Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivní kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Preventivní kontrola

#1 Příspěvek od TomGuma »

Zdravím,

prosím o preventivní kontrolu. Díky moc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by tmich (administrator) on GUMA-PC (ASUS System Product Name) (09-04-2021 13:00:12)
Running from D:\Stažené soubory
Loaded Profiles: tmich
Platform: Windows 10 Pro Version 2004 19041.867 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\_A-install\DS4Windows\DS4Windows.exe
() [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe <2>
() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(AgileBits Inc. -> AgileBits Inc.) C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe
(Alexander Drozdov) [File not signed] C:\_A\Awakened_PoE_trade\Awakened PoE Trade.exe <4>
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe <3>
(Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Discord Inc. -> Discord Inc.) C:\Users\tmich\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(DTS, Inc. -> ) C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Jan Fiala -> Jan Fiala) C:\Program Files\PSPad editor\PSPad.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.860_none_e73d0c67262f5c28\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Ventis Media, Inc. -> Ventis Media Inc.) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
(Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe
(Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\tmich\AppData\Local\WhatsApp\app-2.2110.12\WhatsApp.exe <7>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1081648 2020-12-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17361016 2016-12-20] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1747288 2021-03-18] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [1Password] => C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe [5230928 2021-03-02] (AgileBits Inc. -> AgileBits Inc.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3543040 2010-12-18] () [File not signed]
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3543040 2010-12-18] () [File not signed]
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Discord] => C:\Users\tmich\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-03-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [MicrosoftEdgeAutoLaunch_7C9F3DBE991B4048ADEFE2CEE58B766A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408920 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\tmich\AppData\Local\WhatsApp\Update.exe [2252496 2021-04-06] (WhatsApp, Inc -> )
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Feem] => "C:\Program Files (x86)\Feem 2018\Feem.exe" --hide
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50041472 2021-03-12] (Google LLC -> )
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: []
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\MountPoints2: {f47713aa-8cbf-11eb-bbe8-000c76d3765d} - "F:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2020-12-20]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (Voyetra Turtle Beach, Inc. -> ROCCAT)
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Awakened PoE Trade.exe.lnk [2021-03-27]
ShortcutTarget: Awakened PoE Trade.exe.lnk -> C:\_A\Awakened_PoE_trade\Awakened PoE Trade.exe (Alexander Drozdov) [File not signed]
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-01-13]
ShortcutTarget: DS4Windows.lnk -> C:\_A-install\DS4Windows\DS4Windows.exe () [File not signed]
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run_TradeMacro.ahk.lnk [2021-03-27]
ShortcutTarget: Run_TradeMacro.ahk.lnk -> C:\_A\POE-TradeMacro-2.16.0\Run_TradeMacro.ahk () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D5E823-9ADD-41A1-A777-6DF626BCA51A} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe [442888 2021-03-23] (Voyetra Turtle Beach, Inc. -> ROCCAT)
Task: {020A2B72-CCD2-4FE1-8437-E5193F51DEC7} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
Task: {02D73687-5EBF-463B-B5F2-5D86D3EC726B} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {0AAB933C-33EA-45D0-82E3-F526963A3DA3} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {2BE10D61-37B5-4A42-8B25-AD708A1EE1EF} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {2F4ACD73-0423-4BC3-8973-E887F75068A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4CB364B0-F789-4A74-8CC0-06719CAB3BF2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53C318F8-C650-4F75-BAF5-FAFBBABA71B4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {67336725-99FF-4B8E-A9D9-9CB0AE899186} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {99900E42-7FF2-4B3F-9151-8578BF93B757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {A2639FF0-65B9-4CB5-B3C1-99540E1F9161} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B73FB5FF-5E9F-40F6-A7BA-49402D85FCA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DBC23F70-747A-45FB-BBEA-7C7114C285F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {EA162B7C-690D-47FA-BF15-19DE4C4F5A67} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{09e40924-e54f-45bd-a297-3536945039e0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9b3c903f-8dcb-43a1-a014-f0235f3c298d}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-09]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Outlook) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-05]
Edge Extension: (lock) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2021-04-01]
Edge Extension: (tabXpert - session and tab manager) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbhfliieaebpiaocbfkhnpmmacakjeko [2021-04-08]
Edge Extension: (Word) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-05]
Edge Extension: (Excel) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-05]
Edge Extension: (Clean Master: Nejlepší Cleaner pro mezipaměť Edge) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlcebdoehkdiojeahkofcfnolkleembf [2021-01-19]
Edge Extension: (PowerPoint) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-05]

FireFox:
========
FF DefaultProfile: 6e3f4ela.default
FF ProfilePath: C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\6e3f4ela.default [2020-12-20]
FF ProfilePath: C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release [2021-04-09]
FF Session Restore: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> hxxps://office.mailbox.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: {d634138d-c276-4fc8-924b-40a0ea21d284}
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: uBlock0@raymondhill.net
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: treestyletab@piro.sakura.ne.jp
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: @contain-facebook
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: jid1-ZAdIEUB7XOzOJw@jetpack
FF Extension: (Facebook Container) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\@contain-facebook.xpi [2021-01-26]
FF Extension: (Clear Cache) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\clearcache@michel.de.almeida.xpi [2021-01-03]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\fvdmedia@gmail.com.xpi [2021-01-03]
FF Extension: (Terms of Service; Didn’t Read) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi [2021-03-29]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-04-08]
FF Extension: (New Tab Page) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\pavel.sherbakov@gmail.com.xpi [2021-02-21]
FF Extension: (Tab Session Manager) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2021-03-15]
FF Extension: (Tree Style Tab) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2021-03-31]
FF Extension: (uBlock Origin) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-03-14]
FF Extension: (Přeložit webové stránky) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2021-04-05]
FF Extension: (1Password – Password Manager) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\{d634138d-c276-4fc8-924b-40a0ea21d284}.xpi [2021-03-31]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default [2021-02-27]
CHR Extension: (Prezentace) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-07]
CHR Extension: (Dokumenty) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-07]
CHR Extension: (Disk Google) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-07]
CHR Extension: (YouTube) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-07]
CHR Extension: (Tabulky) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-27]
CHR Extension: (Gmail) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-27]
CHR HKU\S-1-5-21-164066535-651083684-587169521-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AAErrorPort; C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe [222008 2021-03-27] (Private trade unitary enterprise LST -> Active Anticheat) <==== ATTENTION
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-03-04] (Autodesk, Inc. -> Autodesk Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [838760 2021-04-08] (ASUSTeK Computer Inc. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4816728 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DTSAPO3Service; C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe [222104 2020-12-20] (DTS, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-01-13] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 FoxitReaderUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitReaderUpdateService.exe [2356800 2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-20] (Logitech Inc -> Logitech Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-12-20] (Logitech Inc -> Logitech Inc.)
R1 ndextlag; C:\Windows\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
S3 PRProt; C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys [5405232 2021-03-27] (Microsoft Windows Hardware Compatibility Publisher -> ) <==== ATTENTION
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [420072 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-09 12:59 - 2021-04-09 13:00 - 000000000 ____D C:\FRST
2021-04-08 23:37 - 2021-04-08 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-04-08 22:43 - 2021-04-08 22:43 - 000000000 ____D C:\ProgramData\FLEXnet
2021-04-08 22:16 - 2021-04-08 23:08 - 000000000 ____D C:\inetpub
2021-04-08 22:16 - 2021-04-08 22:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2021-04-08 22:16 - 2021-04-08 22:16 - 000000000 ____D C:\Windows\SysWOW64\BestPractices
2021-04-08 22:16 - 2021-04-08 22:16 - 000000000 ____D C:\Windows\system32\BestPractices
2021-04-08 20:55 - 2021-04-08 22:43 - 000000000 ____D C:\Users\tmich\AppData\Local\Autodesk
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap Photo
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2019 - English
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-04-08 20:54 - 2021-04-08 22:43 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Autodesk
2021-04-08 20:54 - 2021-04-08 20:55 - 000000000 ____D C:\Program Files\Autodesk
2021-04-08 20:54 - 2021-04-08 20:54 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2021-04-08 20:54 - 2021-04-08 20:54 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2021-04-08 20:53 - 2021-04-08 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2021-04-08 20:42 - 2021-04-08 23:01 - 000000000 ____D C:\ProgramData\Autodesk
2021-04-08 12:22 - 2021-04-08 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-04-08 12:22 - 2021-04-08 12:22 - 000000000 ____D C:\Program Files\qBittorrent
2021-04-06 21:38 - 2021-04-08 16:00 - 000000000 ____D C:\Users\tmich\AppData\Roaming\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\ProgramData\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\Program Files (x86)\AirDroid
2021-04-06 21:29 - 2021-04-06 21:30 - 000000000 ____D C:\Users\tmich\AppData\Roaming\FeePerfect
2021-04-06 21:29 - 2021-04-06 21:29 - 000017408 _____ C:\Users\tmich\AppData\Local\WebpageIcons.db
2021-04-06 21:29 - 2021-04-06 21:29 - 000000000 ____D C:\Users\tmich\AppData\Local\LocalStorage
2021-04-04 13:34 - 2021-04-04 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-04-03 16:50 - 2021-04-07 20:57 - 000000000 ____D C:\Games
2021-04-03 16:31 - 2021-04-03 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2021-04-03 16:17 - 2021-04-05 08:19 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-03 16:17 - 2021-04-03 16:17 - 000002114 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2021-04-03 16:17 - 2021-04-03 16:17 - 000000266 _____ C:\nsispromotion_log.txt
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\Users\tmich\AppData\Roaming\GRETECH
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\ProgramData\GRETECH
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\Program Files (x86)\GOM
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 _____ C:\end
2021-04-03 16:06 - 2021-04-03 16:06 - 000000000 ____D C:\Users\tmich\AppData\Local\CD Projekt Red
2021-04-03 16:05 - 2021-04-03 16:05 - 000000000 ____D C:\Users\tmich\AppData\Local\REDEngine
2021-04-03 16:05 - 2021-04-03 16:05 - 000000000 ____D C:\Users\tmich\AppData\Local\GOG.com
2021-04-02 17:02 - 2021-04-04 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2021-04-02 17:02 - 2021-04-04 13:34 - 000000000 ____D C:\Program Files\DAUM
2021-04-02 17:02 - 2021-04-02 17:02 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Daum
2021-03-30 17:16 - 2021-03-30 17:16 - 000000191 _____ C:\Windows\ODBCINST.INI
2021-03-30 17:16 - 2021-03-30 17:16 - 000000145 _____ C:\Windows\ODBC.INI
2021-03-30 17:16 - 2021-03-30 17:16 - 000000000 ____D C:\zksoft
2021-03-30 17:16 - 2021-03-30 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZK Soft
2021-03-30 17:16 - 2010-01-12 07:57 - 000600064 _____ (Christian Werner Software & Consulting) C:\Windows\SysWOW64\sqlite3odbc.dll
2021-03-27 12:07 - 2021-03-27 12:09 - 000001908 _____ C:\Windows\diagwrn.xml
2021-03-27 12:07 - 2021-03-27 12:09 - 000001908 _____ C:\Windows\diagerr.xml
2021-03-27 12:07 - 2021-03-27 12:09 - 000000000 ___HD C:\$WINDOWS.~BT
2021-03-27 11:05 - 2021-03-27 11:05 - 000000000 ____D C:\Program Files (x86)\CryptSignX_2_3_21113_0
2021-03-27 11:03 - 2021-03-27 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePodpisFS-x86
2021-03-27 11:03 - 2021-03-27 11:03 - 000000000 ____D C:\Program Files (x86)\ePodpisFS
2021-03-25 22:44 - 2021-03-26 20:40 - 000000000 ____D C:\Program Files\NTLite
2021-03-25 22:44 - 2021-03-25 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite
2021-03-25 22:42 - 2021-03-25 22:43 - 000000000 ____D C:\Program Files (x86)\nLite
2021-03-25 21:53 - 2021-03-25 22:08 - 000000000 ____D C:\Users\tmich\AppData\Roaming\ImgBurn
2021-03-25 21:53 - 2021-03-25 21:53 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2021-03-25 21:53 - 2021-03-25 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2021-03-25 21:53 - 2021-03-25 21:53 - 000000000 ____D C:\Program Files (x86)\ImgBurn
2021-03-25 21:46 - 2021-03-25 21:46 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DAEMON Tools Lite
2021-03-25 21:46 - 2021-03-25 21:46 - 000000000 ____D C:\Users\tmich\AppData\Local\Disc_Soft_Ltd
2021-03-25 21:45 - 2021-03-25 21:45 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2021-03-25 21:45 - 2021-03-25 21:45 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Disc-Soft
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2021-03-25 21:36 - 2021-03-25 21:40 - 000000000 ____D C:\ProgramData\Ashampoo
2021-03-25 21:36 - 2021-03-25 21:36 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Ashampoo
2021-03-25 21:36 - 2021-03-25 21:36 - 000000000 ____D C:\Users\tmich\AppData\Local\ashampoo
2021-03-25 21:31 - 2021-03-25 21:33 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DeepBurner
2021-03-25 21:24 - 2021-03-25 21:44 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Nero
2021-03-25 21:13 - 2021-03-25 21:13 - 000000000 ___HD C:\$Windows.~WS
2021-03-25 21:11 - 2021-03-25 21:48 - 000000000 ____D C:\ProgramData\Nero
2021-03-25 21:06 - 2021-03-25 21:06 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Macromedia
2021-03-21 15:04 - 2021-04-09 08:33 - 000004190 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{A981721F-F867-4356-8DE0-29F20C936AD0}
2021-03-19 11:03 - 2021-04-08 21:26 - 000000000 ____D C:\Users\tmich\AppData\Roaming\awakened-poe-trade
2021-03-19 11:03 - 2021-03-19 11:03 - 000001879 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakened PoE Trade.lnk
2021-03-19 11:03 - 2021-03-19 11:03 - 000000000 ____D C:\Users\tmich\AppData\Local\awakened-poe-trade-updater
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\Windows\ShellNew
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\Program Files\AutoHotkey
2021-03-18 08:24 - 2021-03-18 08:26 - 000000000 ____D C:\Users\tmich\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2021-03-18 08:24 - 2021-03-18 08:24 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files\MSBuild
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-15 18:44 - 2021-03-15 18:44 - 000001259 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Path of Building.lnk
2021-03-14 18:33 - 2021-03-14 18:33 - 000001484 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-03-14 18:28 - 2021-03-14 18:28 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-03-14 18:28 - 2021-03-14 18:28 - 000000000 ____D C:\Users\tmich\AppData\Local\4kdownload.com
2021-03-14 18:28 - 2021-03-14 18:28 - 000000000 ____D C:\Program Files\4KDownload
2021-03-14 10:13 - 2021-04-03 16:31 - 000000000 ____D C:\Program Files\PSPad editor
2021-03-12 22:26 - 2021-03-12 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2021-03-12 22:26 - 2021-03-12 22:26 - 000000000 ____D C:\Program Files (x86)\Grinding Gear Games
2021-03-12 09:12 - 2021-03-12 09:12 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-03-12 09:12 - 2021-03-12 09:12 - 000000000 ____D C:\Program Files\Adobe
2021-03-12 09:11 - 2021-03-12 09:11 - 000000000 ____D C:\Users\tmich\AppData\Local\Adobe
2021-03-12 09:11 - 2021-03-12 09:11 - 000000000 ____D C:\ProgramData\Adobe
2021-03-10 01:08 - 2021-03-10 01:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-03-10 01:08 - 2021-03-10 01:08 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-03-10 01:08 - 2021-03-10 01:08 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-03-10 01:08 - 2021-03-10 01:08 - 001394024 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-03-10 01:08 - 2021-03-10 01:08 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-03-10 01:08 - 2021-03-10 01:08 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-03-10 01:08 - 2021-03-10 01:08 - 000707016 _____ C:\Windows\system32\TextShaping.dll
2021-03-10 01:08 - 2021-03-10 01:08 - 000611952 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-03-10 01:08 - 2021-03-10 01:08 - 000480256 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-03-10 01:08 - 2021-03-10 01:08 - 000231248 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-03-10 01:08 - 2021-03-10 01:08 - 000091136 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-03-10 01:08 - 2021-03-10 01:08 - 000011359 _____ C:\Windows\system32\DrtmAuthTxt.wim

