w-scrip a kontrola

[Alonzop]

Zdravím Odvirováky ,

Hlasím se s pravidelnou po Novoroční kontrolou a podezřením na nějakou formu viru .

Jedná se o "Windows script host" . Pokoušel jsem se o opravu v regeditu i msconfigu bohužel marně . Momentálně mám disable zobrazení z windows v rámci oprav . Nedokážu posoudit zda li to bude mít vliv na následné řešení které si dovolím nechat udělat Vás prosím pekně .

Dnes projeto ADW a Junkwarem a následně program na mazáni logu .

Zde nový Log JRT:

[Alonzop]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Alonzop (Administrator) on 31.01.2022 at 19:52:14,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


user_pref(browser.newtab.url, hxxps://securesearch.org/homepage?hp=2&pId=JD180501&iDate=2021-01-11 09:20:36&iid=a2d5253a-fb3c-4277-900e-a12d7ed199dc&bName=);
user_pref(browser.newtabpage.url, hxxps://securesearch.org/homepage?hp=2&pId=JD180501&iDate=2021-01-11 09:20:36&iid=a2d5253a-fb3c-4277-900e-a12d7ed199dc&bName=);



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.01.2022 at 19:53:23,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Alonzop]

FRST log :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2022
Ran by Alonzop (administrator) on X-COM (MSI MS-7721) (31-01-2022 19:55:39)
Running from C:\Users\Alonzop\Desktop
Loaded Profiles: Alonzop
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1469 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Sog951x1Sound] => C:\Program Files\PATRIOT VIPER HEADSET V370\CPL\PATRIOT_MEMORY_x64.exe [2418176 2020-10-21] () [File not signed]
HKLM-x32\...\Run: [VICTORY Gaming Keyboard] => C:\Program Files (x86)\Gaming Keyboard\Monitor.exe [270336 2013-03-30] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Run: [DLByb] => C:\Users\Alonzop\AppData\Roaming\DLByb\elbybb.dll [22016 2021-02-05] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [129920 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35129344 2021-08-18] (Piriform Software Ltd) [File not signed]
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {2110b0f5-66dc-11ec-936b-d43d7e9f40c1} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350a3-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350b2-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {65ae4bed-75ba-11eb-92dd-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {6c5ce6c0-7394-11eb-92db-98ded01fd416} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {eac6ed1e-e491-11eb-9315-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2020-07-30]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
Startup: C:\Users\Alonzop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\consol.vbs.lnk [2021-12-29]
ShortcutTarget: consol.vbs.lnk -> C:\ProgramData\consol.vbs () [File not signed]
Startup: C:\Users\Alonzop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herjkjsbyjpg.js [2021-12-29] () [File not signed]
Startup: C:\Users\Alonzop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nhxte.js [2021-12-29] () [File not signed]
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03BA5A1D-0F9F-4108-B305-E3584E8FE166} - System32\Tasks\ZdRZnrjKyQsBNVCvy2 => rundll32 "C:\Program Files (x86)\PUTBNyYtQYqvGavJmbR\QEGLZQZ.dll",#1
Task: {1AA6EF7D-74D1-4B07-9CB7-5A01153F091B} - System32\Tasks\KUnNZotjqHaVt2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\tflkRUqcfCpHkqVB\fkJaRYY.wsf"
Task: {23C0F7BA-133D-48B9-83D6-7B9B0EAEB4EF} - System32\Tasks\CCleanerSkipUAC - Alonzop => C:\Program Files\CCleaner\CCleaner64.exe [35129344 2021-08-18] (Piriform Software Ltd) [File not signed]
Task: {270D67B7-0B74-46E8-ABB9-A9148C2802CD} - System32\Tasks\Opera scheduled Autoupdate 1638731102 => C:\Users\Alonzop\AppData\Local\Programs\Opera\launcher.exe [1753808 2022-01-12] (Opera Software AS -> Opera Software)
Task: {2B65B9D6-6570-4031-B74C-01BCFCB55402} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {2E308129-9A43-4BA6-9DD4-5DF5425BE512} - System32\Tasks\SlhPzUiMmYnbEZK2 => rundll32 "C:\Program Files (x86)\ESDPZMrpU\uYSQSs.dll",#1
Task: {394DDA93-8503-4318-9F9E-EE0C10499E31} - System32\Tasks\Opera scheduled assistant Autoupdate 1638731113 => C:\Users\Alonzop\AppData\Local\Programs\Opera\launcher.exe [1753808 2022-01-12] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Alonzop\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {39FC4181-6D3E-45B8-9217-0AA7B1F28375} - System32\Tasks\spuIWhTQhwsk => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\RzGxquSs\pYFnWcC.exe fC /S (No File) <==== ATTENTION
Task: {5164A3DF-4EBE-4B73-9825-1FF6DD2E2317} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {56241524-3C3F-41EE-8352-821B5CBC03AF} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D0AE3F9-59E4-49F3-BBE5-311AEA2FFFBE} - System32\Tasks\lBYcDcXnfCvTgIFELsa2 => rundll32 "C:\Program Files (x86)\LyHbcpPejbWiC\DwumTVc.dll",#1
Task: {5F5E72DB-5C85-4A18-BC72-3DF504E89979} - System32\Tasks\YwEmbjKTGeiDrT => rundll32 "C:\Program Files (x86)\gymFwwWhwGGU2\vzbWHXDJWMxus.dll",#1
Task: {63F6F940-9F70-4310-A74B-E761EC4D7953} - System32\Tasks\spuBxqeLMByA => C:\Users\Alonzop\AppData\Local\Temp\TcATEwXmHTcjquWSF\ADSdKTuK\mXxFbIX.exe cF /S (No File) <==== ATTENTION
Task: {6892FC80-FA11-4799-A9D8-0AE91AF672A0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3622225975-1328666760-5524277-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F93812C-D4DB-4009-A6CD-50A280459BF0} - System32\Tasks\gFCQOGaZPZupENtIH2 => rundll32 "C:\Program Files (x86)\eqmbuardANwxjVSjLvR\xIcBZmY.dll",#1
Task: {87734CBB-8B0B-4C65-9DE2-607BCD2D371C} - System32\Tasks\jBzZbHsTiiIhWZlQLis2 => rundll32 "C:\Program Files (x86)\ymOrlWHWLwxcC\AkTUdKM.dll",#1
Task: {945F2D6A-C615-4E63-807D-B241D2B7E648} - System32\Tasks\krKGzwRrDlSEwS => rundll32 "C:\Program Files (x86)\LfSBRosenDpU2\NupYgSzQTSesD.dll",#1
Task: {95DC47D5-CD3F-4BB2-98C7-B9EFA8E1A1DD} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A005A4F5-43CA-4D19-9C8C-EF6059A5F305} - System32\Tasks\cIgRYTndTIsSh2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\LppCdugwJEFTFvVB\IErJvoD.wsf"
Task: {A50C05BE-6202-41C6-BA2C-47583DD94C83} - System32\Tasks\GlaryUpdate 5 => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe [43904 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
Task: {A67C7230-FEC6-45AC-8BCB-B84BEDF13E1E} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A99D438B-3967-49F1-97D9-281AE78EA2CD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [137088 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
Task: {AB9F4BC3-225F-4496-AF44-55BB78BBBF35} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {AE9B5F91-C63E-491B-8454-7344110585C5} - System32\Tasks\spuishjbDsdp => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\prBggLAu\OYXWomL.exe fC /S (No File) <==== ATTENTION
Task: {BB9F3488-FA31-4B5E-9C27-7B38B150BFB2} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [260600 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CB9F9F66-7397-4D50-B021-645223D40E71} - System32\Tasks\Skype => C:\Users\Alonzop\AppData\Local\Temp\Herjkjsbyjpg.js (No File) <==== ATTENTION
Task: {DA04CA39-D9DB-4720-9552-92E4A37B7FB3} - System32\Tasks\aiMhZFBWchsQYNe2 => rundll32 "C:\Program Files (x86)\bLNFZeFNU\zWXJMu.dll",#1
Task: {DB901A48-269A-4A6B-98F2-EE46313EDB70} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E1307DE1-8FBF-4AFB-9C43-805691F46A53} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E1E3B1C3-F293-40D5-B904-99E5337B9FFD} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E7302600-1997-49FB-B244-5C6E6EE000DA} - \spulzFtqQdbB -> No File <==== ATTENTION
Task: {EB323257-1B83-4EA6-943C-0D8B9A878C62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1B249D6-B792-43DF-A332-3E8634A18B94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5376AE7-BCEA-441D-BD01-9D709875B1FB} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{4c4aafbc-c479-40e0-a1ff-a715d865b929}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{5927f411-2001-4b6d-9d4a-3c57ea8472d7}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{67b82bdb-c6f7-4dea-84fc-cebc43f3f546}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{c8cf109d-04f4-443f-be0f-58f887b1745e}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{db9a098b-1de0-408b-874f-91fae1373310}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dfefb374-4fd3-4afa-a993-85f067786d99}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{ee5834e1-5370-45fb-adce-6880e0f5ba15}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{fa692b36-86fb-44fa-99a3-6444db432b21}: [DhcpNameServer] 192.168.42.129

