-13 20:33 - 2021-02-13 20:33 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\OneDrive
2021-02-13 20:32 - 2021-02-22 00:06 - 000000000 ___RD C:\Users\PRDOSLAV\OneDrive
2021-02-13 20:32 - 2021-02-19 10:01 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3110588475-2115266248-3539613761-1001
2021-02-13 20:32 - 2021-02-19 10:01 - 000002420 _____ C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-13 20:32 - 2021-02-13 20:32 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-02-13 20:32 - 2021-02-13 20:32 - 000000000 ____D C:\OneDriveTemp
2021-02-13 11:31 - 2021-02-09 22:11 - 000052988 _____ C:\Users\PRDOSLAV\Desktop\Text_CZ.txt
2021-02-12 16:04 - 2021-02-20 15:12 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-12 16:04 - 2021-02-12 16:04 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-02-11 22:34 - 2021-02-11 22:34 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Vlastní šablony Office
2021-02-11 22:22 - 2021-02-13 20:37 - 000000000 ____D C:\Users\PRDOSLAV\Documents\temp
2021-02-11 22:22 - 2021-02-11 22:22 - 000003014 _____ C:\WINDOWS\system32\Tasks\MSI_Dragon Center
2021-02-11 22:22 - 2021-02-11 22:22 - 000000000 ____D C:\Program Files (x86)\MSI
2021-02-10 22:24 - 2021-02-16 08:57 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-10 22:24 - 2021-02-10 22:24 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Wise Force Deleter
2021-02-10 22:11 - 2019-12-19 08:07 - 002877104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2021-02-10 22:03 - 2021-02-22 07:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-10 22:03 - 2021-02-10 22:03 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-10 21:59 - 2021-02-10 21:59 - 000000000 ____D C:\Program Files\Intel
2021-02-10 21:58 - 2021-02-10 21:58 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-02-10 21:57 - 2021-02-17 11:14 - 000000000 ___HD C:\Program Files (x86)\Temp
2021-02-10 21:52 - 2021-02-10 21:52 - 000000000 ____D C:\Users\PRDOSLAV\ansel
2021-02-10 21:49 - 2021-02-10 21:49 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\SaraResults
2021-02-10 21:46 - 2021-02-10 21:46 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\WinRAR
2021-02-10 21:46 - 2021-02-10 21:46 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\SaRALogs
2021-02-10 21:45 - 2021-02-10 22:17 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\BitTorrentHelper
2021-02-10 21:41 - 2021-02-10 22:27 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Deployment
2021-02-10 21:41 - 2021-02-10 21:41 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Apps\2.0
2021-02-10 20:44 - 2021-02-10 20:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-10 20:43 - 2021-02-10 20:43 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-10 20:43 - 2021-02-10 20:43 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-10 20:43 - 2021-02-10 20:43 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-10 20:43 - 2021-02-10 20:43 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-10 18:34 - 2021-02-10 18:34 - 000003294 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2021-02-10 18:34 - 2021-02-10 18:34 - 000003242 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2021-02-10 18:34 - 2021-02-10 18:34 - 000003238 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_itype_exe
2021-02-07 15:15 - 2021-02-07 15:15 - 000000222 _____ C:\Users\PRDOSLAV\Desktop\PC Building Simulator.url
2021-02-07 15:10 - 2021-02-07 15:11 - 000000000 ____D C:\Riot Games
2021-02-07 01:27 - 2021-02-07 01:27 - 000000000 ____D C:\Users\PRDOSLAV\Downloads\UnityText
2021-02-06 14:24 - 2021-02-06 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2021-02-06 14:24 - 2021-02-06 14:24 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2021-02-06 14:19 - 2021-02-06 14:19 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Xiaomi
2021-02-06 11:53 - 2021-02-06 12:00 - 000000160 _____ C:\Users\PRDOSLAV\AppData\LocalLow\rbxcsettings.rbx
2021-02-05 22:04 - 2021-02-06 20:59 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Disney Interactive
2021-02-02 21:45 - 2021-02-04 22:55 - 000000000 ____D C:\Users\PRDOSLAV\Desktop\Čeština Mad Games Tycoon 2 -2021.02.21A
2021-02-01 13:16 - 2021-02-01 13:16 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\GIMP