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-09 13:00 - 2021-01-05 16:47 - 000000000 ____D C:\Users\tmich\AppData\Roaming\MediaMonkey
2021-04-09 12:57 - 2021-02-11 12:38 - 000000000 ____D C:\Users\tmich\AppData\Roaming\WhatsApp
2021-04-09 12:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-09 12:47 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Roaming\discord
2021-04-09 12:45 - 2021-01-15 19:44 - 000000000 ____D C:\Users\tmich\AppData\Roaming\qBittorrent
2021-04-09 12:43 - 2020-12-20 12:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-04-09 12:42 - 2020-12-20 13:04 - 000000000 ____D C:\Users\tmich\AppData\Local\D3DSCache
2021-04-09 08:47 - 2020-12-20 12:38 - 001694140 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-09 08:47 - 2019-12-07 16:43 - 000717008 _____ C:\Windows\system32\perfh005.dat
2021-04-09 08:47 - 2019-12-07 16:43 - 000145186 _____ C:\Windows\system32\perfc005.dat
2021-04-09 08:47 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-04-08 23:37 - 2021-01-07 20:48 - 000000000 ____D C:\Users\tmich\AppData\Local\Google
2021-04-08 23:37 - 2021-01-07 20:48 - 000000000 ____D C:\Program Files\Google
2021-04-08 22:46 - 2021-01-10 21:48 - 000007603 _____ C:\Users\tmich\AppData\Local\Resmon.ResmonCfg
2021-04-08 22:39 - 2020-09-23 07:56 - 000000000 ____D C:\_A-install
2021-04-08 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2021-04-08 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\inetsrv
2021-04-08 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Registration
2021-04-08 22:16 - 2019-12-07 11:10 - 000169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2021-04-08 22:16 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngkeyhelper.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2021-04-08 22:16 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-04-08 21:28 - 2020-12-20 13:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-08 21:27 - 2020-12-20 13:05 - 000003110 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2021-04-08 21:27 - 2020-12-20 13:04 - 000003094 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2021-04-08 21:27 - 2020-12-20 13:04 - 000000000 ____D C:\Users\tmich\AppData\LocalLow\Mozilla
2021-04-08 21:26 - 2021-03-05 14:58 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-08 21:26 - 2021-01-13 14:34 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-08 21:26 - 2021-01-13 14:27 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DS4Windows
2021-04-08 21:26 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Local\Discord
2021-04-08 21:26 - 2020-12-20 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-08 21:26 - 2020-12-20 12:32 - 000877320 _____ C:\Windows\system32\wpbbin.exe
2021-04-08 21:26 - 2020-12-20 12:32 - 000838760 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-04-08 21:26 - 2020-12-20 12:32 - 000553232 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-08 21:26 - 2020-12-20 12:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-08 21:25 - 2021-01-07 21:22 - 000003126 _____ C:\Windows\system32\Tasks\MSIAfterburner
2021-04-08 21:25 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-04-08 21:16 - 2021-03-01 09:32 - 000000000 ____D C:\Users\tmich\AppData\Local\Battle.net
2021-04-08 17:47 - 2021-01-16 15:17 - 000000000 ____D C:\Users\tmich\AppData\Roaming\vlc
2021-04-08 12:34 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-04-07 20:26 - 2020-12-20 19:45 - 000000000 ____D C:\Program Files\Bandizip
2021-04-06 21:29 - 2021-01-15 19:18 - 000000000 ____D C:\Users\tmich\AppData\Local\CrashDumps
2021-04-06 16:18 - 2021-02-11 12:38 - 000000000 ____D C:\Users\tmich\AppData\Local\WhatsApp
2021-04-05 08:19 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-04 18:02 - 2021-03-01 19:51 - 000000000 ____D C:\Program Files (x86)\Diablo III
2021-04-04 13:34 - 2021-01-25 16:44 - 000000000 ____D C:\ProgramData\Foxit Software
2021-04-03 16:18 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-04-03 16:17 - 2020-12-20 12:51 - 000000000 ____D C:\Users\tmich\AppData\Local\VirtualStore
2021-04-03 11:56 - 2021-01-05 22:27 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-02 17:33 - 2020-12-20 13:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-02 17:33 - 2020-12-20 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-02 14:27 - 2021-03-01 09:32 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Battle.net
2021-04-02 14:26 - 2021-03-01 09:31 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-03-31 13:10 - 2020-12-20 13:10 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-03-30 23:58 - 2021-01-07 20:48 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-28 21:40 - 2020-12-20 14:25 - 000000000 ____D C:\Users\tmich\AppData\Roaming\obs-studio
2021-03-28 15:59 - 2020-12-20 13:01 - 000000000 ____D C:\Users\tmich\AppData\Local\AMD_Common
2021-03-27 23:04 - 2020-12-20 13:46 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Awesomium
2021-03-27 21:14 - 2021-02-02 19:29 - 000000128 _____ C:\Users\tmich\AppData\Local\PUTTY.RND
2021-03-27 16:26 - 2020-12-20 14:40 - 000003662 _____ C:\Windows\system32\Tasks\ROCCAT DEVICE SERVICE
2021-03-27 16:25 - 2020-12-20 13:04 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-27 12:09 - 2020-12-20 12:32 - 000000000 ____D C:\Windows\Panther
2021-03-27 11:04 - 2020-12-20 12:49 - 000000000 ____D C:\Users\tmich
2021-03-25 21:24 - 2021-02-17 14:36 - 000000000 ____D C:\ESD
2021-03-21 15:03 - 2020-12-20 13:09 - 000000000 ____D C:\_A
2021-03-18 08:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\MUI
2021-03-18 08:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\MUI
2021-03-15 23:37 - 2020-12-20 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-03-15 17:26 - 2020-12-20 12:52 - 000003358 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-164066535-651083684-587169521-1001
2021-03-15 17:26 - 2020-12-20 12:52 - 000000000 ___RD C:\Users\tmich\OneDrive
2021-03-15 17:26 - 2020-12-20 12:49 - 000002363 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-14 18:28 - 2020-12-20 12:58 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-14 10:14 - 2021-01-05 14:10 - 000000000 ____D C:\Program Files (x86)\PSPad editor
2021-03-12 09:12 - 2020-12-20 12:51 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Adobe
2021-03-12 09:12 - 2020-12-20 12:51 - 000000000 ____D C:\Users\tmich\AppData\Local\Packages
2021-03-12 09:12 - 2020-12-20 12:51 - 000000000 ____D C:\ProgramData\Packages
2021-03-10 01:49 - 2019-12-07 16:47 - 000000000 ___SD C:\Windows\system32\AppV
2021-03-10 01:49 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-03-10 01:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-03-10 01:05 - 2020-12-20 14:00 - 000000000 ___HD C:\$WinREAgent
2021-03-10 01:04 - 2020-12-20 13:59 - 000000000 ____D C:\Windows\system32\MRT
2021-03-10 01:02 - 2020-12-20 13:59 - 131005360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories ========

2021-02-02 19:29 - 2021-03-27 21:14 - 000000128 _____ () C:\Users\tmich\AppData\Local\PUTTY.RND
2021-02-25 09:22 - 2021-02-25 09:22 - 000000218 _____ () C:\Users\tmich\AppData\Local\recently-used.xbel
2021-01-10 21:48 - 2021-04-08 22:46 - 000007603 _____ () C:\Users\tmich\AppData\Local\Resmon.ResmonCfg
2021-04-06 21:29 - 2021-04-06 21:29 - 000017408 _____ () C:\Users\tmich\AppData\Local\WebpageIcons.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by tmich (09-04-2021 13:01:00)
Running from D:\Stažené soubory
Windows 10 Pro Version 2004 19041.867 (X64) (2020-12-20 10:34:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-164066535-651083684-587169521-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-164066535-651083684-587169521-503 - Limited - Disabled)
ftp_user (S-1-5-21-164066535-651083684-587169521-1002 - Limited - Enabled)
Guest (S-1-5-21-164066535-651083684-587169521-501 - Limited - Enabled)
tmich (S-1-5-21-164066535-651083684-587169521-1001 - Administrator - Enabled) => C:\Users\tmich
WDAGUtilityAccount (S-1-5-21-164066535-651083684-587169521-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\1Password) (Version: 7.6.793 - AgileBits Inc.)
4K Video Downloader (HKLM\...\{324530FC-5511-4D31-95D2-92BFB823F16F}) (Version: 4.15.0.4160 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{6f4880c8-b3c8-48f7-9f1d-ccbd16680059}) (Version: 4.15.0.4160 - Open Media LLC)
AirDroid 3.6.9.1 (HKLM-x32\...\AirDroid) (Version: 3.6.9.1 - Sand Studio)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{4fedae1b-6980-4848-9ba0-229c946a3dac}) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.) Hidden
AutoCAD 2019 - English (HKLM\...\{28B89EEF-2001-0409-2102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
Autodesk App Manager 2016-2019 (HKLM-x32\...\{C1BF29A7-2D9E-4E8D-A3C1-02F6B20B8AB7}) (Version: 2.5.0 - Autodesk)
Autodesk AutoCAD 2019 - English (HKLM\...\AutoCAD 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.3.0 (HKLM-x32\...\{448BC38C-2654-48CD-BB43-F59A37854A3E}) (Version: 1.3.0.0 - Autodesk)
Autodesk Material Library 2019 (HKLM-x32\...\{8F69EE2C-DC34-4746-9B47-7511147BD4B0}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{3AAA4C1B-51DA-487D-81A3-4234DBB9A8F9}) (Version: 17.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 5.0.0.40 - Autodesk)
Autodesk ReCap Photo (HKLM\...\Autodesk ReCap Photo) (Version: 19.0.0.38 - Autodesk)
AutoHotkey 1.1.33.06 (HKLM\...\AutoHotkey) (Version: 1.1.33.06 - Lexikos)
Awakened PoE Trade 2.9.1 (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\2ea281da-028b-5d55-b26e-53163c89344a) (Version: 2.9.1 - Alexander Drozdov)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Bandicut (HKLM-x32\...\Bandicut) (Version: 3.6.2.647 - Bandicam.com)
Bandizip (HKLM\...\Bandizip) (Version: 7.16 - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
CryptSignX verze 2.3.21113.0 (HKLM-x32\...\CryptSignX verze 2.3.21113.0) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1728 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
ePodpisFS-x86 (HKLM-x32\...\{A3B9DFF0-4BC3-4578-9BB8-AAA16B26E65F}_is1) (Version: 10.0.0.0 - )
Excel (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
ExitLag version 4 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4 - ExitLag)
FARO LS 1.1.700.0 (64bit) (HKLM-x32\...\{FF6E9382-0B85-48DE-888F-76EFD9A87038}) (Version: 7.0.0.23 - FARO Scanner Production)
FileZilla Client 3.52.2 (HKLM-x32\...\FileZilla Client) (Version: 3.52.2 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.3.37598 - Foxit Software Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.63.5327 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView 4.56 (64-bit) (HKLM\...\IrfanView64) (Version: 4.56 - Irfan Skiljan)
LibreOffice 7.0.4.2 (HKLM\...\{B3171B83-4945-43E0-A101-841638C05506}) (Version: 7.0.4.2 - The Document Foundation)
Logitech Gaming Software 8.90 (HKLM\...\Logitech Gaming Software) (Version: 8.90.117 - Logitech Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0 - Mozilla)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
Nero 9 Essentials (HKLM-x32\...\{a7465807-9520-4d87-98df-8c1bfbf7e0b4}) (Version: - Nero AG)
NTLite v2.0.0.7820 (HKLM\...\NTLite_is1) (Version: 2.0.0.7820 - Nlitesoft)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.0 - OBS Project)
Outlook (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.168.0.12 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
Path of Exile (HKLM-x32\...\{8ea0099b-19fe-40fd-815b-b8e06a36e078}) (Version: 3.13.1.38812 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.13.1.38812 - Grinding Gear Games) Hidden
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.1.0.68 - Autodesk)
PowerPoint (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
PSPad editor (64bitový) (HKLM\...\PSPad editor_is1) (Version: 5.0.5.567 - Jan Fiala)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.582 - Jan Fiala)
PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham)
qBittorrent 4.3.4.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.4.1 - The qBittorrent project)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8971.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.42.526.2020 - Realtek)
RivaTuner Statistics Server 7.3.0 (HKLM-x32\...\RTSS) (Version: 7.3.0 - Unwinder)
ROCCAT Swarm (HKLM-x32\...\{9D12397F-45AF-4517-B492-1D1E2FA475EE}) (Version: 1.93.880 - ROCCAT GmbH) Hidden
ROCCAT Swarm (HKLM-x32\...\InstallShield_{9D12397F-45AF-4517-B492-1D1E2FA475EE}) (Version: 1.93.880 - ROCCAT GmbH)
Speciální aplikace Autodesk 2016-2019 (HKLM-x32\...\{79F5747D-A961-4CCD-88B0-41F004D79AEB}) (Version: 2.5.0 - Autodesk)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamSpeak Overlay (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Telegram Desktop version 2.7.1 (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.1 - Telegram FZ-LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WhatsApp (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\WhatsApp) (Version: 2.2110.12 - WhatsApp)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Word (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
X7 Oscar Keyboard Editor (HKLM-x32\...\{AB363F8A-FE88-4188-9D4F-B9014989A7E7}) (Version: 10.12.0003 - A4TECH) Hidden
X7 Oscar Keyboard Editor (HKLM-x32\...\InstallShield_{AB363F8A-FE88-4188-9D4F-B9014989A7E7}) (Version: 10.12.0003 - A4TECH)
ZK Skladové hospodářství v.2.63 Mini (HKLM-x32\...\{49BE3A63-4D65-4005-97E9-1F113B9383E4}_is1) (Version: - ZK Soft)

