Asi před týdnem jsem jsem v Systému32 našel 2 podivné a skryté bat soubory. Jelikož se batem zabývám celkem dlouho, odkazovalo to na nějaký náhodný číselný EXE soubor kdesi. Asi po dni to zmizelo a přišlo mi to celkem divné. Momentálně se mi celkem zpomaluje PC. Luštit z FRST celkem umim, ale na tohle mi mozek nestačí.
![33 :roll:](./images/smilies/33.gif)
![2 :)](./images/smilies/2.gif)
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by devil (administrator) on ROMANP (ASUSTeK COMPUTER INC. K55VM) (15-11-2019 21:16:03)
Running from C:\Users\devil\Downloads
Loaded Profiles: devil (Available Profiles: devil)
Platform: Windows 10 Pro Version 1903 18362.418 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Discord Inc. -> Discord Inc.) C:\Users\devil\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\devil\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\devil\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\devil\AppData\Local\Discord\app-0.0.305\Discord.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\84.4.170\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\84.4.170\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\84.4.170\QtWebEngineProcess.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\devil\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\devil\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.34.15002.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.34.15002.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6210368 2019-10-30] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKU\S-1-5-21-3229217210-2793773996-152953426-1001\...\Run: [Discord] => C:\Users\devil\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3229217210-2793773996-152953426-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-3229217210-2793773996-152953426-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\devenv.exe [744352 2019-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3229217210-2793773996-152953426-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\devenv.exe [744352 2019-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-12] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03069533-386A-47D1-B5B7-58936B8FC90B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0908D7C3-787D-4890-B50D-299F36112FF2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {111413CF-59CD-4DCE-8D68-8F46A6A67C20} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1BC0970D-54AB-495A-B9E0-EBF4ABD0EB32} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64920 2019-10-20] (Microsoft Corporation -> Microsoft)
Task: {1E24338C-AD98-4B4D-BF0A-A196AEC337AB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {1E8D3C6A-882B-4CFA-B50C-B3989BF269BE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31F06AE2-DD76-450E-A33C-9D009A8131EE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {41E70914-E7F9-4B19-B635-FD51C6C48A3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2019-10-10] (Google Inc -> Google Inc.)
Task: {58F6E124-CE51-465E-92F5-CEA5E8B6CFD8} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {68990305-63AE-48C5-B9B3-4F701EF55053} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80F0A9AB-1715-4D54-8636-506486A7EEBF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {81477E22-46B2-480F-B456-C125F13FDC22} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-06-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8E55C038-350B-4ECA-A46A-0867B3630DDE} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [469952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9229920E-5A0E-4D79-837E-D32E25D32874} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {A5421A57-F248-4816-B663-9250174A3237} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2019-10-10] (Google Inc -> Google Inc.)
Task: {BBC5DA67-4CF7-41FD-BBA6-A9C05271BAD6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {BFA93A9B-22FC-423D-8CB3-14448A1778C3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CE41CB9B-DB28-42F3-A1FE-B568ABFD9DBA} - System32\Tasks\update-S-1-5-21-3229217210-2793773996-152953426-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {F238B6C8-3091-4501-BFFD-C9B43828B84E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-06-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {FBA2BC0E-612D-4783-AAAA-477977BC3134} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [976832 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3229217210-2793773996-152953426-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{83ab1f86-83aa-4caf-a1bf-859f1229461d}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9cdb904d-84fc-46c9-b3e3-7928f5dec822}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{b6304580-a533-4168-95d8-f2d81f04630e}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
FireFox:
========
FF DefaultProfile: cayc8vgs.default
FF ProfilePath: C:\Users\devil\AppData\Roaming\Mozilla\Firefox\Profiles\cayc8vgs.default [2019-11-15]
FF Extension: (No Name) - C:\Users\devil\AppData\Roaming\Mozilla\Firefox\Profiles\cayc8vgs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-10-26]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default [2019-11-05]
CHR Extension: (Prezentace) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-10]
CHR Extension: (Dokumenty) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-10]
CHR Extension: (Disk Google) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-10]
CHR Extension: (YouTube) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-10]
CHR Extension: (Tabulky) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Gmail) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\devil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-10]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AALSvc; C:\AlphaAntiLeak\AAL\bin\server\AALSvc.exe [2913960 2019-10-13] (Constantin Schreiber -> )
R2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-13] (Dropbox, Inc -> Dropbox, Inc.)