2021-02-01 13:16 - 2021-02-01 13:16 - 000000000 ____D C:\Users\PRDOSLAV\.cache
2021-02-01 13:06 - 2021-02-01 13:06 - 000000913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.22.lnk
2021-02-01 13:04 - 2021-02-01 13:05 - 000000000 ____D C:\Program Files\GIMP 2
2021-02-01 12:50 - 2021-02-14 01:23 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Nicepage Templates
2021-02-01 12:09 - 2021-02-01 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-02-01 12:07 - 2021-02-01 13:09 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Nicepage
2021-02-01 12:02 - 2021-02-01 12:02 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Lightshot
2021-02-01 12:01 - 2021-02-14 01:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2021-01-31 08:24 - 2021-01-31 08:24 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\ElevatedDiagnostics
2021-01-30 18:29 - 2021-01-30 22:28 - 000000223 _____ C:\Users\PRDOSLAV\Desktop\Mad Games Tycoon 2.url
2021-01-28 22:44 - 2021-02-11 22:22 - 000003116 _____ C:\WINDOWS\system32\Tasks\MSISCMTsk
2021-01-28 22:44 - 2021-02-11 22:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-01-28 22:16 - 2021-01-28 22:16 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nová složka
2021-01-28 22:00 - 2021-01-28 22:00 - 000011776 _____ (SpeedJet Technology INC.) C:\WINDOWS\system32\Drivers\SjtWinIo_v2_0.sys
2021-01-28 21:46 - 2021-01-28 21:46 - 008823656 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw08.sys
2021-01-28 21:46 - 2021-01-28 21:46 - 002673724 _____ C:\WINDOWS\system32\Drivers\Netwfw08.dat
2021-01-28 21:46 - 2021-01-28 21:46 - 001058152 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter08.dll
2021-01-28 21:45 - 2021-01-28 21:45 - 006161712 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2021-01-28 21:45 - 2021-01-28 21:45 - 000539440 _____ (Intel Corporation) C:\WINDOWS\system32\ibtsiva.exe
2021-01-28 21:45 - 2021-01-28 21:45 - 000441648 _____ (Intel Corporation) C:\WINDOWS\system32\ibtproppage.dll
2021-01-26 23:30 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-26 23:30 - 2021-01-23 09:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-26 23:30 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-26 23:30 - 2021-01-23 09:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-26 23:30 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-26 23:30 - 2021-01-23 09:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-26 23:30 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-26 23:30 - 2021-01-23 09:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 001512096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 001164960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000689312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-01-26 23:30 - 2021-01-23 09:12 - 000680096 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000672928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000613536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000558240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-26 23:30 - 2021-01-23 09:12 - 000547488 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 008262304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 007392928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 004611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 002731168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 002103456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 001589408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 000813216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 000657056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-26 23:30 - 2021-01-23 09:11 - 000446624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-01-26 23:30 - 2021-01-23 09:10 - 006070848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-26 23:30 - 2021-01-23 09:10 - 000850080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-01-26 23:30 - 2021-01-22 23:59 - 000084264 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-25 23:24 - 2021-02-10 21:31 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\obs-studio