Packages:
=========
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_35.2.12.6_x64__adky2gkssdxte [2021-03-12] (Adobe Systems Incorporated)
DTS Custom for Asus -> C:\Program Files\WindowsApps\DTSInc.DTSCustomforAsus_2.1.1.0_x64__t5j2fzbtdg37r [2020-12-20] (DTS, Inc.)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne [2021-02-21] (File-New-Project) [Startup Task]
Kurzový lístek free -> C:\Program Files\WindowsApps\9004Filipehok.Kurzovlstekfree_4.5.1.0_x64__9395n12vvdcne [2021-02-03] (Filip Řehořík) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-28] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [2020-12-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0 [2021-03-05] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl.x64.dll (Bandisoft -> Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2019\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2019-08-19] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-08-19] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2020-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers1_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1_S-1-5-21-164066535-651083684-587169521-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]
ContextMenuHandlers2_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2021-04-08 21:26 - 2021-04-08 21:26 - 000573440 _____ () [File not signed] \\?\C:\Users\tmich\AppData\Local\Temp\810e4bfd-2e55-4253-8127-2d7460c44369.tmp.node
2021-04-08 21:26 - 2021-04-08 21:26 - 000180736 _____ () [File not signed] \\?\C:\Users\tmich\AppData\Local\Temp\d39ebd40-86ef-4fe9-9b6a-c730bcb60074.tmp.node
2021-04-08 21:26 - 2021-04-08 21:26 - 000148992 _____ () [File not signed] \\?\C:\Users\tmich\AppData\Local\Temp\f3fac639-d26b-484e-99b4-5ca529a791a1.tmp.node
2021-03-19 11:03 - 2021-01-31 10:08 - 002824192 _____ () [File not signed] C:\_A\Awakened_PoE_trade\ffmpeg.dll
2021-03-19 11:03 - 2021-01-31 10:08 - 000471552 _____ () [File not signed] C:\_A\Awakened_PoE_trade\swiftshader\libegl.dll
2021-03-19 11:03 - 2021-01-31 10:08 - 003246592 _____ () [File not signed] C:\_A\Awakened_PoE_trade\swiftshader\libglesv2.dll
2021-01-05 16:47 - 2020-10-05 15:44 - 001178112 _____ () [File not signed] C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll
2021-01-05 16:47 - 2020-10-05 15:44 - 000374272 _____ () [File not signed] C:\Program Files (x86)\MediaMonkey\Plugins\f_WMV.dll
2021-01-05 16:47 - 2017-07-26 11:56 - 000077824 _____ () [File not signed] C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll
2021-01-05 16:47 - 2017-07-26 11:56 - 000013824 _____ () [File not signed] C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll
2021-01-05 16:47 - 2017-07-26 11:56 - 000679936 _____ () [File not signed] C:\Program Files (x86)\MediaMonkey\SQLite3_iOS8.dll
2021-01-05 16:47 - 2020-10-05 15:44 - 000581632 _____ () [File not signed] C:\Program Files (x86)\MediaMonkey\sqlite3MM.dll
2019-10-26 13:04 - 2019-10-26 13:04 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-10-26 13:04 - 2019-10-26 13:04 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2021-02-27 12:49 - 2021-02-27 12:49 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2021-02-27 12:50 - 2021-02-27 12:50 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2021-02-27 12:50 - 2021-02-27 12:50 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2020-09-11 12:55 - 2021-03-19 08:13 - 000643584 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\aimo.dll
2015-12-29 07:25 - 2015-12-29 00:25 - 000120334 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libgcc_s_dw2-1.dll
2015-12-29 07:25 - 2015-12-29 00:25 - 001540622 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libstdc++-6.dll
2019-10-24 12:16 - 2020-11-30 07:59 - 007523840 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\resource.dll
2010-12-03 15:43 - 2010-12-03 15:43 - 000943104 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\KeySettingRemind\KeySettingRemind.dll
2010-12-02 18:56 - 2010-12-02 18:56 - 000815104 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\OSD_Text\OSD_Text.dll
2010-12-02 20:29 - 2010-12-02 20:29 - 000900608 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\ProfileHint\ProfileHint.dll
2010-12-02 21:01 - 2010-12-02 21:01 - 000994304 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-11-01 21:16 - 2010-11-01 21:16 - 000062976 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-09-20 15:19 - 2010-09-20 15:19 - 000062976 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-10-11 11:13 - 2010-10-11 11:13 - 000087040 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_MouseDeviceManager.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 000054272 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ScrollbarControl.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 000085504 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ZoomControl.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 000114176 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_ctypes.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000172544 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_elementtree.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 002255872 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_hashlib.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000032256 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_multiprocessing.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000046080 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_psutil_windows.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000047616 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_socket.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 002824704 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_ssl.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000026112 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\_yappi.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000080896 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\bz2.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000015872 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\common.time34.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000007680 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\hashobjs_ext.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000301568 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\PIL._imaging.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000168448 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\pyexpat.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 001084416 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\pysqlite2._sqlite.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000548864 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\pythoncom27.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 000137728 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\pywintypes27.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 000010752 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\select.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000020992 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\thumbnails_ext.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000689664 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\unicodedata.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000119808 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\usb_ext.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000128512 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32api.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000438784 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32com.shell.shell.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000011776 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32crypt.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000023040 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32event.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000149504 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32file.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000223232 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32gui.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000048128 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32inet.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000029696 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32pdh.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000027648 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32pipe.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000044032 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32process.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000020480 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32profile.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000136192 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32security.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000026624 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\win32ts.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000034304 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\windows.conditional.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000037888 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\windows.connectivity.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000071680 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\windows.device_monitor.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000103936 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\windows.volumes.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000019968 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\windows.winwrap.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 001325056 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wx._controls_.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 001489408 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wx._core_.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 001007104 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wx._gdi_.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000103424 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wx._html2.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 000916992 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wx._misc_.pyd
2021-04-08 23:37 - 2021-04-08 23:37 - 001039872 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wx._windows_.pyd
2020-12-04 07:51 - 2020-12-04 07:51 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2009-11-24 07:04 - 2009-11-24 07:04 - 001141248 _____ (Embarcadero Technologies Inc.) [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\CC32100MT.DLL
2009-11-03 07:02 - 2009-11-03 07:02 - 000040448 _____ (Embarcadero Technologies, Inc.) [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\BORLNDMM.DLL
2021-01-05 16:47 - 2017-07-26 11:56 - 000062976 _____ (Franco Catrin L.) [File not signed] C:\Program Files (x86)\MediaMonkey\Plugins\dsp_DeFX.dll
2021-01-05 16:47 - 2017-07-26 11:56 - 000200704 _____ (Matthew T. Ashland) [File not signed] C:\Program Files (x86)\MediaMonkey\Plugins\in_ape.dll
2015-12-29 07:25 - 2015-12-29 00:25 - 000079360 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libwinpthread-1.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\python27.dll
2015-12-29 07:52 - 2015-12-29 00:52 - 002177536 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\LIBEAY32.dll
2015-12-29 07:52 - 2015-12-29 00:52 - 000462336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ssleay32.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000058880 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qdds.dll
2016-06-10 16:32 - 2016-06-10 09:32 - 000033792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qgif.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000046592 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qicns.dll
2016-06-10 16:33 - 2016-06-10 09:33 - 000036352 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qico.dll
2016-06-10 16:32 - 2016-06-10 09:32 - 000258560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qjpeg.dll
2016-06-11 02:51 - 2016-06-10 19:51 - 000028672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qsvg.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000028672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qtga.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000495616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qtiff.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qwbmp.dll
2016-06-11 03:16 - 2016-06-10 20:16 - 000416768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qwebp.dll
2016-06-13 04:38 - 2016-06-12 21:38 - 000317440 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\mediaservice\dsengine.dll
2016-06-10 16:34 - 2016-06-10 09:34 - 001489920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\platforms\qwindows.dll
2020-01-13 10:29 - 2020-01-13 03:29 - 005384704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Core.dll
2016-06-10 16:23 - 2016-06-10 09:23 - 005283840 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Gui.dll
2016-06-13 04:29 - 2016-06-12 21:29 - 000853504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Multimedia.dll
2016-06-10 16:17 - 2016-06-10 09:17 - 001610240 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Network.dll
2016-06-11 02:51 - 2016-06-10 19:51 - 000348160 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Svg.dll
2016-06-10 16:29 - 2016-06-10 09:29 - 006358528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Widgets.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-04 08:02 - 2020-12-04 08:02 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2015-08-24 11:10 - 2020-10-26 12:13 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\BASS.dll
2015-08-24 11:10 - 2020-10-26 12:13 - 000012166 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\BASSWASAPI.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wxbase30u_net_vc90_x64.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wxbase30u_vc90_x64.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wxmsw30u_adv_vc90_x64.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wxmsw30u_core_vc90_x64.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wxmsw30u_html_vc90_x64.dll
2021-04-08 23:37 - 2021-04-08 23:37 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI58322\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-164066535-651083684-587169521-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\_A\Putty\;
HKU\S-1-5-21-164066535-651083684-587169521-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: ExitLag Game Booster -> nt_ndextlag (enabled)
Síťové připojení Bluetooth: ExitLag Game Booster -> nt_ndextlag (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{76130225-013F-491F-B6E2-172097781058}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5C009547-71E6-40DC-AE8A-71A37A5849EF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D46AFF11-6D14-4D53-B815-CC154C46932E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{355BE375-8E33-41C9-B4E1-DBA68C2DB0C2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{88FF7C0D-201A-4B8D-A4E6-09775B26AB60}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{AC9F9D52-48F0-4633-97F4-96DBF17F963F}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{F956C0F7-BFB3-466D-8C67-86C33A454989}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9C7DB957-26A8-4005-A7D6-271FF57F130F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8C07F577-31CD-4D95-A4DD-BDE2869A6D1A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [{012A7AAB-9DC6-4142-9FD1-262AA2FE6C9C}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [{D5E4D3A4-D057-41B2-9113-BBA80AC59F58}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F17E5F42-C133-4133-8F5C-633FF069E6A8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{D6B09F0F-F25A-4957-B4B3-0FFB3780257D}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{431C332D-AACA-47E0-AC5D-46B5F810B754}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{FF62FEA1-FB6F-4600-8675-D204D5D2DBC7}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [{E559F994-AA43-4D5A-ABE8-9E60295F67F8}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [{2CEEFB15-DB59-415C-9EA3-AA7F9539339C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1EF8AE25-11C7-4C4D-96B0-5EE7AC9B623B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25303A91-1DEC-43F2-85DB-65AD6BFB099C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54013972-4099-4CF0-A3C8-66D137A025D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F3E73E7-2648-4480-ACDD-F6929088091F}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{F13379AE-9395-4392-9C63-7878C633EFBF}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{45B82E65-CCDE-4F21-82D6-BDBB3D685ED8}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{324CE0FA-F169-4061-B765-967B08D17559}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{CBA280D5-5947-4692-8204-172A395DA0A1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1082A718-50FF-459A-BE92-3DC14FA8B80F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{48CFEA02-ADCC-4327-8CDC-9B1000753C22}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{B222261D-510E-4E56-89D3-C99CBEA0DF8F}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{2ACCD0E6-AE93-4606-A44E-57A67BA81DD9}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{0CD6340B-4A82-493A-865D-AE3F31E00CF2}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{EC7F5D2C-8452-40AC-BCF7-4D2F066F6C14}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{BAA54C92-6030-4502-B7C6-3DBAB3E48E6D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1631B803-7AD2-498F-BBB7-FE278ED19C20}] => (Allow) D:\_SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{8B51E037-24EA-44E9-AFDB-AF5A8D3F37BF}] => (Allow) D:\_SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [TCP Query User{64810FCA-2F21-43EA-A809-00C90AB3B37E}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BAE76C49-6700-433D-BFA4-EF402A821678}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8F507F58-3B98-4DE5-9122-3A917093529B}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{34F52923-2690-4615-81B5-E5D23F349B86}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{F0759411-6C30-465C-8E44-7DED1607E6E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5D31539C-FCB6-41F2-8814-E391705E5C6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B3671BFB-6713-4D20-8255-87880C6A90A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7E7E2100-4081-4F18-B7FC-E5F63B7651A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F23EAC06-46A0-4A3C-8C67-EB5AEE98A536}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CE22A668-7ABD-4B3F-AB45-4BEF6C54C322}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CE5E293A-8C88-4BD6-AF0F-33F08E883194}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A837522D-57E1-4E7E-B4D5-2A1F89260330}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{42E86E4E-3F6C-4919-BC65-8613F9B4389E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{38D185AF-0A89-43DC-B5F9-24BBFF9FF09E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4BE10A41-D03E-4057-B53C-B7B1E99281C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{26EC5B19-734D-4ED9-BFBD-BD8BC0B6FD9C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D8B1CCD-DBCA-4852-A5F0-C28D650EC22F}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{84D43A43-E721-44DD-983F-CC652657DE7A}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{08B892B7-0FF6-4112-B45F-59C170AF78C2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{438E1DD1-52BC-47B2-90FB-2368EC42676C}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{7ADB821E-4300-4FCD-B919-367930F5BEFF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{D79F150D-B45C-4F72-9137-F10A7D8560F8}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{F7ADF01E-1CB0-4CEC-B20A-91671799A18E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{95B4324E-0734-4C52-AF08-25C1B86B0AA3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{464DF7DB-71BB-4D36-A381-29E278EE1DD2}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F576A248-B116-4B7E-BCC9-090A2D77F9F1}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{E767BDB8-6858-4243-898E-A2E5EAE29E5C}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{96717AC4-C54A-47A8-916A-E5D68E2DB817}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0D2C5D1B-542F-49AD-9A83-E86D275AA912}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{D4EF63FE-9E24-4098-9D4A-7281BEFED7F1}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{4810099B-D18A-4826-9E8B-C5CF905F617A}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{04D5E3ED-2B57-49BF-82AD-AA7A452FC9B4}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{477F0820-60D3-41AA-995A-7F5A773A1885}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{247AE894-A7E7-412A-8B33-21126AB049FF}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{59978AFD-680A-4AF1-B17F-CC3E39F5892B}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{88648EC1-65F7-45DD-992E-B63681E00112}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [TCP Query User{5057B711-A66A-443F-8587-85D0B838F519}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{5E9AE6BA-0592-485B-AE67-BBC1EDAB80C2}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{EF6E1300-9FE4-4DC1-AA32-A022F02CEB4F}] => (Block) D:\Games\Cyberpunk 2077\bin\x64\Cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{B508132C-6190-4F34-B905-C4A41E0EB8A6}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{5172A1B9-171B-42CD-9416-B6147EB9AD4E}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{854B3866-CFA0-4BDB-8698-17045556DB14}] => (Allow) C:\Program Files (x86)\Feem 2018\Feem.exe => No File
FirewallRules: [TCP Query User{F58908B8-D4FF-4FA8-8332-BE1922B89C46}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{65AD2459-E6E1-4C7B-AC3F-CBFB25ED5655}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [{4E6F4010-9504-48BB-9FED-B76D7BCE2E02}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{75791136-78FB-4909-B0B9-8C673809C45B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]

==================== Restore Points =========================

18-03-2021 08:22:13 Instalační služba modulů systému Windows
25-03-2021 21:11:21 Installed Nero 9 Essentials 4.4.9.0
27-03-2021 11:05:46 Installed exe2msiSetupPackage
31-03-2021 20:12:46 Windows Update
08-04-2021 20:52:07 Removed Autodesk Network License Manager
08-04-2021 20:52:34 Removed Autodesk CAD Manager Tools
08-04-2021 22:16:08 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/08/2021 09:25:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/06/2021 09:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 1Password.exe, verze: 7.6.793.0, časové razítko: 0x60300480
Název chybujícího modulu: amdxn32.dll, verze: 8.14.10.117, časové razítko: 0x5fca6054
Kód výjimky: 0xc0000005
Posun chyby: 0x0005606e
ID chybujícího procesu: 0x2604
Čas spuštění chybující aplikace: 0x01d729e3a303eb55
Cesta k chybující aplikaci: C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe
Cesta k chybujícímu modulu: C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\amdxn32.dll
ID zprávy: b94c179a-0a2b-4e9a-ae02-f8bf5d35fc0f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/06/2021 09:29:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: 1Password.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0000005, adresa výjimky 568E606E
Zásobník:

Error: (04/05/2021 03:16:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na New (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/05/2021 02:45:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Old (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/05/2021 02:19:18 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Old (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/05/2021 08:26:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Diablo III64.exe verze 2.7.0.8755 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 11a0

Čas spuštění: 01d729e46dde8c1d

Čas ukončení: 6

Cesta k aplikaci: C:\Program Files (x86)\Diablo III\x64\Diablo III64.exe

ID hlášení: 0f0ca3a9-3a4f-4a26-ad8a-5c700d250fb8

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (04/04/2021 06:28:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 1Password.exe, verze: 7.6.793.0, časové razítko: 0x60300480
Název chybujícího modulu: amdxn32.dll, verze: 8.14.10.117, časové razítko: 0x5fca6054
Kód výjimky: 0xc0000005
Posun chyby: 0x0005606e
ID chybujícího procesu: 0x4ff8
Čas spuštění chybující aplikace: 0x01d7296be932a73e
Cesta k chybující aplikaci: C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe
Cesta k chybujícímu modulu: C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\amdxn32.dll
ID zprávy: 56883701-4ae7-429f-8743-be1d8133da59
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (04/08/2021 09:26:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (04/08/2021 08:46:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/08/2021 08:44:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/05/2021 08:19:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba SysMain byla ukončena s následující chybou:
Parametr není správný.

Error: (04/05/2021 08:19:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (04/04/2021 01:34:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba Foxit Reader Update Service je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (04/02/2021 05:33:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (04/02/2021 05:26:08 PM) (Source: DCOM) (EventID: 10010) (User: GUMA-PC)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2021-04-08 22:39:32
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Phonzy.A!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\_A-install\L2FileEdit-master.zip
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.335.460.0, AS: 1.335.460.0, NIS: 1.335.460.0
Verze modulu: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-08 15:52:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {50DC4F30-4556-40E5-A607-748B4E133C47}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-07 14:24:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7B1E7B14-F80B-4544-A9A9-8422BF9A2C8B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-06 14:17:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BBC3E6DC-64FA-4708-B457-49C95CC32D9F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-02 00:25:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FADEBCB9-D78F-434E-A4EB-AC1518C451A0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-04-04 10:37:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1004 08/13/2020
Motherboard: ASUSTeK COMPUTER INC. TUF GAMING B550-PLUS
Processor: AMD Ryzen 5 3600X 6-Core Processor
Percentage of memory in use: 31%
Total physical RAM: 32683.95 MB
Available physical RAM: 22477.97 MB
Total Virtual: 37547.95 MB
Available Virtual: 20664.64 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:465.65 GB) (Free:244.94 GB) NTFS
Drive d: (New) (Fixed) (Total:931.51 GB) (Free:262.39 GB) NTFS
Drive e: (Old) (Fixed) (Total:931.51 GB) (Free:67.28 GB) NTFS

\\?\Volume{19efa83d-20c1-4f4b-91e4-c280f25b5e39}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 69569EDF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30580F36)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Re: Preventivní kontrola

#3 Příspěvek od TomGuma »

Hádám, že vše ok.