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Alonzop\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-22]
Edge Notifications: Default -> hxxps://themes-for-edge.com
Edge StartupUrls: Default -> "hxxp://divokekmeny.cz/"
Edge Extension: (Microsoft Editor: kontrola pravopisu a gramatiky) - C:\Users\Alonzop\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2022-01-19]
Edge Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Alonzop\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-01-19]
Edge HKLM-x32\...\Edge\Extension: [akeopnoeaijpicdpgfflhihgkipodimn]
Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm]
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]

FireFox:
========
FF DefaultProfile: uxlgs80u.default
FF ProfilePath: C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\uxlgs80u.default [2022-01-31]
FF Homepage: Mozilla\Firefox\Profiles\uxlgs80u.default -> hxxps://newtab.club
FF ProfilePath: C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release [2022-01-31]
FF Homepage: Mozilla\Firefox\Profiles\x0lwbb1a.default-release -> hxxps://newtab.club
FF NewTab: Mozilla\Firefox\Profiles\x0lwbb1a.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=JD180501&iDate=2021-01-11 09:20:36&iid=a2d5253a-fb3c-4277-900e-a12d7ed199dc&bName=
FF Notifications: Mozilla\Firefox\Profiles\x0lwbb1a.default-release -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz; hxxps://fitgirl-repacks.site; hxxps://www.youtube.com
FF Extension: (Hoxx VPN Proxy) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\@hoxx-vpn.xpi [2022-01-15]
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\@windscribeff.xpi [2022-01-22]
FF Extension: (AdBlocker Ultimate) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-12-10]
FF Extension: (Easy Screenshot) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2022-01-15]
FF Extension: (Privacy Badger) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-11-30]
FF Extension: (Microsoft Rewards) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\MicrosoftRewards@microsoft.com.xpi [2022-01-19] [UpdateUrl:hxxps://browserdefaults.microsoft.com/FirefoxExtn/updateextension.json]
FF Extension: (uBlock Origin) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-01-13]
FF Extension: (Worldwide Radio) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\worldwide@radio.xpi [2022-01-14]
FF Extension: (Sidebery) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{3c078156-979c-498b-8990-85f7987dd929}.xpi [2022-01-15]
FF Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2021-12-10]
FF Extension: (Abyss Yellow) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{adc5e39e-0f46-4326-a1c3-32681e673e00}.xpi [2021-06-04]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-11-22]
FF Extension: (Google Slides Offline) - C:\Program Files\Mozilla Firefox\browser\features\{EF7EF554-D23D-4BD5-A178-25C4A3726B49}.xpi [2022-01-28] [not signed]