R3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-10-30] (Dropbox, Inc -> Dropbox, Inc.)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [52864 2017-02-24] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [2002480 2017-02-24] (ESET, spol. s r.o. -> ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1680000 2017-02-21] (ESET, spol. s r.o. -> ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [194688 2017-02-24] (ESET, spol. s r.o. -> ESET)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AALProtect; C:\AlphaAntiLeak\AAL\bin\server\AALProtect.sys [35984 2019-10-13] (OOO AMEKS -> )
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-07] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [273072 2017-02-09] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [202928 2017-02-09] (ESET, spol. s r.o. -> ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [77168 2017-02-09] (ESET, spol. s r.o. -> ESET)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-12-22] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_1474122a0ce2f241\nvpciflt.sys [48480 2018-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-06-07] (Realtek Semiconductor Corp. -> Realtek )
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51736 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [42008 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29720 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36368 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [45080 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [47640 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [51736 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [43544 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [43544 2016-06-23] (Razer USA Ltd. -> Razer Inc)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [54352 2016-08-17] (Intel Corporation -> Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-15 21:16 - 2019-11-15 21:17 - 000023059 _____ C:\Users\devil\Downloads\FRST.txt
2019-11-15 21:15 - 2019-11-15 21:17 - 000000000 ____D C:\FRST
2019-11-15 21:15 - 2019-11-15 21:15 - 002260480 _____ (Farbar) C:\Users\devil\Downloads\FRST64.exe
2019-11-15 21:11 - 2019-11-15 21:11 - 000000000 ___HD C:\OneDriveTemp
2019-11-12 19:15 - 2019-11-12 19:15 - 000020998 _____ C:\WINDOWS\system32\CleanFix.txt
2019-11-12 14:15 - 2019-11-12 19:15 - 000000366 _____ C:\WINDOWS\system32\CleanFix.txt┬Ę
2019-11-05 17:45 - 2019-11-05 17:45 - 000000000 ____D C:\Users\devil\AppData\LocalLow\Temp
2019-11-05 17:37 - 2019-11-05 18:51 - 000000000 ____D C:\Users\devil\OneDrive\Dokumenty\Visual Studio 2019
2019-11-02 22:44 - 2019-11-02 22:45 - 000000051 _____ C:\Users\devil\blabla.txt
2019-11-02 22:40 - 2019-11-02 22:40 - 000000000 _____ C:\Users\devil\eternalv2.txt
2019-11-02 22:39 - 2019-11-02 22:42 - 000000000 _____ C:\Users\devil\WMIC
2019-11-02 22:38 - 2019-11-02 22:38 - 000000000 _____ C:\Users\devil\eternal.txt
2019-11-02 12:00 - 2019-11-02 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-02 11:58 - 2019-11-05 21:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-30 19:45 - 2019-10-30 19:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-10-30 19:45 - 2019-10-30 19:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-10-30 19:45 - 2019-10-30 19:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-10-30 19:45 - 2019-10-30 19:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-10-30 14:28 - 2019-10-30 14:28 - 000000000 ____D C:\Users\devil\AppData\Local\PeerDistRepub
2019-10-30 10:42 - 2019-10-30 10:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-10-30 10:42 - 2019-10-30 10:42 - 000000000 ____D C:\Users\devil\AppData\Local\VirtualStore
2019-10-30 10:40 - 2019-11-15 21:10 - 000000000 ____D C:\Users\devil\AppData\LocalLow\Mozilla
2019-10-29 19:43 - 2019-11-05 17:31 - 000192985 _____ C:\WINDOWS\system32\FFPX.txt
2019-10-29 18:15 - 2019-10-29 18:15 - 000146278 _____ C:\WINDOWS\system32\TestTime.txt
2019-10-29 17:20 - 2019-10-29 17:20 - 000000000 ____D C:\Users\devil\ansel
2019-10-28 18:34 - 2019-11-02 11:52 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-10-28 18:34 - 2019-10-28 18:34 - 024578944 _____ (Piriform Software Ltd) C:\Users\devil\Downloads\ccsetup563.exe
2019-10-28 18:34 - 2019-10-28 18:34 - 000002870 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-10-28 18:34 - 2019-10-28 18:34 - 000000872 _____ C:\ProgramData\Plocha\CCleaner.lnk