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-11-2021
# Duration: 00:00:08
# OS: Windows 10 Pro
# Scanned: 31987
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [5109 octets] - [11/04/2021 22:42:11]
AdwCleaner[S01].txt - [1479 octets] - [11/04/2021 22:45:43]
AdwCleaner[C01].txt - [1649 octets] - [11/04/2021 22:45:52]
AdwCleaner[S02].txt - [1588 octets] - [11/04/2021 22:48:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#4 Příspěvek od Diallix »

Ano, log je ok. Cosistime.

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše


HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: []
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\MountPoints2: {f47713aa-8cbf-11eb-bbe8-000c76d3765d} - "F:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {DBC23F70-747A-45FB-BBEA-7C7114C285F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {99900E42-7FF2-4B3F-9151-8578BF93B757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {020A2B72-CCD2-4FE1-8437-E5193F51DEC7} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
Task: {67336725-99FF-4B8E-A9D9-9CB0AE899186} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FF Notifications: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> hxxps://office.mailbox.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: {d634138d-c276-4fc8-924b-40a0ea21d284}
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: uBlock0@raymondhill.net
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: treestyletab@piro.sakura.ne.jp
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: @contain-facebook
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: jid1-ZAdIEUB7XOzOJw@jetpack
FF Extension: (New Tab Page) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\pavel.sherbakov@gmail.com.xpi [2021-02-21]
FF Extension: (Facebook Container) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\@contain-facebook.xpi [2021-01-26]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S3 AAErrorPort; C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe [222008 2021-03-27] (Private trade unitary enterprise LST -> Active Anticheat) <==== ATTENTION
FirewallRules: [{8C07F577-31CD-4D95-A4DD-BDE2869A6D1A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [{012A7AAB-9DC6-4142-9FD1-262AA2FE6C9C}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [{D5E4D3A4-D057-41B2-9113-BBA80AC59F58}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F17E5F42-C133-4133-8F5C-633FF069E6A8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{5057B711-A66A-443F-8587-85D0B838F519}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{5E9AE6BA-0592-485B-AE67-BBC1EDAB80C2}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{EF6E1300-9FE4-4DC1-AA32-A022F02CEB4F}] => (Block) D:\Games\Cyberpunk 2077\bin\x64\Cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{B508132C-6190-4F34-B905-C4A41E0EB8A6}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{5172A1B9-171B-42CD-9416-B6147EB9AD4E}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{854B3866-CFA0-4BDB-8698-17045556DB14}] => (Allow) C:\Program Files (x86)\Feem 2018\Feem.exe => No File

EmptyTemp:


Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Re: Preventivní kontrola

#5 Příspěvek od TomGuma »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2021
Ran by tmich (administrator) on GUMA-PC (ASUS System Product Name) (12-04-2021 11:11:30)
Running from C:\_A\_viry
Loaded Profiles: tmich
Platform: Windows 10 Pro Version 2004 19041.867 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\_A-install\DS4Windows\DS4Windows.exe
() [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe <2>
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(AgileBits Inc. -> AgileBits Inc.) C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe
(Alexander Drozdov) [File not signed] C:\_A\Awakened_PoE_trade\Awakened PoE Trade.exe <4>
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe <3>
(Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Discord Inc. -> Discord Inc.) C:\Users\tmich\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(DTS, Inc. -> ) C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\IESettingSync.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe
(Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\tmich\AppData\Local\WhatsApp\app-2.2112.10\WhatsApp.exe <7>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1081648 2020-12-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17361016 2016-12-20] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1747288 2021-03-18] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [1Password] => C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe [5230928 2021-03-02] (AgileBits Inc. -> AgileBits Inc.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3543040 2010-12-18] () [File not signed]
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3543040 2010-12-18] () [File not signed]
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Discord] => C:\Users\tmich\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-03-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [MicrosoftEdgeAutoLaunch_7C9F3DBE991B4048ADEFE2CEE58B766A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408920 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\tmich\AppData\Local\WhatsApp\Update.exe [2252496 2021-04-11] (WhatsApp, Inc -> )
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50041472 2021-03-12] (Google LLC -> )
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2020-12-20]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (Voyetra Turtle Beach, Inc. -> ROCCAT)
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Awakened PoE Trade.exe.lnk [2021-03-27]
ShortcutTarget: Awakened PoE Trade.exe.lnk -> C:\_A\Awakened_PoE_trade\Awakened PoE Trade.exe (Alexander Drozdov) [File not signed]
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-01-13]
ShortcutTarget: DS4Windows.lnk -> C:\_A-install\DS4Windows\DS4Windows.exe () [File not signed]
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run_TradeMacro.ahk.lnk [2021-03-27]
ShortcutTarget: Run_TradeMacro.ahk.lnk -> C:\_A\POE-TradeMacro-2.16.0\Run_TradeMacro.ahk () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D5E823-9ADD-41A1-A777-6DF626BCA51A} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe [442888 2021-03-23] (Voyetra Turtle Beach, Inc. -> ROCCAT)
Task: {020A2B72-CCD2-4FE1-8437-E5193F51DEC7} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
Task: {1F3C0F22-55C5-445E-B992-0E6FF219D9E0} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {317A70FE-85E7-4B99-B2EE-550DFF78EBBA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42A5A59A-B840-47AE-8D2D-97515F2520BA} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {43D40DDB-5086-4BB3-8D7E-4C33E6A934F8} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {4CAFE648-8F64-4F4B-BD1D-29FC43BA6920} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53C318F8-C650-4F75-BAF5-FAFBBABA71B4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {67336725-99FF-4B8E-A9D9-9CB0AE899186} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7E34C87C-D6B5-477F-90E1-CE120B94D863} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {99900E42-7FF2-4B3F-9151-8578BF93B757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {DBC23F70-747A-45FB-BBEA-7C7114C285F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {EA162B7C-690D-47FA-BF15-19DE4C4F5A67} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F8F52676-1157-437C-B818-A107870BC5C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{09e40924-e54f-45bd-a297-3536945039e0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9b3c903f-8dcb-43a1-a014-f0235f3c298d}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-12]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Outlook) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-05]
Edge Extension: (lock) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2021-04-01]
Edge Extension: (tabXpert - session and tab manager) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbhfliieaebpiaocbfkhnpmmacakjeko [2021-04-08]
Edge Extension: (Word) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-05]
Edge Extension: (Excel) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-05]
Edge Extension: (Clean Master: Nejlepší Cleaner pro mezipaměť Edge) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlcebdoehkdiojeahkofcfnolkleembf [2021-01-19]
Edge Extension: (PowerPoint) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-05]

FireFox:
========
FF DefaultProfile: 6e3f4ela.default
FF ProfilePath: C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\6e3f4ela.default [2020-12-20]
FF ProfilePath: C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release [2021-04-12]
FF Session Restore: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> hxxps://office.mailbox.org; hxxps://app.smartsupp.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: {d634138d-c276-4fc8-924b-40a0ea21d284}
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: uBlock0@raymondhill.net
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: treestyletab@piro.sakura.ne.jp
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: @contain-facebook
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: jid1-ZAdIEUB7XOzOJw@jetpack
FF Extension: (Facebook Container) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\@contain-facebook.xpi [2021-01-26]
FF Extension: (Clear Cache) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\clearcache@michel.de.almeida.xpi [2021-01-03]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\fvdmedia@gmail.com.xpi [2021-01-03]
FF Extension: (Terms of Service; Didn’t Read) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi [2021-03-29]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-04-08]
FF Extension: (New Tab Page) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\pavel.sherbakov@gmail.com.xpi [2021-02-21]
FF Extension: (Tab Session Manager) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2021-04-09]
FF Extension: (Tree Style Tab) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2021-03-31]
FF Extension: (uBlock Origin) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-03-14]
FF Extension: (Přeložit webové stránky) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2021-04-05]
FF Extension: (1Password – Password Manager) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\{d634138d-c276-4fc8-924b-40a0ea21d284}.xpi [2021-03-31]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default [2021-04-11]
CHR Extension: (Prezentace) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-07]
CHR Extension: (Dokumenty) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-07]
CHR Extension: (Disk Google) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-07]
CHR Extension: (YouTube) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-07]
CHR Extension: (Tabulky) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-27]
CHR Extension: (Gmail) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-27]
CHR HKU\S-1-5-21-164066535-651083684-587169521-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-03-04] (Autodesk, Inc. -> Autodesk Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [838760 2021-04-12] (ASUSTeK Computer Inc. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4816728 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DTSAPO3Service; C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe [222104 2020-12-20] (DTS, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-01-13] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 FoxitReaderUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitReaderUpdateService.exe [2356800 2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-20] (Logitech Inc -> Logitech Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 AAErrorPort; C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe [X] <==== ATTENTION
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-12-20] (Logitech Inc -> Logitech Inc.)
R1 ndextlag; C:\Windows\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 PRProt; \??\C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-11 22:41 - 2021-04-11 22:45 - 000000000 ____D C:\AdwCleaner
2021-04-11 10:39 - 2021-04-11 10:43 - 000000000 ____D C:\Windows\AppReadiness
2021-04-11 10:39 - 2021-04-11 10:39 - 000000000 ____D C:\Windows\Panther
2021-04-10 14:22 - 2021-04-10 15:10 - 000000000 ____D C:\Users\tmich\AppData\Roaming\balena-etcher
2021-04-10 14:22 - 2021-04-10 14:22 - 000002458 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk
2021-04-10 14:22 - 2021-04-10 14:22 - 000000000 ____D C:\Users\tmich\AppData\Local\balena-etcher-updater
2021-04-09 23:53 - 2021-04-09 23:53 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-04-09 23:47 - 2021-04-09 23:47 - 000000000 ____D C:\ProgramData\Apple
2021-04-09 23:47 - 2021-04-09 23:47 - 000000000 ____D C:\Program Files\Bonjour
2021-04-09 23:47 - 2021-04-09 23:47 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-04-09 22:56 - 2021-04-09 22:56 - 000000000 ____D C:\Users\tmich\Nová složka
2021-04-09 22:44 - 2020-12-08 00:00 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUDCPEPM0.sys
2021-04-09 22:40 - 2021-04-09 22:40 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-04-09 22:40 - 2020-12-08 00:00 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUDCPEPM.sys
2021-04-09 22:40 - 2020-02-23 14:54 - 000085424 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUDCPEPM.sys.0
2021-04-09 22:40 - 2020-02-23 14:54 - 000033712 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUEDKEPM.sys
2021-04-09 22:00 - 2021-04-09 22:00 - 000000000 ____D C:\Users\tmich\AppData\Local\Paragon
2021-04-09 21:58 - 2021-04-09 21:58 - 000000000 ____D C:\ProgramData\Paragon Software
2021-04-09 21:57 - 2021-04-09 21:57 - 000000000 ____D C:\ProgramData\Paragon
2021-04-09 21:57 - 2021-04-09 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Manager 17 Advanced
2021-04-09 21:57 - 2021-04-09 21:57 - 000000000 ____D C:\Program Files\Paragon Software
2021-04-09 19:56 - 2021-04-09 19:56 - 000000000 ____D C:\Users\tmich\AppData\Roaming\MiniTool ShadowMaker
2021-04-09 19:56 - 2021-04-09 19:56 - 000000000 ____D C:\Users\tmich\AppData\Local\MiniTool ShadowMaker
2021-04-09 19:55 - 2021-04-09 19:57 - 000000000 ____D C:\Users\tmich\AppData\Roaming\QtProject
2021-04-09 19:54 - 2019-11-08 10:15 - 003600896 _____ C:\Windows\system32\pwNative.exe
2021-04-09 19:54 - 2019-11-08 10:15 - 000019152 _____ C:\Windows\system32\pwdrvio.sys
2021-04-09 19:54 - 2019-11-08 10:15 - 000012504 _____ C:\Windows\system32\pwdspio.sys
2021-04-09 12:59 - 2021-04-12 11:11 - 000000000 ____D C:\FRST
2021-04-08 23:37 - 2021-04-08 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-04-08 22:43 - 2021-04-11 10:27 - 000000000 ____D C:\ProgramData\FLEXnet
2021-04-08 22:16 - 2021-04-08 23:08 - 000000000 ____D C:\inetpub
2021-04-08 22:16 - 2021-04-08 22:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2021-04-08 22:16 - 2021-04-08 22:16 - 000000000 ____D C:\Windows\system32\BestPractices
2021-04-08 20:55 - 2021-04-08 22:43 - 000000000 ____D C:\Users\tmich\AppData\Local\Autodesk
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap Photo
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2019 - English
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-04-08 20:54 - 2021-04-08 22:43 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Autodesk
2021-04-08 20:54 - 2021-04-08 20:55 - 000000000 ____D C:\Program Files\Autodesk
2021-04-08 20:54 - 2021-04-08 20:54 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2021-04-08 20:54 - 2021-04-08 20:54 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2021-04-08 20:53 - 2021-04-08 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2021-04-08 20:42 - 2021-04-12 11:03 - 000000000 ____D C:\ProgramData\Autodesk
2021-04-08 12:22 - 2021-04-08 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-04-08 12:22 - 2021-04-08 12:22 - 000000000 ____D C:\Program Files\qBittorrent
2021-04-06 21:38 - 2021-04-08 16:00 - 000000000 ____D C:\Users\tmich\AppData\Roaming\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\ProgramData\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\Program Files (x86)\AirDroid
2021-04-06 21:29 - 2021-04-06 21:30 - 000000000 ____D C:\Users\tmich\AppData\Roaming\FeePerfect
2021-04-06 21:29 - 2021-04-06 21:29 - 000017408 _____ C:\Users\tmich\AppData\Local\WebpageIcons.db
2021-04-06 21:29 - 2021-04-06 21:29 - 000000000 ____D C:\Users\tmich\AppData\Local\LocalStorage
2021-04-04 13:34 - 2021-04-04 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-04-03 16:50 - 2021-04-07 20:57 - 000000000 ____D C:\Games
2021-04-03 16:31 - 2021-04-03 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2021-04-03 16:17 - 2021-04-11 10:19 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-03 16:17 - 2021-04-03 16:17 - 000002114 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2021-04-03 16:17 - 2021-04-03 16:17 - 000000266 _____ C:\nsispromotion_log.txt
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\Users\tmich\AppData\Roaming\GRETECH
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\ProgramData\GRETECH
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\Program Files (x86)\GOM
2021-04-03 16:06 - 2021-04-03 16:06 - 000000000 ____D C:\Users\tmich\AppData\Local\CD Projekt Red
2021-04-03 16:05 - 2021-04-03 16:05 - 000000000 ____D C:\Users\tmich\AppData\Local\REDEngine
2021-04-03 16:05 - 2021-04-03 16:05 - 000000000 ____D C:\Users\tmich\AppData\Local\GOG.com
2021-04-02 17:02 - 2021-04-04 13:34 - 000000000 ____D C:\Program Files\DAUM
2021-04-02 17:02 - 2021-04-02 17:02 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Daum
2021-03-30 17:16 - 2021-03-30 17:16 - 000000191 _____ C:\Windows\ODBCINST.INI
2021-03-30 17:16 - 2021-03-30 17:16 - 000000145 _____ C:\Windows\ODBC.INI
2021-03-30 17:16 - 2021-03-30 17:16 - 000000000 ____D C:\zksoft
2021-03-30 17:16 - 2021-03-30 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZK Soft
2021-03-30 17:16 - 2010-01-12 07:57 - 000600064 _____ (Christian Werner Software & Consulting) C:\Windows\SysWOW64\sqlite3odbc.dll
2021-03-27 12:07 - 2021-04-10 21:05 - 000007290 _____ C:\Windows\diagwrn.xml
2021-03-27 12:07 - 2021-04-10 21:05 - 000003813 _____ C:\Windows\diagerr.xml
2021-03-27 11:05 - 2021-03-27 11:05 - 000000000 ____D C:\Program Files (x86)\CryptSignX_2_3_21113_0
2021-03-27 11:03 - 2021-03-27 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePodpisFS-x86
2021-03-27 11:03 - 2021-03-27 11:03 - 000000000 ____D C:\Program Files (x86)\ePodpisFS
2021-03-25 22:44 - 2021-03-26 20:40 - 000000000 ____D C:\Program Files\NTLite
2021-03-25 22:44 - 2021-03-25 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite
2021-03-25 22:42 - 2021-03-25 22:43 - 000000000 ____D C:\Program Files (x86)\nLite
2021-03-25 21:53 - 2021-03-25 22:08 - 000000000 ____D C:\Users\tmich\AppData\Roaming\ImgBurn
2021-03-25 21:53 - 2021-03-25 21:53 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2021-03-25 21:53 - 2021-03-25 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2021-03-25 21:53 - 2021-03-25 21:53 - 000000000 ____D C:\Program Files (x86)\ImgBurn
2021-03-25 21:46 - 2021-03-25 21:46 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DAEMON Tools Lite
2021-03-25 21:46 - 2021-03-25 21:46 - 000000000 ____D C:\Users\tmich\AppData\Local\Disc_Soft_Ltd
2021-03-25 21:45 - 2021-03-25 21:45 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2021-03-25 21:45 - 2021-03-25 21:45 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Disc-Soft
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2021-03-25 21:36 - 2021-03-25 21:40 - 000000000 ____D C:\ProgramData\Ashampoo
2021-03-25 21:36 - 2021-03-25 21:36 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Ashampoo
2021-03-25 21:36 - 2021-03-25 21:36 - 000000000 ____D C:\Users\tmich\AppData\Local\ashampoo
2021-03-25 21:31 - 2021-04-11 10:26 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DeepBurner
2021-03-25 21:24 - 2021-03-25 21:44 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Nero
2021-03-25 21:06 - 2021-03-25 21:06 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Macromedia
2021-03-21 15:04 - 2021-04-12 10:44 - 000004190 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{A981721F-F867-4356-8DE0-29F20C936AD0}
2021-03-19 11:03 - 2021-04-12 11:04 - 000000000 ____D C:\Users\tmich\AppData\Roaming\awakened-poe-trade
2021-03-19 11:03 - 2021-03-19 11:03 - 000001879 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakened PoE Trade.lnk
2021-03-19 11:03 - 2021-03-19 11:03 - 000000000 ____D C:\Users\tmich\AppData\Local\awakened-poe-trade-updater
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\Windows\ShellNew
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\Program Files\AutoHotkey
2021-03-18 08:24 - 2021-03-18 08:26 - 000000000 ____D C:\Users\tmich\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2021-03-18 08:24 - 2021-03-18 08:24 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files\MSBuild
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-15 18:44 - 2021-03-15 18:44 - 000001259 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Path of Building.lnk
2021-03-14 18:33 - 2021-03-14 18:33 - 000001484 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-03-14 18:28 - 2021-03-14 18:28 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-03-14 18:28 - 2021-03-14 18:28 - 000000000 ____D C:\Users\tmich\AppData\Local\4kdownload.com
2021-03-14 18:28 - 2021-03-14 18:28 - 000000000 ____D C:\Program Files\4KDownload
2021-03-14 10:13 - 2021-04-03 16:31 - 000000000 ____D C:\Program Files\PSPad editor