Opera:
=======
OPR Profile: C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable [2022-01-31]
OPR Notifications: Opera Stable -> hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://mail-notification.info; hxxps://mnthor.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://supertopfreegames.com; hxxps://zarabotok-online.xyz
OPR DefaultSearchURL: Opera Stable -> hxxps://newtab.club/search?q={searchTerms}
OPR DefaultSearchKeyword: Opera Stable -> newtab.club
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-29]
OPR Extension: (Adblock for Youtube™) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\ijelnahiojlfbmiihbmgkaldffppfelp [2021-12-15]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-05]
OPR Extension: (Pool Billiard Game) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldebpgljdepoakcfedmacnjmflebifej [2021-12-14]
OPR Extension: (Google Slides Offline) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\lgehfnbgenojahmpkjhhgcnnmocdgbai [2022-01-27]
OPR Extension: (Newtab.club) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\pookachmhghnpgjhebhilcidgdphdlhi [2021-12-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
S4 GUPMService; C:\Program Files (x86)\Glary Utilities 5\GUPMService.exe [65408 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
S4 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2016-03-15] (Wireless) [File not signed]
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-12-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_edd3335a4253bf6d\amdsafd.sys [109520 2021-11-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0375709.inf_amd64_b5db6b3799486cf8\B375758\amdkmdag.sys [82940976 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-06-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-06-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [53064 2020-07-11] (ESET, spol. s r.o. -> ESET)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2021-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 JSWPSLWF; C:\WINDOWS\system32\DRIVERS\jswpslwfx.sys [26624 2016-03-15] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 MpKsl01384fc6; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [130296 2021-11-10] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl0a7eea7f; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [130296 2021-11-10] (Microsoft Windows -> Microsoft Corporation)
R3 PATRIOTRGB; C:\WINDOWS\System32\drivers\PATRIOTRGB.sys [3783680 2020-10-21] (C-MEDIA ELECTRONICS INC. -> Patriot Memory LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-31 19:55 - 2022-01-31 19:56 - 000023830 _____ C:\Users\Alonzop\Desktop\FRST.txt
2022-01-31 19:55 - 2022-01-31 19:56 - 000000000 ____D C:\FRST
2022-01-31 19:53 - 2022-01-31 19:53 - 000001203 _____ C:\Users\Alonzop\Desktop\JRT.txt
2022-01-31 19:49 - 2022-01-31 19:49 - 001790024 _____ (Malwarebytes) C:\Users\Alonzop\Desktop\JRT.exe
2022-01-31 19:35 - 2022-01-31 19:35 - 002311680 _____ (Farbar) C:\Users\Alonzop\Desktop\FRST64.exe
2022-01-30 22:33 - 2022-01-30 22:33 - 000000000 ____D C:\WINDOWS\Lisence
2022-01-30 22:33 - 2022-01-30 22:33 - 000000000 ____D C:\Users\Alonzop\AppData\Local\Bakhtiyar_Javadov_LTD!
2022-01-30 22:32 - 2022-01-30 22:32 - 000003640 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-01-30 22:25 - 2022-01-30 22:25 - 000000000 ____D C:\WINDOWS\ERUNT
2022-01-27 17:38 - 2022-01-27 17:38 - 000003356 _____ C:\WINDOWS\system32\Tasks\krKGzwRrDlSEwS
2022-01-27 17:38 - 2022-01-27 17:38 - 000003044 _____ C:\WINDOWS\system32\Tasks\cIgRYTndTIsSh2
2022-01-27 17:38 - 2022-01-27 17:38 - 000003034 _____ C:\WINDOWS\system32\Tasks\gFCQOGaZPZupENtIH2
2022-01-27 17:38 - 2022-01-27 17:38 - 000003026 _____ C:\WINDOWS\system32\Tasks\jBzZbHsTiiIhWZlQLis2
2022-01-27 17:38 - 2022-01-27 17:38 - 000003008 _____ C:\WINDOWS\system32\Tasks\SlhPzUiMmYnbEZK2
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\ProgramData\LppCdugwJEFTFvVB
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\ymOrlWHWLwxcC
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\rOmbDYoeTSUn
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\LfSBRosenDpU2
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\eqmbuardANwxjVSjLvR
2022-01-27 17:34 - 2022-01-30 16:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-01-27 17:34 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\ESDPZMrpU
2022-01-27 17:34 - 2022-01-27 17:34 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-24 02:52 - 2022-01-24 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-01-24 01:27 - 2022-01-24 01:27 - 000000000 ____D C:\WINDOWS\Panther
2022-01-22 16:02 - 2022-01-22 16:02 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-22 16:01 - 2022-01-22 16:01 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-22 16:01 - 2022-01-22 16:01 - 000011905 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-22 15:38 - 2022-01-22 15:38 - 000000000 ___HD C:\$WinREAgent
2022-01-22 07:14 - 2022-01-22 07:14 - 000000000 ____D C:\Users\Alonzop\AppData\LocalLow\AMD
2022-01-21 08:52 - 2022-01-21 08:52 - 000000000 ____D C:\Users\Alonzop\AppData\Local\ElevatedDiagnostics
2022-01-20 07:48 - 2022-01-31 15:10 - 000003102 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-01-20 07:48 - 2022-01-31 15:10 - 000003082 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-01-20 07:48 - 2022-01-20 07:48 - 000003488 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2022-01-20 07:48 - 2022-01-20 07:48 - 000003080 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-01-20 07:48 - 2022-01-20 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2022-01-20 07:48 - 2022-01-20 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Link For Windows
2022-01-20 07:48 - 2022-01-20 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2022-01-20 07:47 - 2022-01-20 07:47 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-01-19 04:43 - 2022-01-18 06:54 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2022-01-19 04:43 - 2022-01-18 06:54 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2022-01-19 04:43 - 2022-01-18 05:41 - 001876568 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001876568 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001450536 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001450536 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001115400 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 001115400 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000969648 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000969648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000788512 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000665632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000549424 _____ C:\WINDOWS\system32\GameManager64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000492080 _____ C:\WINDOWS\system32\dgtrayicon.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 000483888 _____ C:\WINDOWS\system32\EEURestart.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 000410672 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000336984 _____ C:\WINDOWS\system32\clinfo.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 000185896 _____ C:\WINDOWS\system32\mantle64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000170032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000169000 _____ C:\WINDOWS\system32\mantleaxl64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000146992 _____ C:\WINDOWS\SysWOW64\mantle32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000133720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000132648 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000083544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000068184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000038440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000035368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000847920 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2022-01-19 04:43 - 2022-01-18 05:40 - 000517168 _____ C:\WINDOWS\system32\atieah64.exe
2022-01-19 04:43 - 2022-01-18 05:40 - 000386136 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2022-01-19 04:43 - 2022-01-18 05:40 - 000252464 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000212568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000158256 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000132184 _____ C:\WINDOWS\system32\atidxx64.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000106072 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2022-01-19 04:43 - 2022-01-18 05:39 - 000140216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2022-01-19 04:43 - 2022-01-18 05:39 - 000111584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2022-01-19 04:42 - 2022-01-18 06:45 - 000569200 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2022-01-19 04:42 - 2022-01-18 06:45 - 000569200 _____ C:\WINDOWS\system32\atiapfxx.blb
2022-01-19 04:42 - 2022-01-18 06:38 - 056256608 _____ C:\WINDOWS\system32\amdxc64.so
2022-01-19 04:42 - 2022-01-18 05:40 - 088752168 _____ C:\WINDOWS\system32\amd_comgr.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 073119832 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 001396824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 001396824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000461400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000194504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000157856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000142936 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000124968 _____ C:\WINDOWS\system32\amdxc64.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000123992 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000099888 _____ C:\WINDOWS\SysWOW64\amdxc32.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000063064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 069065264 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 001689392 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 001368240 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000933424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000760880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000549936 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000537096 _____ C:\WINDOWS\system32\amdmiracast.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000458288 _____ C:\WINDOWS\system32\amdlogum.exe
2022-01-19 04:42 - 2022-01-18 05:39 - 000413232 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000168184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000140224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000111584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2022-01-19 04:42 - 2022-01-18 05:38 - 000150568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2022-01-19 04:42 - 2022-01-18 05:38 - 000125592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2022-01-14 20:50 - 2022-01-11 03:48 - 000100824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2022-01-10 16:25 - 2022-01-10 16:30 - 000000000 ____D C:\ProgramData\Glarysoft
2022-01-10 16:24 - 2022-01-10 16:24 - 000003674 _____ C:\WINDOWS\system32\Tasks\GlaryUpdate 5
2022-01-10 16:18 - 2022-01-10 16:18 - 000030720 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2022-01-10 16:18 - 2022-01-10 16:18 - 000003284 _____ C:\WINDOWS\system32\Tasks\GlaryInitialize 5
2022-01-10 16:18 - 2022-01-10 16:18 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\GlarySoft
2022-01-10 16:18 - 2022-01-10 16:18 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\DiskDefrag
2022-01-10 16:18 - 2022-01-10 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2022-01-10 16:17 - 2022-01-10 16:25 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2022-01-08 14:31 - 2022-01-08 14:31 - 000000000 ____D C:\Users\Alonzop\AppData\Local\AMDIdentifyWindow
2022-01-06 12:55 - 2022-01-14 20:27 - 000000000 ____D C:\Users\Alonzop\Desktop\Nová složka

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-31 19:54 - 2020-06-05 04:51 - 000000000 ____D C:\Users\Alonzop\AppData\LocalLow\Mozilla
2022-01-31 19:49 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-31 19:36 - 2020-12-03 08:15 - 000000000 ___RD C:\Users\Alonzop\Desktop\bordel
2022-01-31 19:18 - 2020-12-03 09:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-31 16:01 - 2021-11-02 07:12 - 000000000 ____D C:\Program Files\CCleaner
2022-01-31 14:34 - 2020-12-03 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-31 14:33 - 2021-06-27 10:34 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\qBittorrent
2022-01-31 14:33 - 2020-07-29 10:12 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2022-01-31 14:33 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-31 09:30 - 2020-07-29 10:40 - 000000000 ____D C:\Users\Alonzop\AppData\Local\D3DSCache
2022-01-30 22:26 - 2020-07-20 02:45 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-30 22:26 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-30 22:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-30 21:46 - 2020-11-22 13:16 - 000000000 ____D C:\Users\Alonzop\AppData\Local\AMD_Common
2022-01-30 16:39 - 2021-06-17 19:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-30 16:39 - 2020-07-29 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-29 16:11 - 2020-08-29 05:22 - 000000000 ____D C:\Users\Alonzop\AppData\Local\CrashDumps
2022-01-28 06:21 - 2021-01-20 07:19 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c94d5ac2a452
2022-01-28 06:21 - 2020-12-03 09:25 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-27 22:58 - 2021-09-27 05:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-27 17:34 - 2021-12-13 08:21 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3622225975-1328666760-5524277-1001
2022-01-27 17:34 - 2020-12-03 09:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-25 10:41 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-25 02:25 - 2020-12-03 08:14 - 000000000 ____D C:\Users\Alonzop\Desktop\moje
2022-01-24 18:12 - 2020-12-03 09:02 - 000000000 ____D C:\Users\Alonzop
2022-01-24 16:14 - 2020-07-29 10:40 - 000000000 ____D C:\Users\Alonzop\AppData\Local\AMD
2022-01-22 17:31 - 2020-12-03 09:24 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-22 17:31 - 2019-12-07 15:43 - 000682238 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-22 17:31 - 2019-12-07 15:43 - 000137054 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-22 17:26 - 2020-12-03 09:16 - 000258096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-22 17:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-22 16:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-22 16:33 - 2020-08-01 18:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-22 16:29 - 2020-08-01 18:53 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-20 11:44 - 2020-07-29 10:12 - 000000000 ____D C:\Program Files\AMD
2022-01-19 18:10 - 2021-12-29 21:41 - 000000000 ____D C:\Users\Alonzop\Documents\DVDFab
2022-01-19 07:17 - 2021-04-15 22:21 - 000000000 ____D C:\Users\Alonzop\Desktop\Download
2022-01-19 04:43 - 2020-06-04 16:30 - 000000000 ____D C:\AMD
2022-01-18 07:07 - 2021-03-21 03:35 - 002413576 _____ (AMD Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe
2022-01-18 05:40 - 2021-11-21 13:04 - 001529432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll
2022-01-18 05:40 - 2020-11-21 05:37 - 001858600 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2022-01-18 05:39 - 2020-11-21 05:37 - 000201656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2022-01-17 14:19 - 2021-12-05 20:05 - 000004162 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1638731102
2022-01-17 14:19 - 2021-12-05 20:05 - 000001391 _____ C:\Users\Alonzop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2022-01-14 20:59 - 2021-01-25 16:08 - 000007684 __RSH C:\ProgramData\ntuser.pol
2022-01-10 23:31 - 2021-02-16 19:55 - 000000000 ____D C:\Program Files\7-Zip
2022-01-10 16:30 - 2021-07-18 19:50 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiSuite
2022-01-10 16:30 - 2021-02-06 05:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UFO - Enemy Unknown CZ
2022-01-10 16:30 - 2020-10-21 05:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III Definitive Edition
2022-01-10 16:30 - 2020-09-17 22:58 - 000000000 ____D C:\Users\Alonzop\Desktop\Games
2022-01-10 16:30 - 2020-06-07 03:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2022-01-10 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-05 09:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ========