2021-01-25 23:24 - 2021-01-25 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 06:38 - 2020-09-26 22:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-22 00:12 - 2020-12-26 18:46 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-22 00:11 - 2020-09-27 08:30 - 000000000 ____D C:\Program Files\CCleaner
2021-02-22 00:03 - 2021-01-03 11:35 - 000000000 ____D C:\ProgramData\Common
2021-02-21 23:37 - 2021-01-10 10:00 - 000000128 _____ C:\Users\PRDOSLAV\AppData\Roaming\winscp.rnd
2021-02-21 23:14 - 2020-10-23 20:03 - 000000000 ____D C:\Ross-Tech
2021-02-21 22:53 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\INF
2021-02-21 22:52 - 2020-09-27 08:30 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-21 18:55 - 2020-09-26 22:51 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-21 13:43 - 2020-09-26 22:56 - 000000545 _____ C:\WINDOWS\win.ini
2021-02-21 09:09 - 2020-09-26 22:58 - 000717844 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-21 09:09 - 2020-09-26 22:58 - 000144986 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-21 09:09 - 2020-09-26 22:20 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-21 09:03 - 2020-11-21 11:21 - 000001476 _____ C:\Users\PRDOSLAV\Desktop\Roblox Player.lnk
2021-02-21 09:03 - 2020-11-21 11:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-02-21 09:02 - 2020-09-26 22:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-21 09:02 - 2020-06-12 23:13 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-21 09:01 - 2020-09-26 22:53 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-20 19:54 - 2020-09-26 22:11 - 000000000 ____D C:\Users\PRDOSLAV
2021-02-20 15:24 - 2020-10-31 23:08 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-20 00:46 - 2020-09-26 23:00 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 23:00 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-20 00:46 - 2020-09-26 22:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-02-20 00:46 - 2020-09-26 22:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-02-20 00:46 - 2020-09-26 22:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-02-19 21:58 - 2020-11-14 00:11 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\DS4Windows
2021-02-19 19:20 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-19 06:34 - 2020-09-26 22:25 - 000002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-17 13:20 - 2020-10-05 21:12 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\vlc
2021-02-17 12:28 - 2020-09-26 22:56 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-17 12:28 - 2020-09-26 22:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Publishers
2021-02-17 12:28 - 2020-09-26 22:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Packages
2021-02-17 11:13 - 2020-09-26 22:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-02-17 11:08 - 2021-01-09 10:38 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Adobe
2021-02-17 00:05 - 2020-09-26 22:56 - 000000000 __RSD C:\WINDOWS\Media
2021-02-17 00:05 - 2020-09-26 22:56 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-02-17 00:05 - 2020-09-26 22:56 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2021-02-16 23:37 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-02-16 23:36 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-16 23:36 - 2020-09-26 22:54 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-16 23:34 - 2021-01-02 20:26 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-02-16 22:37 - 2020-09-27 08:30 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-02-16 09:16 - 2020-09-26 22:45 - 000000000 ____D C:\Program Files\Java
2021-02-16 09:16 - 2020-03-31 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-02-16 09:15 - 2020-09-26 22:46 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-02-16 09:11 - 2020-09-26 22:32 - 000000844 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2021-02-16 09:11 - 2020-09-26 22:32 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Notepad++
2021-02-16 09:11 - 2020-09-26 22:32 - 000000000 ____D C:\Program Files\Notepad++
2021-02-16 08:59 - 2021-01-09 10:28 - 000000000 ____D C:\Users\PRDOSLAV\Documents\Plány
2021-02-15 22:02 - 2020-09-26 22:20 - 000000000 ____D C:\ProgramData\Packages