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-12 11:10 - 2020-12-20 12:38 - 001694140 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-12 11:10 - 2019-12-07 16:43 - 000717008 _____ C:\Windows\system32\perfh005.dat
2021-04-12 11:10 - 2019-12-07 16:43 - 000145186 _____ C:\Windows\system32\perfc005.dat
2021-04-12 11:10 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-04-12 11:08 - 2020-12-20 13:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-12 11:07 - 2020-12-20 13:05 - 000003110 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2021-04-12 11:07 - 2020-12-20 13:04 - 000003094 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2021-04-12 11:07 - 2020-12-20 13:04 - 000000000 ____D C:\Users\tmich\AppData\LocalLow\Mozilla
2021-04-12 11:04 - 2021-02-11 12:38 - 000000000 ____D C:\Users\tmich\AppData\Roaming\WhatsApp
2021-04-12 11:04 - 2021-01-13 14:27 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DS4Windows
2021-04-12 11:04 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Roaming\discord
2021-04-12 11:03 - 2021-03-05 14:58 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-12 11:03 - 2021-01-13 14:34 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-12 11:03 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Local\Discord
2021-04-12 11:03 - 2020-12-20 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-12 11:03 - 2020-12-20 12:32 - 000877320 _____ C:\Windows\system32\wpbbin.exe
2021-04-12 11:03 - 2020-12-20 12:32 - 000838760 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-04-12 11:03 - 2020-12-20 12:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-12 11:03 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-12 11:02 - 2021-01-07 21:22 - 000003126 _____ C:\Windows\system32\Tasks\MSIAfterburner
2021-04-12 11:02 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-04-12 10:56 - 2020-12-20 12:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-04-11 22:53 - 2021-01-05 14:10 - 000000000 ____D C:\Users\tmich\AppData\Roaming\PSpad
2021-04-11 22:53 - 2020-12-20 13:09 - 000000000 ____D C:\_A
2021-04-11 22:43 - 2020-12-20 13:04 - 000000000 ____D C:\Users\tmich\AppData\Local\D3DSCache
2021-04-11 22:25 - 2021-02-11 12:38 - 000000000 ____D C:\Users\tmich\AppData\Local\WhatsApp
2021-04-11 15:59 - 2020-12-20 13:01 - 000000000 ____D C:\Users\tmich\AppData\Local\AMD_Common
2021-04-11 13:10 - 2020-12-20 13:10 - 000000000 ____D C:\ProgramData\Overwolf
2021-04-11 10:28 - 2021-01-15 19:18 - 000000000 ____D C:\Users\tmich\AppData\Local\CrashDumps
2021-04-11 10:27 - 2021-03-05 14:58 - 000000000 ____D C:\Users\tmich\AppData\Roaming\TeamViewer
2021-04-11 10:27 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Local\SquirrelTemp
2021-04-11 10:26 - 2020-12-20 12:58 - 000000000 ____D C:\AMD
2021-04-11 10:24 - 2021-01-05 16:47 - 000000000 ____D C:\Users\tmich\AppData\Roaming\MediaMonkey
2021-04-11 10:19 - 2021-01-13 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2021-04-11 10:19 - 2020-12-20 12:51 - 000000000 ____D C:\ProgramData\Packages
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 __RSD C:\Windows\Media
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\Configuration
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\MUI
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\security
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Registration
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\InputMethod
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Help
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2021-04-11 10:08 - 2020-09-23 07:56 - 000000000 ____D C:\_A-install
2021-04-11 07:48 - 2020-12-20 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-04-11 02:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-11 01:55 - 2021-01-05 22:27 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-09 23:48 - 2021-01-15 19:44 - 000000000 ____D C:\Users\tmich\AppData\Roaming\qBittorrent
2021-04-09 22:56 - 2020-12-20 12:49 - 000000000 ____D C:\Users\tmich
2021-04-09 17:34 - 2021-01-16 15:17 - 000000000 ____D C:\Users\tmich\AppData\Roaming\vlc
2021-04-08 23:37 - 2021-01-07 20:48 - 000000000 ____D C:\Users\tmich\AppData\Local\Google
2021-04-08 23:37 - 2021-01-07 20:48 - 000000000 ____D C:\Program Files\Google
2021-04-08 22:46 - 2021-01-10 21:48 - 000007603 _____ C:\Users\tmich\AppData\Local\Resmon.ResmonCfg
2021-04-08 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\inetsrv
2021-04-08 22:16 - 2019-12-07 11:10 - 000169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2021-04-08 22:16 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngkeyhelper.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2021-04-08 21:26 - 2020-12-20 12:32 - 000553232 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-08 21:23 - 2021-03-01 09:32 - 000000000 ____D C:\Users\tmich\AppData\Local\Battle.net
2021-04-07 20:26 - 2020-12-20 19:45 - 000000000 ____D C:\Program Files\Bandizip
2021-04-04 18:02 - 2021-03-01 19:51 - 000000000 ____D C:\Program Files (x86)\Diablo III
2021-04-04 13:34 - 2021-01-25 16:44 - 000000000 ____D C:\ProgramData\Foxit Software
2021-04-03 16:18 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-04-03 16:17 - 2020-12-20 12:51 - 000000000 ____D C:\Users\tmich\AppData\Local\VirtualStore
2021-04-02 17:33 - 2020-12-20 13:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-02 17:33 - 2020-12-20 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-02 14:27 - 2021-03-01 09:32 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Battle.net
2021-04-02 14:26 - 2021-03-01 09:31 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-03-31 13:10 - 2020-12-20 13:10 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-03-30 23:58 - 2021-01-07 20:48 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-28 21:40 - 2020-12-20 14:25 - 000000000 ____D C:\Users\tmich\AppData\Roaming\obs-studio
2021-03-27 23:04 - 2020-12-20 13:46 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Awesomium
2021-03-27 21:14 - 2021-02-02 19:29 - 000000128 _____ C:\Users\tmich\AppData\Local\PUTTY.RND
2021-03-27 16:26 - 2020-12-20 14:40 - 000003662 _____ C:\Windows\system32\Tasks\ROCCAT DEVICE SERVICE
2021-03-27 16:25 - 2020-12-20 13:04 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-25 21:24 - 2021-02-17 14:36 - 000000000 ____D C:\ESD
2021-03-18 08:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\MUI
2021-03-15 17:26 - 2020-12-20 12:52 - 000003358 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-164066535-651083684-587169521-1001
2021-03-15 17:26 - 2020-12-20 12:52 - 000000000 ___RD C:\Users\tmich\OneDrive
2021-03-15 17:26 - 2020-12-20 12:49 - 000002363 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-14 18:28 - 2020-12-20 12:58 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-14 10:14 - 2021-01-05 14:10 - 000000000 ____D C:\Program Files (x86)\PSPad editor

==================== Files in the root of some directories ========

2021-02-02 19:29 - 2021-03-27 21:14 - 000000128 _____ () C:\Users\tmich\AppData\Local\PUTTY.RND
2021-01-10 21:48 - 2021-04-08 22:46 - 000007603 _____ () C:\Users\tmich\AppData\Local\Resmon.ResmonCfg
2021-04-06 21:29 - 2021-04-06 21:29 - 000017408 _____ () C:\Users\tmich\AppData\Local\WebpageIcons.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#6 Příspěvek od Diallix »

Dal ste tu len log, je nutne urobit krok v mojom predoslom poste.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Re: Preventivní kontrola

#7 Příspěvek od TomGuma »

Ten fix jsem taky udělal.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#8 Příspěvek od Diallix »

Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Re: Preventivní kontrola

#9 Příspěvek od TomGuma »

Omlouvám se blbě jsem to pochopil :).

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-04-2021
Ran by tmich (12-04-2021 11:22:58) Run:1
Running from C:\_A\_viry
Loaded Profiles: tmich
Boot Mode: Normal
==============================================

fixlist content:
*****************

HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Policies\Explorer: []
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\MountPoints2: {f47713aa-8cbf-11eb-bbe8-000c76d3765d} - "F:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {DBC23F70-747A-45FB-BBEA-7C7114C285F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {99900E42-7FF2-4B3F-9151-8578BF93B757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-07] (Google LLC -> Google LLC)
Task: {020A2B72-CCD2-4FE1-8437-E5193F51DEC7} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
Task: {67336725-99FF-4B8E-A9D9-9CB0AE899186} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FF Notifications: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> hxxps://office.mailbox.org
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: {d634138d-c276-4fc8-924b-40a0ea21d284}
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: uBlock0@raymondhill.net
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: treestyletab@piro.sakura.ne.jp
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: @contain-facebook
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: jid1-ZAdIEUB7XOzOJw@jetpack
FF Extension: (New Tab Page) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\pavel.sherbakov@gmail.com.xpi [2021-02-21]
FF Extension: (Facebook Container) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\@contain-facebook.xpi [2021-01-26]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S3 AAErrorPort; C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe [222008 2021-03-27] (Private trade unitary enterprise LST -> Active Anticheat) <==== ATTENTION
FirewallRules: [{8C07F577-31CD-4D95-A4DD-BDE2869A6D1A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [{012A7AAB-9DC6-4142-9FD1-262AA2FE6C9C}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [{D5E4D3A4-D057-41B2-9113-BBA80AC59F58}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F17E5F42-C133-4133-8F5C-633FF069E6A8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{5057B711-A66A-443F-8587-85D0B838F519}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{5E9AE6BA-0592-485B-AE67-BBC1EDAB80C2}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{EF6E1300-9FE4-4DC1-AA32-A022F02CEB4F}] => (Block) D:\Games\Cyberpunk 2077\bin\x64\Cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{B508132C-6190-4F34-B905-C4A41E0EB8A6}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{5172A1B9-171B-42CD-9416-B6147EB9AD4E}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{854B3866-CFA0-4BDB-8698-17045556DB14}] => (Allow) C:\Program Files (x86)\Feem 2018\Feem.exe => No File

EmptyTemp:



*****************

"HKU\S-1-5-21-164066535-651083684-587169521-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAVolume" => removed successfully
"HKU\S-1-5-21-164066535-651083684-587169521-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-164066535-651083684-587169521-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47713aa-8cbf-11eb-bbe8-000c76d3765d} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBC23F70-747A-45FB-BBEA-7C7114C285F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBC23F70-747A-45FB-BBEA-7C7114C285F3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99900E42-7FF2-4B3F-9151-8578BF93B757}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99900E42-7FF2-4B3F-9151-8578BF93B757}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{020A2B72-CCD2-4FE1-8437-E5193F51DEC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{020A2B72-CCD2-4FE1-8437-E5193F51DEC7}" => removed successfully
C:\Windows\System32\Tasks\Overwolf Updater Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67336725-99FF-4B8E-A9D9-9CB0AE899186}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67336725-99FF-4B8E-A9D9-9CB0AE899186}" => removed successfully
C:\Windows\System32\Tasks\ModifyLinkUpdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ModifyLinkUpdate" => removed successfully
"FF Notifications:" => removed successfully
"Firefox NewTabOverride (pavel.sherbakov@gmail.com) " => removed successfully
"Firefox NewTabOverride ({d634138d-c276-4fc8-924b-40a0ea21d284}) " => removed successfully
"Firefox NewTabOverride (uBlock0@raymondhill.net) " => removed successfully
"Firefox NewTabOverride (treestyletab@piro.sakura.ne.jp) " => removed successfully
"Firefox NewTabOverride (@contain-facebook) " => removed successfully
"Firefox NewTabOverride (jid1-ZAdIEUB7XOzOJw@jetpack) " => removed successfully
C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\pavel.sherbakov@gmail.com.xpi => moved successfully
C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\@contain-facebook.xpi => moved successfully
HKLM\System\CurrentControlSet\Services\Nero BackItUp Scheduler 4.0 => removed successfully
Nero BackItUp Scheduler 4.0 => service removed successfully
HKLM\System\CurrentControlSet\Services\AAErrorPort => removed successfully
AAErrorPort => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C07F577-31CD-4D95-A4DD-BDE2869A6D1A}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{012A7AAB-9DC6-4142-9FD1-262AA2FE6C9C}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5E4D3A4-D057-41B2-9113-BBA80AC59F58}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F17E5F42-C133-4133-8F5C-633FF069E6A8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5057B711-A66A-443F-8587-85D0B838F519}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5E9AE6BA-0592-485B-AE67-BBC1EDAB80C2}D:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF6E1300-9FE4-4DC1-AA32-A022F02CEB4F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B508132C-6190-4F34-B905-C4A41E0EB8A6}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5172A1B9-171B-42CD-9416-B6147EB9AD4E}C:\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{854B3866-CFA0-4BDB-8698-17045556DB14}" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19079497 B
Java, Flash, Steam htmlcache => 7705357 B
Windows/system/drivers => 2975360 B
Edge => 922187 B
Chrome => 29667921 B
Firefox => 1179688890 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7358 B
NetworkService => 376816 B
tmich => 15838362269 B

RecycleBin => 0 B
EmptyTemp: => 15.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End 3 Fixlog 11:41:27 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#10 Příspěvek od Diallix »

Ok, teraz poprosim o nove logy FRST a ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Re: Preventivní kontrola