2021-12-29 23:03 - 2021-07-03 09:34 - 000000056 _____ () C:\ProgramData\benchmark_10M.cmd
2021-12-29 23:03 - 2021-07-03 09:34 - 000000055 _____ () C:\ProgramData\benchmark_1M.cmd
2021-12-29 23:03 - 2021-07-11 17:31 - 000000102 _____ () C:\ProgramData\consol.vbs
2021-12-29 23:03 - 2021-07-03 09:34 - 000001026 _____ () C:\ProgramData\pool_mine_example.cmd
2021-12-29 23:03 - 2021-07-03 09:38 - 000000029 _____ () C:\ProgramData\sart.cmd
2010-04-29 13:46 - 2020-11-07 14:04 - 002043137 _____ () C:\Program Files (x86)\DirectX_11_Technology_Update_US.pptx
2010-07-16 14:30 - 2020-11-07 14:04 - 044951665 _____ () C:\Program Files (x86)\DirectX_11_Technology_Update_US.wma
2020-07-29 11:22 - 2020-07-29 11:28 - 000007666 _____ () C:\Users\Alonzop\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Alonzop]

Addi Log :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by Alonzop (31-01-2022 19:57:48)
Running from C:\Users\Alonzop\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1469 (X64) (2020-12-03 08:25:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3622225975-1328666760-5524277-500 - Administrator - Disabled)
Alonzop (S-1-5-21-3622225975-1328666760-5524277-1001 - Administrator - Enabled) => C:\Users\Alonzop
DefaultAccount (S-1-5-21-3622225975-1328666760-5524277-503 - Limited - Disabled)
Guest (S-1-5-21-3622225975-1328666760-5524277-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3622225975-1328666760-5524277-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.1.2 - Advanced Micro Devices, Inc.)
Baldur's Gate - Enhanced Edition (HKLM-x32\...\1207666353_is1) (Version: 2.1.0.3 - GOG.com)
Baldur's Gate - Siege of Dragonspear (HKLM-x32\...\Baldur's Gate: Siege of Dragonspear_is1) (Version: 2.1.0.3 - GOG.com)
Branding64 (HKLM\...\{15E10477-5999-498F-A988-E22FAA096B5E}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CCleaner v5.84.9126 (HKLM\...\CCleaner_is1) (Version: 5.84.9126 - Piriform Ltd. (RePack by Dodakaedr))
Discord (HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
Discord PTB (HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\DiscordPTB) (Version: 1.0.1010 - Discord Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
File Viewer Plus 3 (HKLM-x32\...\{14AA67B8-9215-4E7F-8C9C-1C3239668C7E}_is1) (Version: 3.3.0 - Sharpened Productions)
Gaming Keyboard Driver (HKLM-x32\...\{B3CDED64-7DC2-429D-A325-BBC3CF793AA6}) (Version: 1.0 - Senbiz)
Glary Utilities PRO 5.177 (HKLM-x32\...\Glary Utilities 5) (Version: 5.177.0.205 - Glarysoft Ltd)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.22 (x64) (HKLM-x32\...\{68de94b9-46ac-495e-a96b-de484c02f5b3}) (Version: 3.1.22.30721 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.22 (x86) (HKLM-x32\...\{675abf0e-683c-414e-8b1b-9cd40aeb368b}) (Version: 3.1.22.30721 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 96.0.3 (x64 cs)) (Version: 96.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
MTG Arena (HKLM\...\{66FDD77C-5A8C-4AC8-971C-98F5FD3B2901}) (Version: 0.1.3971 - Wizards of the Coast)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 82.0.4227.58 (HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Opera 82.0.4227.58) (Version: 82.0.4227.58 - Opera Software)
PATRIOT VIPER HEADSET V370 (HKLM-x32\...\{D8D9AEBE-1712-4A4A-BC70-4CD9C82D1951}) (Version: 1.00.0010 - Patriot Memory LLC)
qBittorrent 4.4.0 (HKLM-x32\...\qBittorrent) (Version: 4.4.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
X-VCD Player (HKLM-x32\...\X-VCD Player_is1) (Version: Version 2.0 - Xequte Software)
YoutubeAdBlock (HKLM-x32\...\76971AD9-375A-4B7D-84A9-324E18E7883E) (Version: 2.0.0.1667 - )

Packages:
=========
Age of Empires IV -> E:\qBittorrent\Age of Empires IV [2022-01-06] (Microsoft Studios)
All Media Player -> C:\Program Files\WindowsApps\BluskySoftwareInc.AllMediaPlayer_2.2.8.0_x86__61yk12x6sxn40 [2021-08-08] (Blusky Software Inc.)
Any DVD -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.2.6.0_x64__y5c4dfz5b21fm [2021-08-18] (Any DVD &amp; Office App)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.11.265.0_x64__rz1tebttyb220 [2021-12-14] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-29] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
DVD Player+ -> C:\Program Files\WindowsApps\61878MobilityinLifeapplic.DVDPlayer_13.1.3.0_x64__zfxkqydss3nar [2021-07-14] (Mobility in Life applications) [Startup Task]
HiSuite -> C:\Program Files\WindowsApps\6530varisteGalois.HiSuite_1.1.0.0_x86__gcbhn7m1f6q1a [2020-08-05] (Évariste Galois)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1320.12.119.0_x64__8xx8rvfyw5nnt [2021-12-15] (Facebook Inc) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12160.0_x64__8wekyb3d8bbwe [2021-12-23] (Microsoft Studios) [MS Ad]
Nero DVD Player -> C:\Program Files\WindowsApps\NeroAG.NeroDVDPlayer_1.0.29.0_x86__k5ye2zvjqqeaw [2021-12-31] (NeroAG)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-14] (Spotify AB) [Startup Task]
Video Player All Format - Full HD Video Player for VLC -> C:\Program Files\WindowsApps\9943DocumentProfessional.VideoPlayerAllFormat-Full_1.1.0.0_x64__gnk190jnb5a88 [2020-07-29] (DocumentProfessional)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-02-24] (VideoLAN)
Warm Winter Nights -> C:\Program Files\WindowsApps\Microsoft.WarmWinterNights_1.0.0.0_neutral__8wekyb3d8bbwe [2021-11-20] (Microsoft Corporation)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2147.16.0_x64__cv1g1gvanyjgm [2021-12-20] (WhatsApp Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-21 02:30 - 2021-04-21 02:30 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2022-01-18 00:45 - 2022-01-18 00:45 - 001717248 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2022-01-10 16:24 - 2021-11-24 15:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-09-04 23:15 - 2017-09-04 23:15 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\AMD\CNext\CNext\D3DCompiler_47.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
SearchScopes: HKU\S-1-5-21-3622225975-1328666760-5524277-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3622225975-1328666760-5524277-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}
BHO: YoutubeAdBlock -> {7494370B-F354-4BBD-9926-7735F6DD5770} -> C:\Program Files (x86)\dcJhRzxHJIE\tYCxBRLY.dll [2021-11-17] () [File not signed]

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-07-29 10:56 - 2021-12-30 02:12 - 000002497 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site