2019-10-28 18:34 - 2019-10-28 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-10-28 18:34 - 2019-10-28 18:34 - 000000000 ____D C:\Program Files\CCleaner
2019-10-27 13:34 - 2019-10-28 20:21 - 000000139 _____ C:\Users\devil\Downloads\hosts-perm.bat
2019-10-27 12:40 - 2019-10-27 12:40 - 000001926 _____ C:\Users\devil\Downloads\Nový textový dokument.txt
2019-10-26 19:47 - 2019-10-29 11:18 - 000000000 ____D C:\Users\devil\OneDrive\Dokumenty\Lightshot
2019-10-26 19:46 - 2019-10-27 08:43 - 000000402 _____ C:\WINDOWS\Tasks\update-sys.job
2019-10-26 19:46 - 2019-10-27 08:43 - 000000402 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3229217210-2793773996-152953426-1001.job
2019-10-26 19:46 - 2019-10-26 19:46 - 002784344 _____ (Skillbrains ) C:\Users\devil\Downloads\setup-lightshot.exe
2019-10-26 19:46 - 2019-10-26 19:46 - 000003390 _____ C:\WINDOWS\system32\Tasks\update-S-1-5-21-3229217210-2793773996-152953426-1001
2019-10-26 19:46 - 2019-10-26 19:46 - 000003328 _____ C:\WINDOWS\system32\Tasks\update-sys
2019-10-26 19:46 - 2019-10-26 19:46 - 000000424 _____ C:\Users\devil\AppData\Local\UserProducts.xml
2019-10-26 19:46 - 2019-10-26 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2019-10-26 19:46 - 2019-10-26 19:46 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2019-10-26 18:47 - 2019-10-26 18:47 - 000000000 ____D C:\AdwCleaner
2019-10-26 18:46 - 2019-10-26 18:46 - 007622344 _____ (Malwarebytes) C:\Users\devil\Downloads\AdwCleaner.exe
2019-10-22 17:44 - 2019-10-22 17:44 - 000000000 ____D C:\Users\devil\AppData\Local\ESET
2019-10-22 17:38 - 2019-10-22 17:38 - 000000000 ____D C:\Users\devil\AppData\Local\IsolatedStorage
2019-10-22 17:12 - 2019-10-22 17:12 - 000000000 ____D C:\Users\devil\AppData\Roaming\NuGet
2019-10-22 17:12 - 2019-10-22 17:12 - 000000000 ____D C:\Users\devil\.templateengine
2019-10-22 17:08 - 2019-10-22 17:08 - 000000000 ____D C:\Users\devil\source
2019-10-20 21:39 - 2019-11-12 17:57 - 000000000 ____D C:\Users\devil\AppData\Local\.IdentityService
2019-10-20 21:39 - 2019-10-20 21:39 - 000001805 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\2052
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1042
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1041
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1031
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\SysWOW64\1028
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\3082
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\2052
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1055
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1049
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1046
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1045
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1042
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1041
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1040
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1036
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1033
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1031
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1029
2019-10-20 21:39 - 2019-10-20 21:39 - 000000000 ____D C:\WINDOWS\system32\1028
2019-10-20 21:36 - 2019-10-20 21:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2019-10-20 21:36 - 2019-10-20 21:36 - 000000000 ____D C:\Program Files (x86)\NuGet
2019-10-20 21:36 - 2019-10-20 21:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-10-20 21:34 - 2019-10-20 21:37 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2019-10-20 21:34 - 2019-10-20 21:36 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2019-10-20 21:33 - 2019-10-20 21:33 - 000000000 ____D C:\Users\devil\.dotnet
2019-10-20 21:32 - 2019-10-20 21:33 - 000000000 ____D C:\Program Files\dotnet
2019-10-20 21:32 - 2019-10-20 21:33 - 000000000 ____D C:\Program Files (x86)\dotnet
2019-10-20 21:32 - 2019-10-20 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2019-10-20 21:32 - 2019-10-20 21:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-10-20 21:31 - 2019-10-20 21:31 - 000001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
2019-10-20 21:29 - 2019-10-29 10:34 - 000000000 ____D C:\Users\devil\AppData\Roaming\Visual Studio Setup
2019-10-20 21:29 - 2019-10-20 21:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-10-20 21:29 - 2019-10-20 21:29 - 000001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-10-20 21:29 - 2019-10-20 21:29 - 000000000 ____D C:\Users\devil\AppData\Roaming\vstelemetry