#11 Příspěvek od TomGuma »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2021
Ran by tmich (administrator) on GUMA-PC (ASUS System Product Name) (12-04-2021 12:06:28)
Running from C:\_A\_viry
Loaded Profiles: tmich
Platform: Windows 10 Pro Version 2004 19041.867 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\_A-install\DS4Windows\DS4Windows.exe
() [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe <2>
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(AgileBits Inc. -> AgileBits Inc.) C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe
(Alexander Drozdov) [File not signed] C:\_A\Awakened_PoE_trade\Awakened PoE Trade.exe <4>
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe <3>
(Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Discord Inc. -> Discord Inc.) C:\Users\tmich\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(DTS, Inc. -> ) C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Jan Fiala -> Jan Fiala) C:\Program Files\PSPad editor\PSPad.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe
(Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\tmich\AppData\Local\WhatsApp\app-2.2112.10\WhatsApp.exe <7>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1081648 2020-12-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17361016 2016-12-20] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1747288 2021-03-18] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [1Password] => C:\Users\tmich\AppData\Local\1Password\app\7\1Password.exe [5230928 2021-03-02] (AgileBits Inc. -> AgileBits Inc.)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3543040 2010-12-18] () [File not signed]
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3543040 2010-12-18] () [File not signed]
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Discord] => C:\Users\tmich\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-03-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [MicrosoftEdgeAutoLaunch_7C9F3DBE991B4048ADEFE2CEE58B766A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408920 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\tmich\AppData\Local\WhatsApp\Update.exe [2252496 2021-04-11] (WhatsApp, Inc -> )
HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50041472 2021-03-12] (Google LLC -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2020-12-20]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (Voyetra Turtle Beach, Inc. -> ROCCAT)
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Awakened PoE Trade.exe.lnk [2021-03-27]
ShortcutTarget: Awakened PoE Trade.exe.lnk -> C:\_A\Awakened_PoE_trade\Awakened PoE Trade.exe (Alexander Drozdov) [File not signed]
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2021-01-13]
ShortcutTarget: DS4Windows.lnk -> C:\_A-install\DS4Windows\DS4Windows.exe () [File not signed]
Startup: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run_TradeMacro.ahk.lnk [2021-03-27]
ShortcutTarget: Run_TradeMacro.ahk.lnk -> C:\_A\POE-TradeMacro-2.16.0\Run_TradeMacro.ahk () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D5E823-9ADD-41A1-A777-6DF626BCA51A} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe [442888 2021-03-23] (Voyetra Turtle Beach, Inc. -> ROCCAT)
Task: {1F3C0F22-55C5-445E-B992-0E6FF219D9E0} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {317A70FE-85E7-4B99-B2EE-550DFF78EBBA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42A5A59A-B840-47AE-8D2D-97515F2520BA} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {4CAFE648-8F64-4F4B-BD1D-29FC43BA6920} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {53C318F8-C650-4F75-BAF5-FAFBBABA71B4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7E34C87C-D6B5-477F-90E1-CE120B94D863} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FB138F1-C1B4-475F-8226-FFDDB584216A} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {EA162B7C-690D-47FA-BF15-19DE4C4F5A67} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F8F52676-1157-437C-B818-A107870BC5C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{09e40924-e54f-45bd-a297-3536945039e0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9b3c903f-8dcb-43a1-a014-f0235f3c298d}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-12]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Outlook) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-05]
Edge Extension: (lock) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2021-04-01]
Edge Extension: (tabXpert - session and tab manager) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbhfliieaebpiaocbfkhnpmmacakjeko [2021-04-08]
Edge Extension: (Word) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-05]
Edge Extension: (Excel) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-05]
Edge Extension: (Clean Master: Nejlepší Cleaner pro mezipaměť Edge) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlcebdoehkdiojeahkofcfnolkleembf [2021-01-19]
Edge Extension: (PowerPoint) - C:\Users\tmich\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-05]

FireFox:
========
FF DefaultProfile: 6e3f4ela.default
FF ProfilePath: C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\6e3f4ela.default [2021-04-12]
FF ProfilePath: C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release [2021-04-12]
FF Session Restore: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: {d634138d-c276-4fc8-924b-40a0ea21d284}
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: uBlock0@raymondhill.net
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: treestyletab@piro.sakura.ne.jp
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: jid1-ZAdIEUB7XOzOJw@jetpack
FF Extension: (Clear Cache) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\clearcache@michel.de.almeida.xpi [2021-01-03]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\fvdmedia@gmail.com.xpi [2021-01-03]
FF Extension: (Terms of Service; Didn’t Read) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\jid0-3GUEt1r69sQNSrca5p8kx9Ezc3U@jetpack.xpi [2021-03-29]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-04-08]
FF Extension: (Tab Session Manager) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\Tab-Session-Manager@sienori.xpi [2021-04-09]
FF Extension: (Tree Style Tab) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2021-03-31]
FF Extension: (uBlock Origin) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-03-14]
FF Extension: (Přeložit webové stránky) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2021-04-05]
FF Extension: (1Password – Password Manager) - C:\Users\tmich\AppData\Roaming\Mozilla\Firefox\Profiles\7wgx7v3p.default-release\Extensions\{d634138d-c276-4fc8-924b-40a0ea21d284}.xpi [2021-03-31]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default [2021-04-12]
CHR Extension: (Prezentace) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-07]
CHR Extension: (Dokumenty) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-07]
CHR Extension: (Disk Google) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-07]
CHR Extension: (YouTube) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-07]
CHR Extension: (Tabulky) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-27]
CHR Extension: (Gmail) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\tmich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-27]
CHR HKU\S-1-5-21-164066535-651083684-587169521-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-03-04] (Autodesk, Inc. -> Autodesk Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [838760 2021-04-12] (ASUSTeK Computer Inc. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4816728 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DTSAPO3Service; C:\Windows\System32\DTS\PC\APO3x\DTSAPO3Service.exe [222104 2020-12-20] (DTS, Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2021-01-13] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 FoxitReaderUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitReaderUpdateService.exe [2356800 2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-20] (Logitech Inc -> Logitech Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-12-20] (Logitech Inc -> Logitech Inc.)
R1 ndextlag; C:\Windows\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 PRProt; \??\C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-11 22:41 - 2021-04-11 22:45 - 000000000 ____D C:\AdwCleaner
2021-04-11 10:39 - 2021-04-11 10:43 - 000000000 ____D C:\Windows\AppReadiness
2021-04-11 10:39 - 2021-04-11 10:39 - 000000000 ____D C:\Windows\Panther
2021-04-10 14:22 - 2021-04-10 15:10 - 000000000 ____D C:\Users\tmich\AppData\Roaming\balena-etcher
2021-04-10 14:22 - 2021-04-10 14:22 - 000002458 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk
2021-04-10 14:22 - 2021-04-10 14:22 - 000000000 ____D C:\Users\tmich\AppData\Local\balena-etcher-updater
2021-04-09 23:53 - 2021-04-09 23:53 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-04-09 23:47 - 2021-04-09 23:47 - 000000000 ____D C:\ProgramData\Apple
2021-04-09 23:47 - 2021-04-09 23:47 - 000000000 ____D C:\Program Files\Bonjour
2021-04-09 23:47 - 2021-04-09 23:47 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-04-09 22:56 - 2021-04-09 22:56 - 000000000 ____D C:\Users\tmich\Nová složka
2021-04-09 22:44 - 2020-12-08 00:00 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUDCPEPM0.sys
2021-04-09 22:40 - 2021-04-09 22:40 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-04-09 22:40 - 2020-12-08 00:00 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUDCPEPM.sys
2021-04-09 22:40 - 2020-02-23 14:54 - 000085424 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUDCPEPM.sys.0
2021-04-09 22:40 - 2020-02-23 14:54 - 000033712 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUEDKEPM.sys
2021-04-09 22:00 - 2021-04-09 22:00 - 000000000 ____D C:\Users\tmich\AppData\Local\Paragon
2021-04-09 21:58 - 2021-04-09 21:58 - 000000000 ____D C:\ProgramData\Paragon Software
2021-04-09 21:57 - 2021-04-09 21:57 - 000000000 ____D C:\ProgramData\Paragon
2021-04-09 21:57 - 2021-04-09 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Manager 17 Advanced
2021-04-09 21:57 - 2021-04-09 21:57 - 000000000 ____D C:\Program Files\Paragon Software
2021-04-09 19:56 - 2021-04-09 19:56 - 000000000 ____D C:\Users\tmich\AppData\Roaming\MiniTool ShadowMaker
2021-04-09 19:56 - 2021-04-09 19:56 - 000000000 ____D C:\Users\tmich\AppData\Local\MiniTool ShadowMaker
2021-04-09 19:55 - 2021-04-09 19:57 - 000000000 ____D C:\Users\tmich\AppData\Roaming\QtProject
2021-04-09 19:54 - 2019-11-08 10:15 - 003600896 _____ C:\Windows\system32\pwNative.exe
2021-04-09 19:54 - 2019-11-08 10:15 - 000019152 _____ C:\Windows\system32\pwdrvio.sys
2021-04-09 19:54 - 2019-11-08 10:15 - 000012504 _____ C:\Windows\system32\pwdspio.sys
2021-04-09 12:59 - 2021-04-12 12:06 - 000000000 ____D C:\FRST
2021-04-08 23:37 - 2021-04-08 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-04-08 22:43 - 2021-04-11 10:27 - 000000000 ____D C:\ProgramData\FLEXnet
2021-04-08 22:16 - 2021-04-08 23:08 - 000000000 ____D C:\inetpub
2021-04-08 22:16 - 2021-04-08 22:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2021-04-08 22:16 - 2021-04-08 22:16 - 000000000 ____D C:\Windows\system32\BestPractices
2021-04-08 20:55 - 2021-04-08 22:43 - 000000000 ____D C:\Users\tmich\AppData\Local\Autodesk
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap Photo
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2019 - English
2021-04-08 20:55 - 2021-04-08 20:55 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-04-08 20:54 - 2021-04-08 22:43 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Autodesk
2021-04-08 20:54 - 2021-04-08 20:55 - 000000000 ____D C:\Program Files\Autodesk
2021-04-08 20:54 - 2021-04-08 20:54 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2021-04-08 20:54 - 2021-04-08 20:54 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2021-04-08 20:53 - 2021-04-08 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2021-04-08 20:42 - 2021-04-12 11:45 - 000000000 ____D C:\ProgramData\Autodesk
2021-04-08 12:22 - 2021-04-08 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-04-08 12:22 - 2021-04-08 12:22 - 000000000 ____D C:\Program Files\qBittorrent
2021-04-06 21:38 - 2021-04-08 16:00 - 000000000 ____D C:\Users\tmich\AppData\Roaming\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\ProgramData\AirDroid
2021-04-06 21:38 - 2021-04-06 21:38 - 000000000 ____D C:\Program Files (x86)\AirDroid
2021-04-06 21:29 - 2021-04-06 21:30 - 000000000 ____D C:\Users\tmich\AppData\Roaming\FeePerfect
2021-04-06 21:29 - 2021-04-06 21:29 - 000017408 _____ C:\Users\tmich\AppData\Local\WebpageIcons.db
2021-04-06 21:29 - 2021-04-06 21:29 - 000000000 ____D C:\Users\tmich\AppData\Local\LocalStorage
2021-04-04 13:34 - 2021-04-04 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-04-03 16:50 - 2021-04-07 20:57 - 000000000 ____D C:\Games
2021-04-03 16:31 - 2021-04-03 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2021-04-03 16:17 - 2021-04-11 10:19 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-03 16:17 - 2021-04-03 16:17 - 000002114 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2021-04-03 16:17 - 2021-04-03 16:17 - 000000266 _____ C:\nsispromotion_log.txt
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\Users\tmich\AppData\Roaming\GRETECH
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\ProgramData\GRETECH
2021-04-03 16:17 - 2021-04-03 16:17 - 000000000 ____D C:\Program Files (x86)\GOM
2021-04-03 16:06 - 2021-04-03 16:06 - 000000000 ____D C:\Users\tmich\AppData\Local\CD Projekt Red
2021-04-03 16:05 - 2021-04-03 16:05 - 000000000 ____D C:\Users\tmich\AppData\Local\REDEngine
2021-04-03 16:05 - 2021-04-03 16:05 - 000000000 ____D C:\Users\tmich\AppData\Local\GOG.com
2021-04-02 17:02 - 2021-04-04 13:34 - 000000000 ____D C:\Program Files\DAUM
2021-04-02 17:02 - 2021-04-02 17:02 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Daum
2021-03-30 17:16 - 2021-03-30 17:16 - 000000191 _____ C:\Windows\ODBCINST.INI
2021-03-30 17:16 - 2021-03-30 17:16 - 000000145 _____ C:\Windows\ODBC.INI
2021-03-30 17:16 - 2021-03-30 17:16 - 000000000 ____D C:\zksoft
2021-03-30 17:16 - 2021-03-30 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZK Soft
2021-03-30 17:16 - 2010-01-12 07:57 - 000600064 _____ (Christian Werner Software & Consulting) C:\Windows\SysWOW64\sqlite3odbc.dll
2021-03-27 12:07 - 2021-04-10 21:05 - 000007290 _____ C:\Windows\diagwrn.xml
2021-03-27 12:07 - 2021-04-10 21:05 - 000003813 _____ C:\Windows\diagerr.xml
2021-03-27 11:05 - 2021-03-27 11:05 - 000000000 ____D C:\Program Files (x86)\CryptSignX_2_3_21113_0
2021-03-27 11:03 - 2021-03-27 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePodpisFS-x86
2021-03-27 11:03 - 2021-03-27 11:03 - 000000000 ____D C:\Program Files (x86)\ePodpisFS
2021-03-25 22:44 - 2021-03-26 20:40 - 000000000 ____D C:\Program Files\NTLite
2021-03-25 22:44 - 2021-03-25 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite
2021-03-25 22:42 - 2021-03-25 22:43 - 000000000 ____D C:\Program Files (x86)\nLite
2021-03-25 21:53 - 2021-03-25 22:08 - 000000000 ____D C:\Users\tmich\AppData\Roaming\ImgBurn
2021-03-25 21:53 - 2021-03-25 21:53 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2021-03-25 21:53 - 2021-03-25 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2021-03-25 21:53 - 2021-03-25 21:53 - 000000000 ____D C:\Program Files (x86)\ImgBurn
2021-03-25 21:46 - 2021-03-25 21:46 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DAEMON Tools Lite
2021-03-25 21:46 - 2021-03-25 21:46 - 000000000 ____D C:\Users\tmich\AppData\Local\Disc_Soft_Ltd
2021-03-25 21:45 - 2021-03-25 21:45 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2021-03-25 21:45 - 2021-03-25 21:45 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Disc-Soft
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-03-25 21:45 - 2021-03-25 21:45 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2021-03-25 21:36 - 2021-03-25 21:40 - 000000000 ____D C:\ProgramData\Ashampoo
2021-03-25 21:36 - 2021-03-25 21:36 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Ashampoo
2021-03-25 21:36 - 2021-03-25 21:36 - 000000000 ____D C:\Users\tmich\AppData\Local\ashampoo
2021-03-25 21:31 - 2021-04-11 10:26 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DeepBurner
2021-03-25 21:24 - 2021-03-25 21:44 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Nero
2021-03-25 21:06 - 2021-03-25 21:06 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Macromedia
2021-03-21 15:04 - 2021-04-12 10:44 - 000004190 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{A981721F-F867-4356-8DE0-29F20C936AD0}
2021-03-19 11:03 - 2021-04-12 11:45 - 000000000 ____D C:\Users\tmich\AppData\Roaming\awakened-poe-trade
2021-03-19 11:03 - 2021-03-19 11:03 - 000001879 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakened PoE Trade.lnk
2021-03-19 11:03 - 2021-03-19 11:03 - 000000000 ____D C:\Users\tmich\AppData\Local\awakened-poe-trade-updater
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\Windows\ShellNew
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2021-03-19 10:50 - 2021-03-19 10:50 - 000000000 ____D C:\Program Files\AutoHotkey
2021-03-18 08:24 - 2021-03-18 08:26 - 000000000 ____D C:\Users\tmich\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2021-03-18 08:24 - 2021-03-18 08:24 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files\MSBuild
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-03-18 08:23 - 2021-03-18 08:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-03-15 18:44 - 2021-03-15 18:44 - 000001259 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Path of Building.lnk
2021-03-14 18:33 - 2021-03-14 18:33 - 000001484 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-03-14 18:28 - 2021-03-14 18:28 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2021-03-14 18:28 - 2021-03-14 18:28 - 000000000 ____D C:\Users\tmich\AppData\Local\4kdownload.com
2021-03-14 18:28 - 2021-03-14 18:28 - 000000000 ____D C:\Program Files\4KDownload
2021-03-14 10:13 - 2021-04-03 16:31 - 000000000 ____D C:\Program Files\PSPad editor