2020-10-08 22:39 - 2020-10-09 21:31 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3622225975-1328666760-5524277-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alonzop\Desktop\moje\PT27GcJDPMHyoHZcK5HEG6.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: JumpStart Wireless Filter Driver -> MS_NdisLwf (enabled)
Ethernet: JumpStart Wireless Filter Driver -> MS_NdisLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: GUPMService => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: sshd => 3
MSCONFIG\Services: Steam Client Service => 3
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\StartupFolder: => "Herjkjsbyjpg.js"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\StartupFolder: => "Nhxte.js"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "DLByb"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "DiscordPTB"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{001F6109-D5D3-4ADA-B60D-FCB5C233C6AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{68613A63-1C63-4373-8BC7-D7F28FED2E75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{95CF78BC-0C73-4B61-9EA6-E6093DDFA97D}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{2B3E1679-34FA-4F1E-93D5-D72CB1A91064}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{A94941A0-9D8D-46D3-AE52-EAB7520BD5D5}] => (Allow) E:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FD27C8C1-CF42-4224-845D-7C9C27DA9A41}] => (Allow) E:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{941BF95A-BE36-44DF-8572-8F7DB859B692}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{91357B5D-DD1E-442E-B85E-6841AD38974E}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{EC4F8BD2-09FC-4E43-BEE6-C3EA1538A3B4}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{77B73213-DE9C-4F1F-AD3D-758CCA183E0A}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{4C438B67-FB29-4E32-82AA-40BC2C56D934}] => (Allow) E:\steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution LTD -> OpenTTD Development Team)
FirewallRules: [{31596759-D52B-42A3-9C88-623E80B4D840}] => (Allow) E:\steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution LTD -> OpenTTD Development Team)
FirewallRules: [TCP Query User{E8C5B514-D01E-4128-A432-32371BCD2497}E:\games\sudden\sudden strike 4\suddenstrike4.exe] => (Block) E:\games\sudden\sudden strike 4\suddenstrike4.exe () [File not signed]
FirewallRules: [UDP Query User{5794558E-9B82-4DDF-B71B-EC832F538EEB}E:\games\sudden\sudden strike 4\suddenstrike4.exe] => (Block) E:\games\sudden\sudden strike 4\suddenstrike4.exe () [File not signed]
FirewallRules: [{F6DA3769-56E2-4772-8C06-B69143C032D9}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{27961C98-EF2E-4756-9D43-819171FC8231}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{22C4B9B7-C922-4997-AAA9-AE09BCF1EC04}] => (Allow) E:\steam\steamapps\common\Tribal Wars\tribalwars.exe (Jon Dawson) [File not signed]
FirewallRules: [{0B05B895-C4C7-43FC-BE21-E11DAB6DD98A}] => (Allow) E:\steam\steamapps\common\Tribal Wars\tribalwars.exe (Jon Dawson) [File not signed]
FirewallRules: [{4FE0F9F6-8164-44F1-BBA1-40834A7BD64D}] => (Allow) E:\steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{8A55B2AF-B796-40BB-9063-0D533216C2FA}] => (Allow) E:\steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [TCP Query User{88CDA622-4CED-4F99-BA81-AA1572F06403}E:\qbittorrent\age of empires iv\reliccardinal_ws.exe] => (Allow) E:\qbittorrent\age of empires iv\reliccardinal_ws.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment)
FirewallRules: [UDP Query User{C673FF31-D36C-41F4-BD3A-0B8D47EEECE2}E:\qbittorrent\age of empires iv\reliccardinal_ws.exe] => (Allow) E:\qbittorrent\age of empires iv\reliccardinal_ws.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment)
FirewallRules: [TCP Query User{09C3F801-8C8E-4AB7-B73C-A3B83A5C585B}C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe] => (Allow) C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe (BluSky) [File not signed]
FirewallRules: [UDP Query User{7F86F075-CF34-4353-99B8-52F71BB9B529}C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe] => (Allow) C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe (BluSky) [File not signed]
FirewallRules: [TCP Query User{013EA731-D03D-4CE6-9FC1-3B359BE5B167}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{94B7DED9-8F24-49B6-9C19-3BD1DA6705D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{683630CA-E4F0-43F9-8AE9-31F9BDAF5065}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D11C9C9D-FE28-43CE-94C2-3DEDC21E6C0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{14C3C801-60D2-41D1-BA1F-4EBB45A6BF22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{701CD034-EFBC-450E-B939-86087BB61AE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3596B14F-AD79-4BF1-8DBC-A65D384D86F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60CE8AB8-395F-48FF-A76B-62374CB62774}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{64749B69-BE50-4F15-B426-A3C99A727394}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{139F2309-E0B6-453C-9EC7-8653F48C986F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{746F4229-3EB7-4920-9E3F-C0E1BF0E6890}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5DF060F-A1CA-437B-ACCA-C6A4B640BFC9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7717166F-821C-4885-9551-1835A7A2C597}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7D3AF4D1-1CE6-431B-A982-BD6E86662FA8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EFB93EF3-AC62-448A-8E4C-C5814B792C13}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{356C03F5-E155-4363-B20F-0EAD7F4E6D40}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{D4F99D22-1093-4A75-BC57-8735CC8C860F}C:\users\alonzop\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\alonzop\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{7EBE9E2B-D0B1-49C5-8FA8-8268C63F240E}C:\users\alonzop\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\alonzop\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{62B27E2A-9CDA-4A1D-9AE5-F642EFCA6CE0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:110.83 GB) (Free:30.55 GB) (28%)

==================== Faulty Device Manager Devices ============

Name: Časovač událostí s vysokou přesností
Description: Časovač událostí s vysokou přesností
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní systémová zařízení)
Service:
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/30/2022 04:39:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/30/2022 04:39:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/30/2022 04:39:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/30/2022 04:39:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/29/2022 04:11:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RelicCardinal_ws.exe, verze: 5.0.7274.0, časové razítko: 0x616a29bc
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x1598
Čas spuštění chybující aplikace: 0x01d8151d94cae423
Cesta k chybující aplikaci: E:\qBittorrent\Age of Empires IV\RelicCardinal_ws.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: cee95ce5-e42c-4736-9393-456a5ff68f2d
Úplný název chybujícího balíčku: Microsoft.Cardinal_5.0.7274.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: Game

Error: (01/28/2022 09:55:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/28/2022 09:55:31 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (H:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/28/2022 09:54:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (01/31/2022 07:52:51 PM) (Source: DCOM) (EventID: 10010) (User: X-COM)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/31/2022 06:03:48 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/31/2022 05:06:53 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/31/2022 02:34:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HuaweiHiSuiteService64.exe neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/31/2022 02:34:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MBAMChameleon neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/31/2022 12:07:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HuaweiHiSuiteService64.exe neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/31/2022 12:07:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MBAMChameleon neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/30/2022 09:42:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2022-01-31 19:23:20
Description:
Řízený přístup ke složkám zablokoval pro C:\Users\Alonzop\AppData\Local\Temp\_iu14D2N.tmp možnost upravit %userprofile%\Documents\Steam\CODEX\1016800.
Čas detekce: 2022-01-31T18:23:20.102Z
Uživatel: X-COM\Alonzop
Cesta: %userprofile%\Documents\Steam\CODEX\1016800
Název procesu: C:\Users\Alonzop\AppData\Local\Temp\_iu14D2N.tmp
Verze bezpečnostních informací: 1.355.2795.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

Date: 2022-01-31 15:34:32
Description:
Řízený přístup ke složkám zablokoval pro E:\qBittorrent\Age of Empires IV\RelicCardinal_ws.exe možnost upravit %userprofile%\Documents.
Čas detekce: 2022-01-31T14:34:32.062Z
Uživatel: X-COM\Alonzop
Cesta: %userprofile%\Documents
Název procesu: E:\qBittorrent\Age of Empires IV\RelicCardinal_ws.exe
Verze bezpečnostních informací: 1.355.2795.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

Date: 2022-01-30 18:14:34
Description:
Řízený přístup ke složkám zablokoval pro E:\qBittorrent\Age of Empires IV\RelicCardinal_ws.exe možnost upravit %userprofile%\Documents.
Čas detekce: 2022-01-30T17:14:34.046Z
Uživatel: X-COM\Alonzop
Cesta: %userprofile%\Documents
Název procesu: E:\qBittorrent\Age of Empires IV\RelicCardinal_ws.exe
Verze bezpečnostních informací: 1.355.2781.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