2019-10-20 21:29 - 2019-10-20 21:29 - 000000000 ____D C:\Users\devil\AppData\Local\ServiceHub
2019-10-20 21:28 - 2019-10-20 21:28 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2019-10-20 21:27 - 2019-10-20 21:27 - 001384744 _____ (Microsoft Corporation) C:\Users\devil\Downloads\vs_community__1296473629.1571603211.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-15 21:18 - 2019-10-13 12:38 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-15 21:16 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-11-15 21:16 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-15 21:15 - 2019-10-10 21:11 - 000000000 ____D C:\Users\devil\AppData\Local\Packages
2019-11-15 21:14 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-15 21:13 - 2019-10-11 15:50 - 000000000 ____D C:\Users\devil\AppData\Roaming\Discord
2019-11-15 21:12 - 2019-10-10 20:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-15 21:11 - 2019-10-13 12:41 - 000000000 ___RD C:\Users\devil\Dropbox
2019-11-15 21:11 - 2019-10-10 21:12 - 000000000 ___RD C:\Users\devil\OneDrive
2019-11-15 21:10 - 2019-10-10 21:11 - 000000000 __SHD C:\Users\devil\IntelGraphicsProfiles
2019-11-15 21:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-11-12 19:20 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-12 17:20 - 2019-10-10 22:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-12 14:14 - 2019-10-10 23:01 - 000724330 _____ C:\WINDOWS\system32\perfh019.dat
2019-11-12 14:14 - 2019-10-10 23:01 - 000143706 _____ C:\WINDOWS\system32\perfc019.dat
2019-11-12 14:14 - 2019-10-10 22:21 - 002473836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-12 14:14 - 2019-03-19 12:57 - 000683600 _____ C:\WINDOWS\system32\perfh005.dat
2019-11-12 14:14 - 2019-03-19 12:57 - 000137282 _____ C:\WINDOWS\system32\perfc005.dat
2019-11-12 14:14 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2019-11-12 14:13 - 2019-10-10 21:32 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-12 14:13 - 2019-10-10 21:32 - 000002269 _____ C:\ProgramData\Plocha\Google Chrome.lnk
2019-11-05 21:32 - 2019-10-10 22:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-05 21:32 - 2019-10-10 21:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-05 21:31 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-11-05 17:20 - 2019-10-10 22:18 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-05 17:20 - 2019-10-10 22:18 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-05 17:20 - 2019-10-10 21:29 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-02 23:49 - 2019-10-10 22:21 - 000000000 ____D C:\ProgramData\Packages
2019-11-02 22:44 - 2019-10-10 22:13 - 000000000 ____D C:\Users\devil
2019-11-02 21:22 - 2019-10-10 21:33 - 000001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-11-02 11:55 - 2019-10-13 12:38 - 000000000 ____D C:\Users\devil\AppData\Local\Dropbox
2019-10-30 10:44 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\spool
2019-10-30 10:40 - 2019-10-11 14:38 - 000000000 ____D C:\Users\devil\AppData\Roaming\Mozilla
2019-10-29 18:11 - 2019-10-13 10:12 - 000000000 ____D C:\AlphaAntiLeak
2019-10-29 18:11 - 2019-10-10 20:28 - 000000000 ___HD C:\$SysReset
2019-10-29 10:34 - 2019-10-13 10:05 - 000000000 ____D C:\Users\devil\AppData\Roaming\.minecraft
2019-10-29 10:34 - 2019-10-13 10:04 - 000000000 ____D C:\Users\devil\AppData\Roaming\LunarClient
2019-10-29 10:34 - 2019-10-11 14:38 - 000000000 ____D C:\Users\devil\AppData\Local\Mozilla
2019-10-29 10:34 - 2019-10-10 21:29 - 000000000 ____D C:\Users\devil\AppData\Local\Google
2019-10-29 10:34 - 2019-10-10 21:27 - 000000000 ____D C:\Users\devil\AppData\Local\Comms
2019-10-29 10:34 - 2019-10-10 21:11 - 000000000 ____D C:\Users\devil\AppData\Local\Publishers
2019-10-29 10:34 - 2019-10-10 21:11 - 000000000 ____D C:\Users\devil\AppData\Local\MicrosoftEdge
2019-10-29 09:53 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-10-29 09:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-10-29 09:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-10-29 09:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2019-10-29 09:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-10-29 09:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2019-10-29 09:53 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-10-28 18:46 - 2019-10-10 21:34 - 000000000 ___DC C:\WINDOWS\Panther