2021-02-15 15:02 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2021-02-15 11:33 - 2020-10-22 21:03 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Adobe
2021-02-13 20:36 - 2020-11-01 10:35 - 002505048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-12 21:55 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SystemApps
2021-02-12 15:53 - 2021-01-09 10:38 - 000000000 ____D C:\ProgramData\Adobe
2021-02-12 15:49 - 2020-10-23 20:04 - 000000000 ____D C:\Program Files\DIFX
2021-02-12 15:48 - 2021-01-09 10:42 - 000000000 ____D C:\Users\PRDOSLAV\AppData\LocalLow\Adobe
2021-02-11 23:35 - 2020-09-26 22:31 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\D3DSCache
2021-02-11 23:35 - 2020-09-26 22:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 22:29 - 2020-09-26 22:46 - 000000000 ____D C:\ProgramData\MSI
2021-02-11 22:22 - 2019-03-14 01:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2021-02-10 22:10 - 2019-11-20 18:19 - 000000000 __SHD C:\Users\PRDOSLAV\IntelGraphicsProfiles
2021-02-10 21:59 - 2020-09-26 22:56 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-02-10 21:54 - 2020-10-17 06:51 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Intel
2021-02-10 21:45 - 2021-01-16 16:27 - 000001102 _____ C:\Users\PRDOSLAV\Desktop\Grand Theft Auto V.lnk
2021-02-10 21:45 - 2021-01-16 09:01 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-02-10 21:38 - 2021-01-16 09:02 - 000000000 ____D C:\Program Files\Rockstar Games
2021-02-10 21:31 - 2021-01-16 09:01 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Rockstar Games
2021-02-10 21:31 - 2020-09-26 22:30 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Roaming\.minecraft
2021-02-10 21:30 - 2020-12-28 23:03 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Google
2021-02-10 21:30 - 2020-09-26 23:00 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\NVIDIA Corporation
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-10 20:52 - 2020-09-26 22:56 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-10 20:52 - 2020-09-26 22:53 - 000000000 ____D C:\WINDOWS\servicing
2021-02-10 20:36 - 2020-10-02 18:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 20:34 - 2020-10-02 18:54 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-07 20:58 - 2020-10-05 14:51 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-07 15:21 - 2020-10-05 14:51 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Riot Games
2021-02-07 15:11 - 2019-11-20 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-02-07 01:23 - 2020-10-11 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-02-06 14:31 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-06 11:55 - 2020-11-21 11:20 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\Roblox
2021-02-06 11:46 - 2020-09-26 22:56 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-05 17:15 - 2020-09-18 22:12 - 000000766 _____ C:\Users\PRDOSLAV\Desktop\House Flipper.lnk
2021-02-01 21:18 - 2020-09-26 22:25 - 000000000 ____D C:\Program Files\Google
2021-02-01 13:11 - 2020-09-26 22:25 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-01 12:45 - 2020-10-22 21:05 - 000055045 _____ C:\WINDOWS\system32\sfcdetails.txt
2021-02-01 12:09 - 2020-10-31 23:09 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-30 00:49 - 2020-11-01 01:54 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2021-01-30 00:49 - 2020-11-01 01:54 - 000000000 ____D C:\Program Files (x86)\WinSCP
2021-01-29 18:50 - 2020-09-26 22:13 - 000000000 ____D C:\ProgramData\Intel
2021-01-29 16:19 - 2020-09-26 23:00 - 000000000 ____D C:\Users\PRDOSLAV\AppData\Local\NVIDIA
2021-01-27 23:55 - 2020-10-23 22:04 - 000000000 ____D C:\Users\PRDOSLAV\Downloads\Naruto
2021-01-27 12:17 - 2020-09-26 23:00 - 002797808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-01-27 12:17 - 2020-09-26 23:00 - 002154224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-01-27 12:17 - 2020-09-26 23:00 - 001295088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-01-25 04:38 - 2020-10-30 22:38 - 000070896 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-01-25 04:38 - 2020-10-30 22:38 - 000059632 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-01-23 09:10 - 2020-09-25 23:08 - 007116680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