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-12 11:57 - 2021-02-11 12:38 - 000000000 ____D C:\Users\tmich\AppData\Roaming\WhatsApp
2021-04-12 11:54 - 2020-12-20 13:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-12 11:53 - 2020-12-20 13:04 - 000000000 ____D C:\Users\tmich\AppData\LocalLow\Mozilla
2021-04-12 11:49 - 2020-12-20 12:38 - 001694140 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-12 11:49 - 2019-12-07 16:43 - 000717008 _____ C:\Windows\system32\perfh005.dat
2021-04-12 11:49 - 2019-12-07 16:43 - 000145186 _____ C:\Windows\system32\perfc005.dat
2021-04-12 11:49 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-04-12 11:46 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Roaming\discord
2021-04-12 11:45 - 2021-01-13 14:34 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-12 11:45 - 2021-01-13 14:27 - 000000000 ____D C:\Users\tmich\AppData\Roaming\DS4Windows
2021-04-12 11:45 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Local\Discord
2021-04-12 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-12 11:42 - 2021-03-05 14:58 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-12 11:42 - 2021-01-07 21:22 - 000003126 _____ C:\Windows\system32\Tasks\MSIAfterburner
2021-04-12 11:42 - 2020-12-20 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-12 11:42 - 2020-12-20 12:32 - 000877320 _____ C:\Windows\system32\wpbbin.exe
2021-04-12 11:42 - 2020-12-20 12:32 - 000838760 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-04-12 11:42 - 2020-12-20 12:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-12 11:42 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-04-12 11:07 - 2020-12-20 13:05 - 000003110 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2021-04-12 11:07 - 2020-12-20 13:04 - 000003094 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2021-04-12 10:56 - 2020-12-20 12:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-04-11 22:53 - 2021-01-05 14:10 - 000000000 ____D C:\Users\tmich\AppData\Roaming\PSpad
2021-04-11 22:53 - 2020-12-20 13:09 - 000000000 ____D C:\_A
2021-04-11 22:43 - 2020-12-20 13:04 - 000000000 ____D C:\Users\tmich\AppData\Local\D3DSCache
2021-04-11 22:25 - 2021-02-11 12:38 - 000000000 ____D C:\Users\tmich\AppData\Local\WhatsApp
2021-04-11 15:59 - 2020-12-20 13:01 - 000000000 ____D C:\Users\tmich\AppData\Local\AMD_Common
2021-04-11 13:10 - 2020-12-20 13:10 - 000000000 ____D C:\ProgramData\Overwolf
2021-04-11 10:28 - 2021-01-15 19:18 - 000000000 ____D C:\Users\tmich\AppData\Local\CrashDumps
2021-04-11 10:27 - 2021-03-05 14:58 - 000000000 ____D C:\Users\tmich\AppData\Roaming\TeamViewer
2021-04-11 10:27 - 2020-12-20 15:36 - 000000000 ____D C:\Users\tmich\AppData\Local\SquirrelTemp
2021-04-11 10:26 - 2020-12-20 12:58 - 000000000 ____D C:\AMD
2021-04-11 10:24 - 2021-01-05 16:47 - 000000000 ____D C:\Users\tmich\AppData\Roaming\MediaMonkey
2021-04-11 10:19 - 2021-01-13 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2021-04-11 10:19 - 2020-12-20 12:51 - 000000000 ____D C:\ProgramData\Packages
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 __RSD C:\Windows\Media
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\Configuration
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\MUI
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\security
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Registration
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\InputMethod
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Help
2021-04-11 10:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2021-04-11 10:08 - 2020-09-23 07:56 - 000000000 ____D C:\_A-install
2021-04-11 07:48 - 2020-12-20 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-04-11 02:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-11 01:55 - 2021-01-05 22:27 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-09 23:48 - 2021-01-15 19:44 - 000000000 ____D C:\Users\tmich\AppData\Roaming\qBittorrent
2021-04-09 22:56 - 2020-12-20 12:49 - 000000000 ____D C:\Users\tmich
2021-04-09 17:34 - 2021-01-16 15:17 - 000000000 ____D C:\Users\tmich\AppData\Roaming\vlc
2021-04-08 23:37 - 2021-01-07 20:48 - 000000000 ____D C:\Users\tmich\AppData\Local\Google
2021-04-08 23:37 - 2021-01-07 20:48 - 000000000 ____D C:\Program Files\Google
2021-04-08 22:46 - 2021-01-10 21:48 - 000007603 _____ C:\Users\tmich\AppData\Local\Resmon.ResmonCfg
2021-04-08 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\inetsrv
2021-04-08 22:16 - 2019-12-07 11:10 - 000169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2021-04-08 22:16 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngkeyhelper.dll
2021-04-08 22:16 - 2019-12-07 11:10 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2021-04-08 21:26 - 2020-12-20 12:32 - 000553232 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-08 21:23 - 2021-03-01 09:32 - 000000000 ____D C:\Users\tmich\AppData\Local\Battle.net
2021-04-07 20:26 - 2020-12-20 19:45 - 000000000 ____D C:\Program Files\Bandizip
2021-04-04 18:02 - 2021-03-01 19:51 - 000000000 ____D C:\Program Files (x86)\Diablo III
2021-04-04 13:34 - 2021-01-25 16:44 - 000000000 ____D C:\ProgramData\Foxit Software
2021-04-03 16:18 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-04-03 16:17 - 2020-12-20 12:51 - 000000000 ____D C:\Users\tmich\AppData\Local\VirtualStore
2021-04-02 17:33 - 2020-12-20 13:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-02 17:33 - 2020-12-20 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-02 14:27 - 2021-03-01 09:32 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Battle.net
2021-04-02 14:26 - 2021-03-01 09:31 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-03-31 13:10 - 2020-12-20 13:10 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-03-30 23:58 - 2021-01-07 20:48 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-28 21:40 - 2020-12-20 14:25 - 000000000 ____D C:\Users\tmich\AppData\Roaming\obs-studio
2021-03-27 23:04 - 2020-12-20 13:46 - 000000000 ____D C:\Users\tmich\AppData\Roaming\Awesomium
2021-03-27 21:14 - 2021-02-02 19:29 - 000000128 _____ C:\Users\tmich\AppData\Local\PUTTY.RND
2021-03-27 16:26 - 2020-12-20 14:40 - 000003662 _____ C:\Windows\system32\Tasks\ROCCAT DEVICE SERVICE
2021-03-27 16:25 - 2020-12-20 13:04 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-25 21:24 - 2021-02-17 14:36 - 000000000 ____D C:\ESD
2021-03-18 08:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\MUI
2021-03-15 17:26 - 2020-12-20 12:52 - 000003358 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-164066535-651083684-587169521-1001
2021-03-15 17:26 - 2020-12-20 12:52 - 000000000 ___RD C:\Users\tmich\OneDrive
2021-03-15 17:26 - 2020-12-20 12:49 - 000002363 _____ C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-14 18:28 - 2020-12-20 12:58 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-14 10:14 - 2021-01-05 14:10 - 000000000 ____D C:\Program Files (x86)\PSPad editor

==================== Files in the root of some directories ========

2021-02-02 19:29 - 2021-03-27 21:14 - 000000128 _____ () C:\Users\tmich\AppData\Local\PUTTY.RND
2021-01-10 21:48 - 2021-04-08 22:46 - 000007603 _____ () C:\Users\tmich\AppData\Local\Resmon.ResmonCfg
2021-04-06 21:29 - 2021-04-06 21:29 - 000017408 _____ () C:\Users\tmich\AppData\Local\WebpageIcons.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2021
Ran by tmich (12-04-2021 12:07:11)
Running from C:\_A\_viry
Windows 10 Pro Version 2004 19041.867 (X64) (2020-12-20 10:34:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-164066535-651083684-587169521-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-164066535-651083684-587169521-503 - Limited - Disabled)
ftp_user (S-1-5-21-164066535-651083684-587169521-1002 - Limited - Enabled)
Guest (S-1-5-21-164066535-651083684-587169521-501 - Limited - Enabled)
tmich (S-1-5-21-164066535-651083684-587169521-1001 - Administrator - Enabled) => C:\Users\tmich
WDAGUtilityAccount (S-1-5-21-164066535-651083684-587169521-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\1Password) (Version: 7.6.793 - AgileBits Inc.)
4K Video Downloader (HKLM\...\{324530FC-5511-4D31-95D2-92BFB823F16F}) (Version: 4.15.0.4160 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{6f4880c8-b3c8-48f7-9f1d-ccbd16680059}) (Version: 4.15.0.4160 - Open Media LLC)
AirDroid 3.6.9.1 (HKLM-x32\...\AirDroid) (Version: 3.6.9.1 - Sand Studio)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{4fedae1b-6980-4848-9ba0-229c946a3dac}) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.) Hidden
AutoCAD 2019 - English (HKLM\...\{28B89EEF-2001-0409-2102-CF3F3A09B77D}) (Version: 23.0.46.0 - Autodesk) Hidden
Autodesk App Manager 2016-2019 (HKLM-x32\...\{C1BF29A7-2D9E-4E8D-A3C1-02F6B20B8AB7}) (Version: 2.5.0 - Autodesk)
Autodesk AutoCAD 2019 - English (HKLM\...\AutoCAD 2019 - English) (Version: 23.0.46.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.3.0 (HKLM-x32\...\{448BC38C-2654-48CD-BB43-F59A37854A3E}) (Version: 1.3.0.0 - Autodesk)
Autodesk Material Library 2019 (HKLM-x32\...\{8F69EE2C-DC34-4746-9B47-7511147BD4B0}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{3AAA4C1B-51DA-487D-81A3-4234DBB9A8F9}) (Version: 17.11.3.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 5.0.0.40 - Autodesk)
Autodesk ReCap Photo (HKLM\...\Autodesk ReCap Photo) (Version: 19.0.0.38 - Autodesk)
AutoHotkey 1.1.33.06 (HKLM\...\AutoHotkey) (Version: 1.1.33.06 - Lexikos)
Awakened PoE Trade 2.9.1 (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\2ea281da-028b-5d55-b26e-53163c89344a) (Version: 2.9.1 - Alexander Drozdov)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
balenaEtcher 1.5.116 (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.116 - Balena Inc.)
Bandicut (HKLM-x32\...\Bandicut) (Version: 3.6.2.647 - Bandicam.com)
Bandizip (HKLM\...\Bandizip) (Version: 7.16 - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
CryptSignX verze 2.3.21113.0 (HKLM-x32\...\CryptSignX verze 2.3.21113.0) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1728 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
ePodpisFS-x86 (HKLM-x32\...\{A3B9DFF0-4BC3-4578-9BB8-AAA16B26E65F}_is1) (Version: 10.0.0.0 - )
Excel (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
ExitLag version 4 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4 - ExitLag)
FARO LS 1.1.700.0 (64bit) (HKLM-x32\...\{FF6E9382-0B85-48DE-888F-76EFD9A87038}) (Version: 7.0.0.23 - FARO Scanner Production)
FileZilla Client 3.52.2 (HKLM-x32\...\FileZilla Client) (Version: 3.52.2 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.3.37598 - Foxit Software Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.63.5327 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView 4.56 (64-bit) (HKLM\...\IrfanView64) (Version: 4.56 - Irfan Skiljan)
LibreOffice 7.0.4.2 (HKLM\...\{B3171B83-4945-43E0-A101-841638C05506}) (Version: 7.0.4.2 - The Document Foundation)
Logitech Gaming Software 8.90 (HKLM\...\Logitech Gaming Software) (Version: 8.90.117 - Logitech Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.75 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 84.0 - Mozilla)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NTLite v2.0.0.7820 (HKLM\...\NTLite_is1) (Version: 2.0.0.7820 - Nlitesoft)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.0 - OBS Project)
Outlook (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.168.0.12 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
Paragon Hard Disk Manager™ 17 Advanced (HKLM\...\{BBF7865E-03E3-4153-A16F-C8337D53EC4F}) (Version: 17.2.3.4220 - Paragon Software) Hidden
Path of Exile (HKLM-x32\...\{8ea0099b-19fe-40fd-815b-b8e06a36e078}) (Version: 3.13.1.38812 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.13.1.38812 - Grinding Gear Games) Hidden
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.1.0.68 - Autodesk)
PowerPoint (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
PSPad editor (64bitový) (HKLM\...\PSPad editor_is1) (Version: 5.0.5.567 - Jan Fiala)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.582 - Jan Fiala)
PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham)
qBittorrent 4.3.4.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.4.1 - The qBittorrent project)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8971.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.42.526.2020 - Realtek)
RivaTuner Statistics Server 7.3.0 (HKLM-x32\...\RTSS) (Version: 7.3.0 - Unwinder)
ROCCAT Swarm (HKLM-x32\...\{9D12397F-45AF-4517-B492-1D1E2FA475EE}) (Version: 1.93.880 - ROCCAT GmbH) Hidden
ROCCAT Swarm (HKLM-x32\...\InstallShield_{9D12397F-45AF-4517-B492-1D1E2FA475EE}) (Version: 1.93.880 - ROCCAT GmbH)
Speciální aplikace Autodesk 2016-2019 (HKLM-x32\...\{79F5747D-A961-4CCD-88B0-41F004D79AEB}) (Version: 2.5.0 - Autodesk)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamSpeak Overlay (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Telegram Desktop version 2.7.1 (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.1 - Telegram FZ-LLC)
Tvůrce spouštěcích médií Acronis Universal Restore (HKLM-x32\...\{E29C506D-00CF-47AF-929F-3FA22A1FE97D}) (Version: 11.7.40263 - Acronis)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WhatsApp (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\WhatsApp) (Version: 2.2112.10 - WhatsApp)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Word (HKU\S-1-5-21-164066535-651083684-587169521-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
X7 Oscar Keyboard Editor (HKLM-x32\...\{AB363F8A-FE88-4188-9D4F-B9014989A7E7}) (Version: 10.12.0003 - A4TECH) Hidden
X7 Oscar Keyboard Editor (HKLM-x32\...\InstallShield_{AB363F8A-FE88-4188-9D4F-B9014989A7E7}) (Version: 10.12.0003 - A4TECH)
ZK Skladové hospodářství v.2.63 Mini (HKLM-x32\...\{49BE3A63-4D65-4005-97E9-1F113B9383E4}_is1) (Version: - ZK Soft)