Date: 2022-01-30 08:54:43
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {33F09883-3A0F-42A5-B832-82EBDAE357B1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-01-29 04:19:01
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {04993EA7-2521-40BA-9B3A-25348239FF96}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-02-04 23:58:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V11.1 05/02/2013
Motherboard: MSI FM2-A55M-P33 (MS-7721)
Processor: AMD Athlon(tm) X4 740 Quad Core Processor
Percentage of memory in use: 37%
Total physical RAM: 8145.84 MB
Available physical RAM: 5085.27 MB
Total Virtual: 20433.84 MB
Available Virtual: 14807.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.83 GB) (Free:30.55 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Fixed) (Total:488.59 GB) (Free:240.22 GB) NTFS
Drive f: (FULLFILED_SEXUAL_FANTASIES) (CDROM) (Total:3.99 GB) (Free:0 GB) UDF
Drive h: (Nový svazek) (Fixed) (Total:442.38 GB) (Free:130.35 GB) NTFS

\\?\Volume{db5a8614-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{350f029c-0000-0000-0000-102c7a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{db5a8614-0000-0000-0000-c0d41b000000}\ () (Fixed) (Total:0.47 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 350F029C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=442.4 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: DB5A8614)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=482 MB) - (Type=27)

==================== End of Addition.txt =======================

[JaRon]

Ahoj,
dokonale zavirene
Stiahni Avptool KVRT
a vycisti nim PC

[Alonzop]

No panečku tak 14 objektu z toho pár trojanu , downloaderu q bůhví čeho . Jeden trojan z driveru šel až na druhým scanu .

Zde log po rebotu casper.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2022
Ran by Alonzop (administrator) on X-COM (MSI MS-7721) (31-01-2022 22:34:07)
Running from C:\Users\Alonzop\Desktop
Loaded Profiles: Alonzop
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1469 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
() [File not signed] C:\Program Files (x86)\Gaming Keyboard\OSD.exe
() [File not signed] C:\Program Files\PATRIOT VIPER HEADSET V370\CPL\PATRIOT_MEMORY_x64.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Piriform Software Ltd) [File not signed] C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Sog951x1Sound] => C:\Program Files\PATRIOT VIPER HEADSET V370\CPL\PATRIOT_MEMORY_x64.exe [2418176 2020-10-21] () [File not signed]
HKLM-x32\...\Run: [VICTORY Gaming Keyboard] => C:\Program Files (x86)\Gaming Keyboard\Monitor.exe [270336 2013-03-30] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Run: [Glary Memory Optimizer] => C:\Program Files (x86)\Glary Utilities 5\memdefrag.exe [129920 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35129344 2021-08-18] (Piriform Software Ltd) [File not signed]
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {2110b0f5-66dc-11ec-936b-d43d7e9f40c1} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350a3-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350b2-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {65ae4bed-75ba-11eb-92dd-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {6c5ce6c0-7394-11eb-92db-98ded01fd416} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {eac6ed1e-e491-11eb-9315-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2020-07-30]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03BA5A1D-0F9F-4108-B305-E3584E8FE166} - System32\Tasks\ZdRZnrjKyQsBNVCvy2 => rundll32 "C:\Program Files (x86)\PUTBNyYtQYqvGavJmbR\QEGLZQZ.dll",#1
Task: {23C0F7BA-133D-48B9-83D6-7B9B0EAEB4EF} - System32\Tasks\CCleanerSkipUAC - Alonzop => C:\Program Files\CCleaner\CCleaner64.exe [35129344 2021-08-18] (Piriform Software Ltd) [File not signed]
Task: {270D67B7-0B74-46E8-ABB9-A9148C2802CD} - System32\Tasks\Opera scheduled Autoupdate 1638731102 => C:\Users\Alonzop\AppData\Local\Programs\Opera\launcher.exe [1753808 2022-01-12] (Opera Software AS -> Opera Software)
Task: {2B65B9D6-6570-4031-B74C-01BCFCB55402} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {394DDA93-8503-4318-9F9E-EE0C10499E31} - System32\Tasks\Opera scheduled assistant Autoupdate 1638731113 => C:\Users\Alonzop\AppData\Local\Programs\Opera\launcher.exe [1753808 2022-01-12] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Alonzop\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {39FC4181-6D3E-45B8-9217-0AA7B1F28375} - System32\Tasks\spuIWhTQhwsk => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\RzGxquSs\pYFnWcC.exe fC /S (No File) <==== ATTENTION
Task: {5164A3DF-4EBE-4B73-9825-1FF6DD2E2317} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {56241524-3C3F-41EE-8352-821B5CBC03AF} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D0AE3F9-59E4-49F3-BBE5-311AEA2FFFBE} - System32\Tasks\lBYcDcXnfCvTgIFELsa2 => rundll32 "C:\Program Files (x86)\LyHbcpPejbWiC\DwumTVc.dll",#1
Task: {5F5E72DB-5C85-4A18-BC72-3DF504E89979} - System32\Tasks\YwEmbjKTGeiDrT => rundll32 "C:\Program Files (x86)\gymFwwWhwGGU2\vzbWHXDJWMxus.dll",#1
Task: {62D2A0F5-578A-480A-92C8-644DC1B7F40C} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {63F6F940-9F70-4310-A74B-E761EC4D7953} - System32\Tasks\spuBxqeLMByA => C:\Users\Alonzop\AppData\Local\Temp\TcATEwXmHTcjquWSF\ADSdKTuK\mXxFbIX.exe cF /S (No File) <==== ATTENTION
Task: {6892FC80-FA11-4799-A9D8-0AE91AF672A0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3622225975-1328666760-5524277-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A50C05BE-6202-41C6-BA2C-47583DD94C83} - System32\Tasks\GlaryUpdate 5 => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe [43904 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
Task: {A67C7230-FEC6-45AC-8BCB-B84BEDF13E1E} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A99D438B-3967-49F1-97D9-281AE78EA2CD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [137088 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
Task: {AB9F4BC3-225F-4496-AF44-55BB78BBBF35} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {AE9B5F91-C63E-491B-8454-7344110585C5} - System32\Tasks\spuishjbDsdp => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\prBggLAu\OYXWomL.exe fC /S (No File) <==== ATTENTION
Task: {BB9F3488-FA31-4B5E-9C27-7B38B150BFB2} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [260600 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CB9F9F66-7397-4D50-B021-645223D40E71} - System32\Tasks\Skype => C:\Users\Alonzop\AppData\Local\Temp\Herjkjsbyjpg.js (No File) <==== ATTENTION
Task: {DA04CA39-D9DB-4720-9552-92E4A37B7FB3} - System32\Tasks\aiMhZFBWchsQYNe2 => rundll32 "C:\Program Files (x86)\bLNFZeFNU\zWXJMu.dll",#1
Task: {DB901A48-269A-4A6B-98F2-EE46313EDB70} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E1307DE1-8FBF-4AFB-9C43-805691F46A53} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7302600-1997-49FB-B244-5C6E6EE000DA} - \spulzFtqQdbB -> No File <==== ATTENTION
Task: {EB323257-1B83-4EA6-943C-0D8B9A878C62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1B249D6-B792-43DF-A332-3E8634A18B94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5376AE7-BCEA-441D-BD01-9D709875B1FB} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FC2DB2F9-C70F-4FAA-82B8-4EB2ACD5C737} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{4c4aafbc-c479-40e0-a1ff-a715d865b929}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{5927f411-2001-4b6d-9d4a-3c57ea8472d7}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{67b82bdb-c6f7-4dea-84fc-cebc43f3f546}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{c8cf109d-04f4-443f-be0f-58f887b1745e}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{db9a098b-1de0-408b-874f-91fae1373310}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dfefb374-4fd3-4afa-a993-85f067786d99}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{ee5834e1-5370-45fb-adce-6880e0f5ba15}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{fa692b36-86fb-44fa-99a3-6444db432b21}: [DhcpNameServer] 192.168.42.129

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Alonzop\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-22]
Edge Notifications: Default -> hxxps://themes-for-edge.com
Edge StartupUrls: Default -> "hxxp://divokekmeny.cz/"
Edge Extension: (Microsoft Editor: kontrola pravopisu a gramatiky) - C:\Users\Alonzop\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2022-01-19]
Edge Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Alonzop\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-01-19]
Edge HKLM-x32\...\Edge\Extension: [akeopnoeaijpicdpgfflhihgkipodimn]
Edge HKLM-x32\...\Edge\Extension: [eofogjfkadmolbbmnlbohhbkhbodcjjm]
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]