==================== Files in the root of some directories ========

2020-03-18 03:10 - 2020-03-18 03:10 - 000000258 _____ () C:\ProgramData\fontcacheev1.dat
2021-01-10 10:00 - 2021-02-21 23:37 - 000000128 _____ () C:\Users\PRDOSLAV\AppData\Roaming\winscp.rnd
2021-02-21 08:42 - 2021-02-21 08:42 - 000411020 _____ () C:\Users\PRDOSLAV\AppData\Local\ars.cache
2021-02-21 08:43 - 2021-02-21 08:43 - 001351894 _____ () C:\Users\PRDOSLAV\AppData\Local\census.cache
2021-02-21 08:24 - 2021-02-21 08:24 - 000000036 _____ () C:\Users\PRDOSLAV\AppData\Local\housecall.guid.cache
2021-02-21 08:29 - 2021-02-21 08:29 - 000000010 _____ () C:\Users\PRDOSLAV\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Naposledy upravil(a) Woytman dne 03 dub 2022 03:59, celkem upraveno 1 x.

Woytman
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 16 úno 2021 22:51

Re: První preventivní prohlídka - Díky!

#8 Příspěvek od Woytman »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2021
Ran by PRDOSLAV (22-02-2021 07:14:48)
Running from C:\Users\PRDOSLAV\Desktop
Windows 10 Home Version 20H2 19042.804 (X64) (2020-09-26 21:20:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3110588475-2115266248-3539613761-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3110588475-2115266248-3539613761-503 - Limited - Disabled)
Guest (S-1-5-21-3110588475-2115266248-3539613761-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3110588475-2115266248-3539613761-504 - Limited - Disabled)
PRDOSLAV (S-1-5-21-3110588475-2115266248-3539613761-1001 - Administrator - Enabled) => C:\Users\PRDOSLAV

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


AdGuard (HKLM-x32\...\{4aba1eab-3222-4eec-b751-fcc490bf0327}) (Version: 7.5.3430.0 - Adguard Software Ltd)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.5.3430.0 - Adguard Software Ltd) Hidden
Administrative Templates (.admx) for Windows 10 October 2020 Update (HKLM-x32\...\{FF72BA97-45EE-495D-9DEC-EAC1D0819429}) (Version: 1.0.0 - Microsoft Coporation)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
Aktualizace NVIDIA 38.0.6.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.6.0 - NVIDIA Corporation) Hidden
Balíček ovladače systému Windows - Ross-Tech HIDClass (01/05/2014 6.3.0.3) (HKLM\...\3A9B09BBD4F12A76FBBD3A428729660930BA5F13) (Version: 01/05/2014 6.3.0.3 - Ross-Tech)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 8.3.0.0767 - Disc Soft Ltd)
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.6.2005.0601 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.6.2005.0601 - Micro-Star International Co., Ltd.)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)
House Flipper v.1.2122 (a24be) (44415) (HKLM-x32\...\House Flipper_is1) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
League of Legends (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Messenger 91.5.119 (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 91.5.119 - Facebook, Inc.)
Microsoft Excel 2019 - cs-cz (HKLM\...\Excel2019Retail - cs-cz) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Word 2019 - cs-cz (HKLM\...\Word2019Retail - cs-cz) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.9.3 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20448 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Passpartout: The Starving Artist (HKLM-x32\...\1427891789_is1) (Version: 1.7.2 - GOG.com)
Planet Zoo (HKLM-x32\...\Planet Zoo_is1) (Version: - )
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9084.1 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Revo Uninstaller Pro 4.3.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.8 - VS Revo Group, Ltd.)
Roblox Player for PRDOSLAV (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for PRDOSLAV (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\roblox-studio) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TreeSize Free V4.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.2 - JAM Software)
VCDS SVO 19.6 (HKLM-x32\...\VCDS SVO) (Version: SVO 19.6.2 - Ross-Tech, LLC)
VEGAS Pro 18.0 (HKLM\...\{82C2EEEE-F7A1-11EA-B428-00155D8D255C}) (Version: 18.0.334 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WinSCP 5.17.10 (HKLM-x32\...\winscp3_is1) (Version: 5.17.10 - Martin Prikryl)
Wise Force Deleter 1.5.3 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.5.3 - WiseCleaner.com, Inc.)