2019-10-27 20:50 - 2019-10-12 20:26 - 000000884 _____ C:\Users\devil\Downloads\Vypis_souboru_slozek_kapacity.txt.bat
2019-10-27 08:43 - 2019-10-13 12:38 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-10-27 08:43 - 2019-10-13 12:38 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-10-26 17:42 - 2019-03-19 12:59 - 000000000 ____D C:\WINDOWS\OCR
2019-10-26 17:42 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-10-26 15:22 - 2019-10-10 22:18 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3229217210-2793773996-152953426-1001
2019-10-26 15:22 - 2019-10-10 22:13 - 000002370 _____ C:\Users\devil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-20 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-10-20 21:35 - 2019-10-10 21:34 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories ========
2019-10-26 19:46 - 2019-10-26 19:46 - 000000003 _____ () C:\Users\devil\AppData\Local\updater.log
2019-10-26 19:46 - 2019-10-26 19:46 - 000000424 _____ () C:\Users\devil\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by devil (15-11-2019 21:19:03)
Running from C:\Users\devil\Downloads
Windows 10 Pro Version 1903 18362.418 (X64) (2019-10-10 21:19:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3229217210-2793773996-152953426-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3229217210-2793773996-152953426-503 - Limited - Disabled)
devil (S-1-5-21-3229217210-2793773996-152953426-1001 - Administrator - Enabled) => C:\Users\devil
Guest (S-1-5-21-3229217210-2793773996-152953426-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3229217210-2793773996-152953426-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Endpoint Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Endpoint Antivirus (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Advanced BAT to EXE Converter v4.11 (HKLM-x32\...\Advanced BAT to EXE Converter v4.11) (Version: - )
Aktualizace NVIDIA 31.1.10.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.1.10.0 - NVIDIA Corporation) Hidden
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.140.2.1004 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{5FD1DF50-FBB1-4888-8F8F-4ECDC78909C4}) (Version: 4.8.03928 - Microsoft Corporation) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3229217210-2793773996-152953426-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 84.4.170 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{C4105EB5-5C16-40C4-93DF-66DE6584D26E}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
ESET Endpoint Antivirus (HKLM\...\{A8EE1B13-59D6-44EE-8B43-DDA14D2B6723}) (Version: 6.5.2094.1 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}) (Version: 6.5.522.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
icecap_collection_neutral (HKLM-x32\...\{7BB0BF1D-3021-45DC-912E-9DAB74F486C0}) (Version: 16.3.29110 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0B880F5C-ECD4-4FC6-81A7-46C40ECA0B8C}) (Version: 16.3.29110 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{5F584D04-17CF-442B-8CBC-3FF9ABBF74A6}) (Version: 16.3.29110 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{0E9D093A-16D9-4572-953D-2881C7DA945C}) (Version: 16.1.28829 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Lunar Client (HKU\S-1-5-21-3229217210-2793773996-152953426-1001\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 1.7.0 - Moonsworth, LLC)
Microsoft .NET Core SDK 3.0.100 (x64) from Visual Studio (HKLM\...\{C52DB3F0-440B-4A83-B795-B1180D70BBFF}) (Version: 3.0.100.014277 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3229217210-2793773996-152953426-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.3.2217.1010 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{C69E6AE7-4574-4BCD-9864-72282140C852}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 70.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 70.0.1 (x64 cs)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27057 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
TeamViewer 7 Host (HKLM-x32\...\TeamViewer 7 Host) (Version: 7.0.43148 - TeamViewer)