FireFox:
========
FF DefaultProfile: uxlgs80u.default
FF ProfilePath: C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\uxlgs80u.default [2022-01-31]
FF Homepage: Mozilla\Firefox\Profiles\uxlgs80u.default -> hxxps://newtab.club
FF ProfilePath: C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release [2022-01-31]
FF Homepage: Mozilla\Firefox\Profiles\x0lwbb1a.default-release -> hxxps://newtab.club
FF NewTab: Mozilla\Firefox\Profiles\x0lwbb1a.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=JD180501&iDate=2021-01-11 09:20:36&iid=a2d5253a-fb3c-4277-900e-a12d7ed199dc&bName=
FF Notifications: Mozilla\Firefox\Profiles\x0lwbb1a.default-release -> hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz; hxxps://fitgirl-repacks.site; hxxps://www.youtube.com
FF Extension: (Hoxx VPN Proxy) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\@hoxx-vpn.xpi [2022-01-15]
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\@windscribeff.xpi [2022-01-22]
FF Extension: (AdBlocker Ultimate) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-12-10]
FF Extension: (Easy Screenshot) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2022-01-15]
FF Extension: (Privacy Badger) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-11-30]
FF Extension: (Microsoft Rewards) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\MicrosoftRewards@microsoft.com.xpi [2022-01-19] [UpdateUrl:hxxps://browserdefaults.microsoft.com/FirefoxExtn/updateextension.json]
FF Extension: (uBlock Origin) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-01-13]
FF Extension: (Worldwide Radio) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\worldwide@radio.xpi [2022-01-14]
FF Extension: (Sidebery) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{3c078156-979c-498b-8990-85f7987dd929}.xpi [2022-01-15]
FF Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2021-12-10]
FF Extension: (Abyss Yellow) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{adc5e39e-0f46-4326-a1c3-32681e673e00}.xpi [2021-06-04]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Alonzop\AppData\Roaming\Mozilla\Firefox\Profiles\x0lwbb1a.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-11-22]
FF Extension: (Google Slides Offline) - C:\Program Files\Mozilla Firefox\browser\features\{EF7EF554-D23D-4BD5-A178-25C4A3726B49}.xpi [2022-01-28] [not signed]

Opera:
=======
OPR Profile: C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable [2022-01-31]
OPR Notifications: Opera Stable -> hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://mail-notification.info; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://supertopfreegames.com; hxxps://zarabotok-online.xyz
OPR DefaultSearchURL: Opera Stable -> hxxps://newtab.club/search?q={searchTerms}
OPR DefaultSearchKeyword: Opera Stable -> newtab.club
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-29]
OPR Extension: (Adblock for Youtube™) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\ijelnahiojlfbmiihbmgkaldffppfelp [2021-12-15]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-05]
OPR Extension: (Pool Billiard Game) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldebpgljdepoakcfedmacnjmflebifej [2021-12-14]
OPR Extension: (Google Slides Offline) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\lgehfnbgenojahmpkjhhgcnnmocdgbai [2022-01-27]
OPR Extension: (Newtab.club) - C:\Users\Alonzop\AppData\Roaming\Opera Software\Opera Stable\Extensions\pookachmhghnpgjhebhilcidgdphdlhi [2021-12-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
S4 GUPMService; C:\Program Files (x86)\Glary Utilities 5\GUPMService.exe [65408 2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
S4 jswpsapi; C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2016-03-15] (Wireless) [File not signed]
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-12-02] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_edd3335a4253bf6d\amdsafd.sys [109520 2021-11-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0375709.inf_amd64_b5db6b3799486cf8\B375758\amdkmdag.sys [82940976 2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-06-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-06-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [53064 2020-07-11] (ESET, spol. s r.o. -> ESET)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2021-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 JSWPSLWF; C:\WINDOWS\system32\DRIVERS\jswpslwfx.sys [26624 2016-03-15] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 MpKsl01384fc6; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [130296 2021-11-10] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl0a7eea7f; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [130296 2021-11-10] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsleb983035; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9121D009-FE68-46B9-8734-81A5F6B3B8FB}\MpKslDrv.sys [134376 2022-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 PATRIOTRGB; C:\WINDOWS\System32\drivers\PATRIOTRGB.sys [3783680 2020-10-21] (C-MEDIA ELECTRONICS INC. -> Patriot Memory LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-31 22:18 - 2022-01-31 22:18 - 000319720 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_5545bda9a_klark.sys
2022-01-31 22:18 - 2022-01-31 22:18 - 000229248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_5545bda9a_mark.sys
2022-01-31 21:42 - 2022-01-31 22:33 - 000000000 ____D C:\KVRT2020_Data
2022-01-31 21:40 - 2022-01-31 21:42 - 113325560 _____ (AO Kaspersky Lab) C:\Users\Alonzop\Downloads\KVRT.exe
2022-01-31 19:57 - 2022-01-31 19:59 - 000046108 _____ C:\Users\Alonzop\Desktop\Addition.txt
2022-01-31 19:55 - 2022-01-31 22:34 - 000023304 _____ C:\Users\Alonzop\Desktop\FRST.txt
2022-01-31 19:55 - 2022-01-31 22:34 - 000000000 ____D C:\FRST
2022-01-31 19:53 - 2022-01-31 19:53 - 000001203 _____ C:\Users\Alonzop\Desktop\JRT.txt
2022-01-31 19:49 - 2022-01-31 19:49 - 001790024 _____ (Malwarebytes) C:\Users\Alonzop\Desktop\JRT.exe
2022-01-31 19:35 - 2022-01-31 19:35 - 002311680 _____ (Farbar) C:\Users\Alonzop\Desktop\FRST64.exe
2022-01-30 22:33 - 2022-01-30 22:33 - 000000000 ____D C:\WINDOWS\Lisence
2022-01-30 22:33 - 2022-01-30 22:33 - 000000000 ____D C:\Users\Alonzop\AppData\Local\Bakhtiyar_Javadov_LTD!
2022-01-30 22:32 - 2022-01-30 22:32 - 000003640 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-01-30 22:25 - 2022-01-30 22:25 - 000000000 ____D C:\WINDOWS\ERUNT
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\ProgramData\LppCdugwJEFTFvVB
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\ymOrlWHWLwxcC
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\LfSBRosenDpU2
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\eqmbuardANwxjVSjLvR
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\rOmbDYoeTSUn
2022-01-27 17:34 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\ESDPZMrpU
2022-01-27 17:34 - 2022-01-30 16:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-01-27 17:34 - 2022-01-27 17:34 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-24 02:52 - 2022-01-24 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-01-24 01:27 - 2022-01-24 01:27 - 000000000 ____D C:\WINDOWS\Panther
2022-01-22 16:02 - 2022-01-22 16:02 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-22 16:01 - 2022-01-22 16:01 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-22 16:01 - 2022-01-22 16:01 - 000011905 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-22 15:38 - 2022-01-22 15:38 - 000000000 ___HD C:\$WinREAgent
2022-01-22 07:14 - 2022-01-22 07:14 - 000000000 ____D C:\Users\Alonzop\AppData\LocalLow\AMD
2022-01-21 08:52 - 2022-01-21 08:52 - 000000000 ____D C:\Users\Alonzop\AppData\Local\ElevatedDiagnostics
2022-01-20 07:48 - 2022-01-31 22:17 - 000003102 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-01-20 07:48 - 2022-01-31 22:17 - 000003082 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-01-20 07:48 - 2022-01-20 07:48 - 000003488 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2022-01-20 07:48 - 2022-01-20 07:48 - 000003080 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-01-20 07:48 - 2022-01-20 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2022-01-20 07:48 - 2022-01-20 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Link For Windows
2022-01-20 07:48 - 2022-01-20 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2022-01-20 07:47 - 2022-01-20 07:47 - 000003160 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-01-19 04:43 - 2022-01-18 06:54 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2022-01-19 04:43 - 2022-01-18 06:54 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2022-01-19 04:43 - 2022-01-18 05:41 - 001876568 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001876568 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001450536 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001450536 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 001115400 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 001115400 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000969648 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000969648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000788512 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000665632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000549424 _____ C:\WINDOWS\system32\GameManager64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000492080 _____ C:\WINDOWS\system32\dgtrayicon.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 000483888 _____ C:\WINDOWS\system32\EEURestart.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 000410672 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000336984 _____ C:\WINDOWS\system32\clinfo.exe
2022-01-19 04:43 - 2022-01-18 05:41 - 000185896 _____ C:\WINDOWS\system32\mantle64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000170032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000169000 _____ C:\WINDOWS\system32\mantleaxl64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000146992 _____ C:\WINDOWS\SysWOW64\mantle32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000133720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000132648 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000083544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mcl64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000068184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000038440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000035368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2022-01-19 04:43 - 2022-01-18 05:41 - 000019928 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000847920 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2022-01-19 04:43 - 2022-01-18 05:40 - 000517168 _____ C:\WINDOWS\system32\atieah64.exe
2022-01-19 04:43 - 2022-01-18 05:40 - 000386136 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2022-01-19 04:43 - 2022-01-18 05:40 - 000252464 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000212568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000158256 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000132184 _____ C:\WINDOWS\system32\atidxx64.dll
2022-01-19 04:43 - 2022-01-18 05:40 - 000106072 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2022-01-19 04:43 - 2022-01-18 05:39 - 000140216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2022-01-19 04:43 - 2022-01-18 05:39 - 000111584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2022-01-19 04:42 - 2022-01-18 06:45 - 000569200 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2022-01-19 04:42 - 2022-01-18 06:45 - 000569200 _____ C:\WINDOWS\system32\atiapfxx.blb
2022-01-19 04:42 - 2022-01-18 06:38 - 056256608 _____ C:\WINDOWS\system32\amdxc64.so
2022-01-19 04:42 - 2022-01-18 05:40 - 088752168 _____ C:\WINDOWS\system32\amd_comgr.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 073119832 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 001396824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 001396824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000461400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000194504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000157856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000142936 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000124968 _____ C:\WINDOWS\system32\amdxc64.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000123992 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000099888 _____ C:\WINDOWS\SysWOW64\amdxc32.dll
2022-01-19 04:42 - 2022-01-18 05:40 - 000063064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 069065264 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 001689392 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 001368240 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000933424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000760880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000549936 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000537096 _____ C:\WINDOWS\system32\amdmiracast.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000458288 _____ C:\WINDOWS\system32\amdlogum.exe
2022-01-19 04:42 - 2022-01-18 05:39 - 000413232 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000168184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000140224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2022-01-19 04:42 - 2022-01-18 05:39 - 000111584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2022-01-19 04:42 - 2022-01-18 05:38 - 000150568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2022-01-19 04:42 - 2022-01-18 05:38 - 000125592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2022-01-14 20:50 - 2022-01-11 03:48 - 000100824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2022-01-10 16:25 - 2022-01-10 16:30 - 000000000 ____D C:\ProgramData\Glarysoft
2022-01-10 16:24 - 2022-01-10 16:24 - 000003674 _____ C:\WINDOWS\system32\Tasks\GlaryUpdate 5
2022-01-10 16:18 - 2022-01-10 16:18 - 000030720 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2022-01-10 16:18 - 2022-01-10 16:18 - 000003284 _____ C:\WINDOWS\system32\Tasks\GlaryInitialize 5
2022-01-10 16:18 - 2022-01-10 16:18 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\GlarySoft
2022-01-10 16:18 - 2022-01-10 16:18 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\DiskDefrag
2022-01-10 16:18 - 2022-01-10 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2022-01-10 16:17 - 2022-01-10 16:25 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2022-01-08 14:31 - 2022-01-08 14:31 - 000000000 ____D C:\Users\Alonzop\AppData\Local\AMDIdentifyWindow
2022-01-06 12:55 - 2022-01-14 20:27 - 000000000 ____D C:\Users\Alonzop\Desktop\Nová složka