Packages:
=========
MSI Driver & App Center -> C:\Program Files\WindowsApps\msiappadm.MSIDriverAppCenter_1.2009.1001.0_x64__7f61qv3vk9gn2 [2021-02-10] (msiappadm)
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.5.7.0_x64__w2gh52qy24etm [2021-02-17] (A-Volute)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-02-17] (NVIDIA Corp.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.11.0_x64__8wekyb3d8bbwe [2021-02-15] (Microsoft Corporation)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-17] (INTEL CORP) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.20.238.0_x64__dt26b99r8h8gj [2021-02-10] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => C:\Users\PRDOSLAV\OneDrive [2021-02-13 20:32]
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\PRDOSLAV\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-02-21 23:36 - 2008-04-19 17:35 - 000080384 _____ () [File not signed] C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2020-11-19 19:11 - 2021-02-19 13:05 - 006936424 _____ (Adguard Software Limited -> Adguard Software Ltd) [File not signed] C:\Program Files (x86)\Adguard\AdguardCore.dll
2020-05-14 06:59 - 2020-10-09 23:35 - 005353328 _____ (AVB Disc Soft, SIA -> Disc Soft Ltd) [File not signed] C:\Program Files\DAEMON Tools Pro\Engine.dll
2018-11-23 07:01 - 2018-11-23 07:01 - 000438784 _____ (A-Volute) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\YooMixCOM.dll
2021-01-28 22:35 - 2021-01-28 22:36 - 042499072 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\IGCC.dll
2016-08-10 20:34 - 2016-08-10 20:34 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\WinIo64.dll
2015-06-11 19:35 - 2015-06-11 19:35 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\WinIo64.dll
2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-09-26 22:56 - 2021-02-16 21:46 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2020-12-31 16:28 - 2020-09-26 22:55 - 000000407 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PRDOSLAV\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\tapeta programu windows prohlížeč fotografií.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AGMService => 3
MSCONFIG\Services: AGSService => 3
MSCONFIG\Services: Disc Soft Pro Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: sshd => 3
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "errorlog.txt"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "RZSurroundHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "RT-Updater-SVO.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "Dragon Center.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "com.blitz.app"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "RzAppEngine"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EC9F76DB-F118-413B-8391-DC66EA4C0354}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9A29FAFA-7910-4F68-A013-21DD95B67925}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{72417710-F769-42AC-A88F-A262E2FBAA07}] => (Allow) C:\Ross-Tech\VCDS-SVO\VCIConfig.EXE (Ross-Tech, LLC -> Ross-Tech, LLC)
FirewallRules: [{23A8467D-98E9-49AD-B52B-509680804E65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5B4AD96C-D946-4703-BBA3-119710294B15}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{346FDF41-E355-4578-BBD0-8C4AA9E64850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{F4398B6B-6FCC-4936-BC94-37F78B223C7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{9E3D3026-AE61-476C-983F-130A4900278C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [{F58FC49C-B51D-451F-BBB3-982021550F72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [TCP Query User{C9B71383-DE35-4E2B-8308-FCA1EB4996A1}D:\games\planet zoo\planetzoo.exe] => (Allow) D:\games\planet zoo\planetzoo.exe (Frontier Developments) [File not signed]
FirewallRules: [UDP Query User{AE59501E-807B-40FB-BBA7-5D32E1D085B1}D:\games\planet zoo\planetzoo.exe] => (Allow) D:\games\planet zoo\planetzoo.exe (Frontier Developments) [File not signed]
FirewallRules: [{EC8593E2-83C6-4A00-8B54-2EAC311BB074}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{04BBB615-B8E1-45C2-B0E1-8EEB02DC8A52}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5BD36732-E769-44DA-AB31-746AF3BC2471}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [File not signed]
FirewallRules: [{F6812CB4-D053-418B-A309-12811F31CFDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [File not signed]
FirewallRules: [TCP Query User{D264C3EC-FA01-44BF-A95C-B603D85ECAFF}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{319B8886-7384-48F2-8088-9FEE5B4DA7F7}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{31523857-B8AF-44A0-830D-9EC768B33F64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{DDD127CF-B0F1-4137-9D5E-DF16F1040CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{A42EB437-75DC-4C66-BB9A-3B3A30A4F311}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AD556DD5-09F0-4E97-858B-34705EBB45AB}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{A0624FDD-0D1B-42F5-AD65-156A19C4E7DA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{9859ED59-9629-4895-B413-D683BB60E157}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{EC1441C2-7DAB-43A7-9C08-1FA10733A78E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0CFA1B1D-9F69-4563-85CA-2783C283986C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8B19C25F-3F6E-4CA6-9F28-159C12507ED6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DEC847B0-D57C-4390-934D-7BE7A5E7922E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