Tweak-SSD v2 (HKLM\...\Tweak-SSD v2) (Version: 2.0.70 - Totalidea Software)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{6070460A-FB5E-4D92-8C99-0944C19C2ACA}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\7f36b257) (Version: 16.3.29411.108 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{D19BAD98-BFDD-4C70-B66C-EE75F851B9BC}) (Version: 16.3.29311 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{72E86320-AFF2-44F8-9C8B-0BD51E5B14DE}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DBA97C17-13F0-407B-8BC4-0C2E01A298A5}) (Version: 16.3.29209 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{AD3B73B9-D5C8-4FF9-AB73-7A1DC39F3E02}) (Version: 16.3.29209 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{692A0FB3-E6A2-4D41-AC03-4136B4312DC0}) (Version: 16.3.29209 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{6B065DCD-E730-4FCE-905D-2B3F30A91110}) (Version: 16.3.29230 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DA2B1838-3B2E-4220-8B2E-796F4624D463}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{92B3118C-3214-4BFA-89A0-5FF5EDFA2AEA}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-12] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0 [2019-11-02] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3229217210-2793773996-152953426-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3229217210-2793773996-152953426-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\devil\Dropbox [2019-10-13 12:41]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2017-02-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2017-02-24] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-10-09] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2017-02-24] (ESET, spol. s r.o. -> ESET)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-10-10 21:26 - 2018-12-30 08:00 - 000077824 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\devil\Downloads\ccsetup563.exe:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-11-12 14:19 - 2019-11-12 14:19 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3229217210-2793773996-152953426-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\devil\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\attackteam.png
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0EF465E7-02B2-46D5-8FFB-F56FBB167C32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3F65B991-F1B7-4B6A-8426-6862019A249C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FDB33494-8464-4A9A-8338-B0323D491A5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{80DF07FE-CDD0-4734-82B6-EA038A4DEA66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7099B0E7-E5E0-4368-A528-4174EFE07A67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F7CA4D27-6657-4467-98C6-505C6FE51487}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4AFC5624-07BC-4EB4-A6DE-1F4271511D3C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{93AF0483-1450-4720-99BA-BCBD884914B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{143C32E7-410B-4D0A-B69B-C581AAD3D5D4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{E982372C-C315-4CB9-864A-EFE53EF9EA9C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{227449F2-19A4-4E8B-A6A0-15F9DCE3DF4B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{75D459DA-87FF-478D-8945-861158C1EF77}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{907AFA4B-F956-483C-9DA1-D2BCE18C3323}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [TCP Query User{73E36BDA-FBEA-46BA-98B5-8084FA3F57BF}C:\alphaantileak\aal\bin\server\alphaantileak.exe] => (Allow) C:\alphaantileak\aal\bin\server\alphaantileak.exe (Constantin Schreiber -> )
FirewallRules: [UDP Query User{B5CA6ABA-50EE-4AF9-B22A-DBC00B18F19D}C:\alphaantileak\aal\bin\server\alphaantileak.exe] => (Allow) C:\alphaantileak\aal\bin\server\alphaantileak.exe (Constantin Schreiber -> )
FirewallRules: [{2D7B4C0E-CDCF-46B7-A988-D542F87711BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8508B90B-6132-48D3-A1D0-49F5884E6BA4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA541723-A6E4-4482-83C7-FA290E35AF2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E15D6445-9881-42A8-9267-A5A7DAC352ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{412B5844-2129-4442-ABA6-FE570FCEA676}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B4E95975-F708-49FF-A024-4866B842EECB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3041D7AC-30A1-410D-A96E-F4995E4CDF40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7B440366-DAB0-488A-9C51-C23A3E2D1105}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.118.611.