Packages:
=========
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_35.2.12.6_x64__adky2gkssdxte [2021-03-12] (Adobe Systems Incorporated)
DTS Custom for Asus -> C:\Program Files\WindowsApps\DTSInc.DTSCustomforAsus_2.1.1.0_x64__t5j2fzbtdg37r [2020-12-20] (DTS, Inc.)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne [2021-02-21] (File-New-Project) [Startup Task]
Kurzový lístek free -> C:\Program Files\WindowsApps\9004Filipehok.Kurzovlstekfree_4.5.1.0_x64__9395n12vvdcne [2021-02-03] (Filip Řehořík) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-28] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.221.0_x64__dt26b99r8h8gj [2020-12-20] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0 [2021-03-05] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{4AC6DFE1-607B-45B2-B289-D7FBCD44169C}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl.x64.dll (Bandisoft -> Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{74D0CE91-F931-4FAC-BEA9-EE32E43EAD37}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2019\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2019\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-164066535-651083684-587169521-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2019-08-19] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2019-08-19] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-03-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2020-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers1_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers1_S-1-5-21-164066535-651083684-587169521-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]
ContextMenuHandlers2_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers4_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)
ContextMenuHandlers5_S-1-5-21-164066535-651083684-587169521-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl.x64.dll [2021-04-05] (Bandisoft -> Bandisoft.com)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\tmich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2021-04-12 11:45 - 2021-04-12 11:45 - 000573440 _____ () [File not signed] \\?\C:\Users\tmich\AppData\Local\Temp\21f4a873-9f86-47f8-970f-94b2a613dca3.tmp.node
2021-04-12 11:45 - 2021-04-12 11:45 - 000180736 _____ () [File not signed] \\?\C:\Users\tmich\AppData\Local\Temp\a3014041-fd4b-4bef-aea0-02c8122a639d.tmp.node
2021-04-12 11:45 - 2021-04-12 11:45 - 000148992 _____ () [File not signed] \\?\C:\Users\tmich\AppData\Local\Temp\aa2493cb-580d-4251-ba71-e3ab086ad83e.tmp.node
2021-03-19 11:03 - 2021-01-31 10:08 - 002824192 _____ () [File not signed] C:\_A\Awakened_PoE_trade\ffmpeg.dll
2021-03-19 11:03 - 2021-01-31 10:08 - 000471552 _____ () [File not signed] C:\_A\Awakened_PoE_trade\swiftshader\libegl.dll
2021-03-19 11:03 - 2021-01-31 10:08 - 003246592 _____ () [File not signed] C:\_A\Awakened_PoE_trade\swiftshader\libglesv2.dll
2019-10-26 13:04 - 2019-10-26 13:04 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-10-26 13:04 - 2019-10-26 13:04 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-10-26 13:03 - 2019-10-26 13:03 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2021-02-27 12:49 - 2021-02-27 12:49 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2021-02-27 12:50 - 2021-02-27 12:50 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2021-02-27 12:50 - 2021-02-27 12:50 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2020-09-11 12:55 - 2021-03-19 08:13 - 000643584 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\aimo.dll
2015-12-29 07:25 - 2015-12-29 00:25 - 000120334 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libgcc_s_dw2-1.dll
2015-12-29 07:25 - 2015-12-29 00:25 - 001540622 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libstdc++-6.dll
2019-10-24 12:16 - 2020-11-30 07:59 - 007523840 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\resource.dll
2010-12-03 15:43 - 2010-12-03 15:43 - 000943104 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\KeySettingRemind\KeySettingRemind.dll
2010-12-02 18:56 - 2010-12-02 18:56 - 000815104 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\OSD_Text\OSD_Text.dll
2010-12-02 20:29 - 2010-12-02 20:29 - 000900608 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\ProfileHint\ProfileHint.dll
2010-12-02 21:01 - 2010-12-02 21:01 - 000994304 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-11-01 21:16 - 2010-11-01 21:16 - 000062976 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-09-20 15:19 - 2010-09-20 15:19 - 000062976 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-10-11 11:13 - 2010-10-11 11:13 - 000087040 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_MouseDeviceManager.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 000054272 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ScrollbarControl.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 000085504 _____ () [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ZoomControl.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 000114176 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_ctypes.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000172544 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_elementtree.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 002255872 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_hashlib.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000032256 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_multiprocessing.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000046080 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_psutil_windows.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000047616 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_socket.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 002824704 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_ssl.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000026112 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\_yappi.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000080896 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\bz2.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000015872 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\common.time34.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000007680 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\hashobjs_ext.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000301568 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\PIL._imaging.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000168448 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\pyexpat.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 001084416 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\pysqlite2._sqlite.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000548864 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\pythoncom27.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 000137728 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\pywintypes27.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 000010752 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\select.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000020992 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\thumbnails_ext.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000689664 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\unicodedata.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000119808 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\usb_ext.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000128512 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32api.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000438784 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32com.shell.shell.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000011776 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32crypt.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000023040 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32event.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000149504 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32file.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000223232 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32gui.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000048128 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32inet.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000029696 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32pdh.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000027648 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32pipe.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000044032 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32process.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000020480 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32profile.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000136192 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32security.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000026624 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\win32ts.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000034304 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\windows.conditional.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000037888 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\windows.connectivity.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000071680 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\windows.device_monitor.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000103936 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\windows.volumes.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000019968 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\windows.winwrap.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 001325056 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wx._controls_.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 001489408 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wx._core_.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 001007104 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wx._gdi_.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000103424 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wx._html2.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 000916992 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wx._misc_.pyd
2021-04-12 11:45 - 2021-04-12 11:45 - 001039872 _____ () [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wx._windows_.pyd
2020-12-04 07:51 - 2020-12-04 07:51 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2009-11-24 07:04 - 2009-11-24 07:04 - 001141248 _____ (Embarcadero Technologies Inc.) [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\CC32100MT.DLL
2009-11-03 07:02 - 2009-11-03 07:02 - 000040448 _____ (Embarcadero Technologies, Inc.) [File not signed] C:\Program Files (x86)\X7 Oscar Keyboard Editor\BORLNDMM.DLL
2015-12-29 07:25 - 2015-12-29 00:25 - 000079360 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libwinpthread-1.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\python27.dll
2015-12-29 07:52 - 2015-12-29 00:52 - 002177536 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\LIBEAY32.dll
2015-12-29 07:52 - 2015-12-29 00:52 - 000462336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ssleay32.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000058880 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qdds.dll
2016-06-10 16:32 - 2016-06-10 09:32 - 000033792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qgif.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000046592 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qicns.dll
2016-06-10 16:33 - 2016-06-10 09:33 - 000036352 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qico.dll
2016-06-10 16:32 - 2016-06-10 09:32 - 000258560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qjpeg.dll
2016-06-11 02:51 - 2016-06-10 19:51 - 000028672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qsvg.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000028672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qtga.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000495616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qtiff.dll
2016-06-11 03:15 - 2016-06-10 20:15 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qwbmp.dll
2016-06-11 03:16 - 2016-06-10 20:16 - 000416768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qwebp.dll
2016-06-13 04:38 - 2016-06-12 21:38 - 000317440 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\mediaservice\dsengine.dll
2016-06-10 16:34 - 2016-06-10 09:34 - 001489920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\platforms\qwindows.dll
2020-01-13 10:29 - 2020-01-13 03:29 - 005384704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Core.dll
2016-06-10 16:23 - 2016-06-10 09:23 - 005283840 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Gui.dll
2016-06-13 04:29 - 2016-06-12 21:29 - 000853504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Multimedia.dll
2016-06-10 16:17 - 2016-06-10 09:17 - 001610240 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Network.dll
2016-06-11 02:51 - 2016-06-10 19:51 - 000348160 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Svg.dll
2016-06-10 16:29 - 2016-06-10 09:29 - 006358528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Widgets.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 14:58 - 2020-07-27 14:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-04 08:02 - 2020-12-04 08:02 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2015-08-24 11:10 - 2020-10-26 12:13 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\BASS.dll
2015-08-24 11:10 - 2020-10-26 12:13 - 000012166 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\BASSWASAPI.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wxbase30u_net_vc90_x64.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wxbase30u_vc90_x64.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wxmsw30u_adv_vc90_x64.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wxmsw30u_core_vc90_x64.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wxmsw30u_html_vc90_x64.dll
2021-04-12 11:45 - 2021-04-12 11:45 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\tmich\AppData\Local\Temp\_MEI120522\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-164066535-651083684-587169521-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2021-04-10 00:00 - 000001331 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 track.easeus.com
127.0.0.1 66.39.112.91
127.0.0.1 216.92.151.227
127.0.0.1 216.92.61.7
127.0.0.1 update.easeus.com
127.0.0.1 liveupdate.acronis.com
127.0.0.1 activation.acronis.com
127.0.0.1 web-api-tih.acronis.com
127.0.0.1 download.acronis.com
127.0.0.1 orders.acronis.com
127.0.0.1 ns1.acronis.com
127.0.0.1 ns2.acronis.com
127.0.0.1 ns3.acronis.com
127.0.0.1 account.acronis.com
127.0.0.1 gateway.acronis.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\_A\Putty\
HKU\S-1-5-21-164066535-651083684-587169521-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: ExitLag Game Booster -> nt_ndextlag (enabled)
Síťové připojení Bluetooth: ExitLag Game Booster -> nt_ndextlag (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{76130225-013F-491F-B6E2-172097781058}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5C009547-71E6-40DC-AE8A-71A37A5849EF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D46AFF11-6D14-4D53-B815-CC154C46932E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{355BE375-8E33-41C9-B4E1-DBA68C2DB0C2}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{88FF7C0D-201A-4B8D-A4E6-09775B26AB60}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{AC9F9D52-48F0-4633-97F4-96DBF17F963F}] => (Block) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{F956C0F7-BFB3-466D-8C67-86C33A454989}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9C7DB957-26A8-4005-A7D6-271FF57F130F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D6B09F0F-F25A-4957-B4B3-0FFB3780257D}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{431C332D-AACA-47E0-AC5D-46B5F810B754}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{FF62FEA1-FB6F-4600-8675-D204D5D2DBC7}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [{E559F994-AA43-4D5A-ABE8-9E60295F67F8}] => (Allow) D:\_SteamLibrary\steamapps\common\Fall Guys\FallGuys_client_game.exe () [File not signed]
FirewallRules: [{2CEEFB15-DB59-415C-9EA3-AA7F9539339C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1EF8AE25-11C7-4C4D-96B0-5EE7AC9B623B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25303A91-1DEC-43F2-85DB-65AD6BFB099C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54013972-4099-4CF0-A3C8-66D137A025D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8F3E73E7-2648-4480-ACDD-F6929088091F}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{F13379AE-9395-4392-9C63-7878C633EFBF}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{45B82E65-CCDE-4F21-82D6-BDBB3D685ED8}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{324CE0FA-F169-4061-B765-967B08D17559}] => (Allow) D:\_SteamLibrary\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{CBA280D5-5947-4692-8204-172A395DA0A1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1082A718-50FF-459A-BE92-3DC14FA8B80F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{48CFEA02-ADCC-4327-8CDC-9B1000753C22}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{B222261D-510E-4E56-89D3-C99CBEA0DF8F}D:\xampp\mysql\bin\mysqld.exe] => (Allow) D:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{2ACCD0E6-AE93-4606-A44E-57A67BA81DD9}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{0CD6340B-4A82-493A-865D-AE3F31E00CF2}D:\xampp\apache\bin\httpd.exe] => (Allow) D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{EC7F5D2C-8452-40AC-BCF7-4D2F066F6C14}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{BAA54C92-6030-4502-B7C6-3DBAB3E48E6D}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1631B803-7AD2-498F-BBB7-FE278ED19C20}] => (Allow) D:\_SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{8B51E037-24EA-44E9-AFDB-AF5A8D3F37BF}] => (Allow) D:\_SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [TCP Query User{64810FCA-2F21-43EA-A809-00C90AB3B37E}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{BAE76C49-6700-433D-BFA4-EF402A821678}C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii public test\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8F507F58-3B98-4DE5-9122-3A917093529B}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{34F52923-2690-4615-81B5-E5D23F349B86}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{F0759411-6C30-465C-8E44-7DED1607E6E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5D31539C-FCB6-41F2-8814-E391705E5C6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B3671BFB-6713-4D20-8255-87880C6A90A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7E7E2100-4081-4F18-B7FC-E5F63B7651A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F23EAC06-46A0-4A3C-8C67-EB5AEE98A536}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CE22A668-7ABD-4B3F-AB45-4BEF6C54C322}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CE5E293A-8C88-4BD6-AF0F-33F08E883194}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A837522D-57E1-4E7E-B4D5-2A1F89260330}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{42E86E4E-3F6C-4919-BC65-8613F9B4389E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{38D185AF-0A89-43DC-B5F9-24BBFF9FF09E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4BE10A41-D03E-4057-B53C-B7B1E99281C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{26EC5B19-734D-4ED9-BFBD-BD8BC0B6FD9C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D8B1CCD-DBCA-4852-A5F0-C28D650EC22F}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{84D43A43-E721-44DD-983F-CC652657DE7A}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{08B892B7-0FF6-4112-B45F-59C170AF78C2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{438E1DD1-52BC-47B2-90FB-2368EC42676C}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{7ADB821E-4300-4FCD-B919-367930F5BEFF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{D79F150D-B45C-4F72-9137-F10A7D8560F8}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{F7ADF01E-1CB0-4CEC-B20A-91671799A18E}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{95B4324E-0734-4C52-AF08-25C1B86B0AA3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{464DF7DB-71BB-4D36-A381-29E278EE1DD2}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F576A248-B116-4B7E-BCC9-090A2D77F9F1}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{E767BDB8-6858-4243-898E-A2E5EAE29E5C}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{96717AC4-C54A-47A8-916A-E5D68E2DB817}] => (Allow) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0D2C5D1B-542F-49AD-9A83-E86D275AA912}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{D4EF63FE-9E24-4098-9D4A-7281BEFED7F1}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{4810099B-D18A-4826-9E8B-C5CF905F617A}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{04D5E3ED-2B57-49BF-82AD-AA7A452FC9B4}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{477F0820-60D3-41AA-995A-7F5A773A1885}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{247AE894-A7E7-412A-8B33-21126AB049FF}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{59978AFD-680A-4AF1-B17F-CC3E39F5892B}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{88648EC1-65F7-45DD-992E-B63681E00112}] => (Block) C:\Program Files (x86)\Overwolf\0.168.0.12\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [TCP Query User{F58908B8-D4FF-4FA8-8332-BE1922B89C46}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{65AD2459-E6E1-4C7B-AC3F-CBFB25ED5655}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [{4E6F4010-9504-48BB-9FED-B76D7BCE2E02}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{75791136-78FB-4909-B0B9-8C673809C45B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{6C9AE7AA-8414-445B-A53C-B85BD0E205C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E7F53DF0-99D5-4747-98CD-5CD9F27F12AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{30F1E2ED-C96D-4D0F-80EF-E90350EFDF9A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D481205B-FD00-4C97-A7D5-244F9BCF3D5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

27-03-2021 11:05:46 Installed exe2msiSetupPackage
31-03-2021 20:12:46 Windows Update
08-04-2021 20:52:07 Removed Autodesk Network License Manager
08-04-2021 20:52:34 Removed Autodesk CAD Manager Tools
08-04-2021 22:16:08 Instalační služba modulů systému Windows
09-04-2021 20:08:28 Installed Macrium Reflect Free Edition
09-04-2021 21:57:10 Installed Paragon Hard Disk Manager™ 17 Advanced
10-04-2021 07:25:43 Nainstalováno: Tvůrce spouštěcích médií Acronis Universal Restore
11-04-2021 09:50:09 Removed Macrium Reflect Free Edition

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/11/2021 10:38:51 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (04/12/2021 11:03:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (04/11/2021 10:46:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (04/11/2021 10:45:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/11/2021 10:45:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/11/2021 10:45:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/11/2021 10:45:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Logitech Gaming Registry Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/11/2021 10:45:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FlexNet Licensing Service 64 byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/11/2021 10:45:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Autodesk Desktop App Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===============
Date: 2021-04-12 12:00:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1004 08/13/2020
Motherboard: ASUSTeK COMPUTER INC. TUF GAMING B550-PLUS
Processor: AMD Ryzen 5 3600X 6-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 32683.95 MB
Available physical RAM: 25164.54 MB
Total Virtual: 37547.95 MB
Available Virtual: 25763.82 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:465.65 GB) (Free:245.07 GB) NTFS
Drive d: (New) (Fixed) (Total:931.51 GB) (Free:321.65 GB) NTFS
Drive e: (Old) (Fixed) (Total:931.51 GB) (Free:67.28 GB) NTFS
Drive z: (SP PHD U3) (Fixed) (Total:1863.01 GB) (Free:1736.75 GB) NTFS

\\?\Volume{19efa83d-20c1-4f4b-91e4-c280f25b5e39}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 69569EDF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 30580F36)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0117122D)

Partition: GPT.

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 1D92479C)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#12 Příspěvek od Diallix »

Ok, este posledne docistenie:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:
C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys

S3 PRProt; \??\C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys [X] <==== ATTENTION
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: treestyletab@piro.sakura.ne.jp
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: jid1-ZAdIEUB7XOzOJw@jetpack
EmptyTemp:
Hosts:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Re: Preventivní kontrola

#13 Příspěvek od TomGuma »

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-04-2021
Ran by tmich (12-04-2021 15:01:35) Run:2
Running from C:\_A\_viry
Loaded Profiles: tmich
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys

S3 PRProt; \??\C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys [X] <==== ATTENTION
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: treestyletab@piro.sakura.ne.jp
FF NewTabOverride: Mozilla\Firefox\Profiles\7wgx7v3p.default-release -> Enabled: jid1-ZAdIEUB7XOzOJw@jetpack
EmptyTemp:
Hosts:


*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Users\tmich\AppData\Local\Temp\ActiveAnticheat\1223449\active64.sys" => not found
HKLM\System\CurrentControlSet\Services\PRProt => removed successfully
PRProt => service removed successfully
"Firefox NewTabOverride (treestyletab@piro.sakura.ne.jp) " => removed successfully
"Firefox NewTabOverride (jid1-ZAdIEUB7XOzOJw@jetpack) " => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9542124 B
Java, Flash, Steam htmlcache => 11480487 B
Windows/system/drivers => 10194 B
Edge => 0 B
Chrome => 0 B
Firefox => 325898305 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1518 B
tmich => 95651205 B

RecycleBin => 110849 B
EmptyTemp: => 429.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End 3 Fixlog 15:01:50 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventivní kontrola

#14 Příspěvek od Diallix »

Dobre.

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

TomGuma
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 01 dub 2007 13:27

Re: Preventivní kontrola

#15 Příspěvek od TomGuma »

Vypadá v pořádku. Chci si udělat zálohu tak jsem chtěl mít jistotu, že to mám čisté. Děkuji za pomoc

Zamčeno