==================== Restore Points =========================

15-02-2021 11:31:10 Installed Rapport
15-02-2021 11:36:53 Removed Rapport
16-02-2021 08:57:42 JRT Pre-Junkware Removal
16-02-2021 08:58:47 JRT Pre-Junkware Removal
16-02-2021 09:36:42 Installed Sophos Virus Removal Tool.
16-02-2021 23:26:27 Instalační služba modulů systému Windows
16-02-2021 23:33:36 Instalační služba modulů systému Windows
16-02-2021 23:33:47 Instalační služba modulů systému Windows
16-02-2021 23:33:57 Instalační služba modulů systému Windows
16-02-2021 23:34:04 Instalační služba modulů systému Windows
16-02-2021 23:34:11 Instalační služba modulů systému Windows
16-02-2021 23:34:22 Instalační služba modulů systému Windows
16-02-2021 23:34:33 Instalační služba modulů systému Windows
16-02-2021 23:34:46 Instalační služba modulů systému Windows
16-02-2021 23:34:58 Instalační služba modulů systému Windows
16-02-2021 23:35:10 Instalační služba modulů systému Windows
16-02-2021 23:35:22 Instalační služba modulů systému Windows
16-02-2021 23:35:34 Instalační služba modulů systému Windows
16-02-2021 23:35:46 Instalační služba modulů systému Windows
16-02-2021 23:35:54 Instalační služba modulů systému Windows
16-02-2021 23:36:04 Instalační služba modulů systému Windows
16-02-2021 23:36:12 Instalační služba modulů systému Windows
16-02-2021 23:37:54 Installed Administrative Templates (.admx) for Windows 10 October 2020 Update
17-02-2021 10:44:49 Installed Nahimic Restore Tool
20-02-2021 00:51:53 Driver Booster : Intel(R) UHD Graphics 630

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/22/2021 12:12:09 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3110588475-2115266248-3539613761-1001}/>.

Error: (02/22/2021 12:12:04 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3110588475-2115266248-3539613761-1001}/>.

Error: (02/21/2021 10:53:08 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3110588475-2115266248-3539613761-1001}/>.

Error: (02/21/2021 09:01:49 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/21/2021 09:01:49 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


Error: (02/21/2021 01:11:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3110588475-2115266248-3539613761-1001}/>.

Error: (02/21/2021 12:30:46 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).


System errors:
=============
Error: (02/22/2021 07:08:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Micro Star SCM byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/22/2021 12:14:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Adguard Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (02/21/2021 09:31:06 AM) (Source: DCOM) (EventID: 10010) (User: PRDOSLAV-NTB)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/21/2021 09:01:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (02/21/2021 09:01:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (02/21/2021 09:01:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelIHVRouter08.dll

Error: (02/21/2021 09:01:47 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba NPEService je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/21/2021 02:17:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2021-02-21 15:29:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {44154003-3C86-47D6-B31F-E1A9F61080E6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM


Date: 2021-02-21 13:43:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Locky.gen!B!rsm
Závažnost: Vážné
Kategorie: Ransomware
Cesta: behavior:_pid:13580:76638805371429; process:_pid:13580,ProcessStart:132583843044975993
Původ detekce: Neznámý
Typ detekce: Obecný
Zdroj detekce: Neznámý
Uživatel:
Název procesu: C:\Users\PRDOSLAV\AppData\Local\Temp\mwavscan.exe
Verze bezpečnostních informací: AV: 1.331.1502.0, AS: 1.331.1502.0, NIS: 1.331.1502.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-21 13:43:15
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Locky.gen!B!rsm
Závažnost: Vážné
Kategorie: Ransomware
Cesta: behavior:_pid:13580:76638805371429; process:_pid:13580,ProcessStart:132583843044975993
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.1502.0, AS: 1.331.1502.0, NIS: 1.331.1502.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

CodeIntegrity:
===============
Date: 2021-02-15 15:01:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. E17F2IMS.109 05/19/2020
Motherboard: Micro-Star International Co., Ltd. MS-17F2
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 36%
Total physical RAM: 16227.32 MB
Available physical RAM: 10255.88 MB
Total Virtual: 17251.32 MB
Available Virtual: 9729.88 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:280.5 GB) (Free:147.23 GB) NTFS
Drive d: (Data) (Fixed) (Total:177.5 GB) (Free:44.31 GB) NTFS

\\?\Volume{ac5adbe9-eb71-4de3-b174-579b4d3f00f2}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.43 GB) NTFS
\\?\Volume{68105432-156c-48c2-9dc5-3545d3fd71f2}\ (BIOS_RVY) (Fixed) (Total:17.64 GB) (Free:1.57 GB) NTFS
\\?\Volume{4abc0b6c-3530-4e6b-9ee2-f1feaa4985b1}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FF7B3DBC)

Partition: GPT.

==================== End of Addition.txt =======================
Naposledy upravil(a) Woytman dne 03 dub 2022 04:00, celkem upraveno 1 x.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: První preventivní prohlídka - Díky!

#9 Příspěvek od Diallix »

Ok, docistime:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {0a25ba03-733f-11eb-8b37-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {0a25ba42-733f-11eb-8b37-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
ShortcutTarget: RT-Updater-SVO.lnk -> C:\Ross-Tech\VCDS-SVO\VCDS.exe (No File)
Task: {5877EC20-A755-413C-9BD4-EF05F4CE19E4} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com ... duckgo.com"
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
U3 DiagTrack; no ImagePath

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Woytman
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 16 úno 2021 22:51

Re: První preventivní prohlídka - Díky!

#10 Příspěvek od Woytman »

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-02-2021
Ran by Woytman (22-02-2021 09:27:23) Run:1
Running from C:\Users\Woytman\Desktop
Loaded Profiles: Woytman
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {0a25ba03-733f-11eb-8b37-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {0a25ba42-733f-11eb-8b37-4889e716f2dc} - "E:\HiSuiteDownLoader.exe"
ShortcutTarget: RT-Updater-SVO.lnk -> C:\Ross-Tech\VCDS-SVO\VCDS.exe (No File)
Task: {5877EC20-A755-413C-9BD4-EF05F4CE19E4} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com ... duckgo.com"
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
U3 DiagTrack; no ImagePath
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a25ba03-733f-11eb-8b37-4889e716f2dc} => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a25ba42-733f-11eb-8b37-4889e716f2dc} => removed successfully
"C:\Ross-Tech\VCDS-SVO\VCDS.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5877EC20-A755-413C-9BD4-EF05F4CE19E4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5877EC20-A755-413C-9BD4-EF05F4CE19E4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => not found
"Chrome StartupUrls" => removed successfully
AdobeARMservice => service not found.
HKLM\System\CurrentControlSet\Services\DiagTrack => removed successfully
DiagTrack => service removed successfully


The system needed a reboot.

==== End of Fixlog 09:27:34 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: První preventivní prohlídka - Díky!

#11 Příspěvek od Diallix »

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Odpovědět