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E3BA3EC9-9BB6-4D72-AB8A-0DEF558AD271}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F7D9AC68-0A3B-4350-9D9A-CCDB18E42444}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48837B54-CA03-45F3-9164-0E5C8D6BE709}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C7E91BD3-6145-4F70-97BE-C708CD48168C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{65479808-3C68-4F3B-8CD5-4D15AF0E97A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C08A8A3F-522F-4424-8443-CEFAFD6946BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{229060BD-0D6E-468A-ABB9-BBF377B1F35C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6695F0D-604A-4CC0-8270-11FD67B6927A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8EE28BC3-370C-466F-BCEA-C48F040D6141}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8E451EA4-DC38-4B64-A54A-B438FB9F9974}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Restore Points =========================
26-10-2019 20:53:55 Naplánovaný kontrolní bod
05-11-2019 19:09:46 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/15/2019 09:20:47 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Objekt nebo vlastnost nebyly nalezeny.
Error: (11/15/2019 09:20:47 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Objekt nebo vlastnost nebyly nalezeny.
Error: (11/15/2019 09:19:24 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Objekt nebo vlastnost nebyly nalezeny.
Error: (11/15/2019 09:19:24 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Objekt nebo vlastnost nebyly nalezeny.
Error: (11/15/2019 09:15:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CHXSmartScreen.exe, verze: 10.0.18362.329, časové razítko: 0x5d65fa38
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.18362.418, časové razítko: 0xfba22159
Kód výjimky: 0x00000004
Posun chyby: 0x000000000003a839
ID chybujícího procesu: 0x43b4
Čas spuštění chybující aplikace: 0x01d59bf165a0573a
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: db8dc12f-ab39-4c24-9912-0ea319e1ca72
Úplný název chybujícího balíčku: Microsoft.Windows.Apprep.ChxApp_1000.18362.387.0_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: App
Error: (11/12/2019 07:19:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9668,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (11/12/2019 06:13:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4336,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (11/12/2019 02:22:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6268,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
System errors:
=============
Error: (11/15/2019 09:16:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.
Error: (11/12/2019 07:20:12 PM) (Source: DCOM) (EventID: 10010) (User: ROMANP)
Description: Server {021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2019 07:20:12 PM) (Source: DCOM) (EventID: 10010) (User: ROMANP)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2019 07:20:12 PM) (Source: DCOM) (EventID: 10010) (User: ROMANP)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2019 07:20:12 PM) (Source: DCOM) (EventID: 10010) (User: ROMANP)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2019 07:20:12 PM) (Source: DCOM) (EventID: 10010) (User: ROMANP)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2019 07:20:11 PM) (Source: DCOM) (EventID: 10010) (User: ROMANP)
Description: Server {021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2019 07:20:11 PM) (Source: DCOM) (EventID: 10010) (User: ROMANP)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
==================== Memory info ===========================
BIOS: American Megatrends Inc. K55VM.206 05/23/2012
Motherboard: ASUSTeK COMPUTER INC. K55VM
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 11725.8 MB
Available physical RAM: 6887.29 MB
Total Virtual: 13517.8 MB
Available Virtual: 8158.37 MB
==================== Drives ================================
Drive c: (WIN250SSD) (Fixed) (Total:222.45 GB) (Free:170.8 GB) NTFS
\\?\Volume{eafc9853-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.24 GB) NTFS
\\?\Volume{eafc9853-0000-0000-0000-10b337000000}\ () (Fixed) (Total:0.77 GB) (Free:0.28 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: EAFC9853)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=790 MB) - (Type=27)
==================== End of Addition.txt =======================
Díky.
![2 :)](./images/smilies/2.gif)