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-31 22:33 - 2020-06-05 04:51 - 000000000 ____D C:\Users\Alonzop\AppData\LocalLow\Mozilla
2022-01-31 22:18 - 2021-11-02 07:12 - 000000000 ____D C:\Program Files\CCleaner
2022-01-31 22:17 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-31 22:16 - 2020-12-03 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-31 22:16 - 2020-07-29 10:12 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2022-01-31 22:16 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-31 22:16 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-01-31 22:09 - 2021-11-17 12:22 - 000000000 ____D C:\Program Files (x86)\dcJhRzxHJIE
2022-01-31 22:09 - 2021-05-05 21:47 - 000000000 ____D C:\ProgramData\tflkRUqcfCpHkqVB
2022-01-31 22:09 - 2021-02-05 21:02 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\DLByb
2022-01-31 21:29 - 2020-12-03 09:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-31 19:59 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-31 19:36 - 2020-12-03 08:15 - 000000000 ___RD C:\Users\Alonzop\Desktop\bordel
2022-01-31 14:33 - 2021-06-27 10:34 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\qBittorrent
2022-01-31 09:30 - 2020-07-29 10:40 - 000000000 ____D C:\Users\Alonzop\AppData\Local\D3DSCache
2022-01-30 22:26 - 2020-07-20 02:45 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-30 22:26 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-30 22:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-30 21:46 - 2020-11-22 13:16 - 000000000 ____D C:\Users\Alonzop\AppData\Local\AMD_Common
2022-01-30 16:39 - 2021-06-17 19:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-30 16:39 - 2020-07-29 12:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-29 16:11 - 2020-08-29 05:22 - 000000000 ____D C:\Users\Alonzop\AppData\Local\CrashDumps
2022-01-28 06:21 - 2021-01-20 07:19 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c94d5ac2a452
2022-01-28 06:21 - 2020-12-03 09:25 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-27 22:58 - 2021-09-27 05:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-27 17:34 - 2021-12-13 08:21 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3622225975-1328666760-5524277-1001
2022-01-27 17:34 - 2020-12-03 09:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-25 02:25 - 2020-12-03 08:14 - 000000000 ____D C:\Users\Alonzop\Desktop\moje
2022-01-24 18:12 - 2020-12-03 09:02 - 000000000 ____D C:\Users\Alonzop
2022-01-24 16:14 - 2020-07-29 10:40 - 000000000 ____D C:\Users\Alonzop\AppData\Local\AMD
2022-01-22 17:31 - 2020-12-03 09:24 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-22 17:31 - 2019-12-07 15:43 - 000682238 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-22 17:31 - 2019-12-07 15:43 - 000137054 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-22 17:26 - 2020-12-03 09:16 - 000258096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-22 17:24 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-22 17:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-22 16:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-22 16:33 - 2020-08-01 18:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-22 16:29 - 2020-08-01 18:53 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-20 11:44 - 2020-07-29 10:12 - 000000000 ____D C:\Program Files\AMD
2022-01-19 18:10 - 2021-12-29 21:41 - 000000000 ____D C:\Users\Alonzop\Documents\DVDFab
2022-01-19 07:17 - 2021-04-15 22:21 - 000000000 ____D C:\Users\Alonzop\Desktop\Download
2022-01-19 04:43 - 2020-06-04 16:30 - 000000000 ____D C:\AMD
2022-01-18 07:07 - 2021-03-21 03:35 - 002413576 _____ (AMD Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe
2022-01-18 05:40 - 2021-11-21 13:04 - 001529432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiacm64.dll
2022-01-18 05:40 - 2020-11-21 05:37 - 001858600 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2022-01-18 05:39 - 2020-11-21 05:37 - 000201656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2022-01-17 14:19 - 2021-12-05 20:05 - 000004162 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1638731102
2022-01-17 14:19 - 2021-12-05 20:05 - 000001391 _____ C:\Users\Alonzop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2022-01-14 20:59 - 2021-01-25 16:08 - 000007684 __RSH C:\ProgramData\ntuser.pol
2022-01-10 23:31 - 2021-02-16 19:55 - 000000000 ____D C:\Program Files\7-Zip
2022-01-10 16:30 - 2021-07-18 19:50 - 000000000 ____D C:\Users\Alonzop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiSuite
2022-01-10 16:30 - 2021-02-06 05:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UFO - Enemy Unknown CZ
2022-01-10 16:30 - 2020-10-21 05:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III Definitive Edition
2022-01-10 16:30 - 2020-09-17 22:58 - 000000000 ____D C:\Users\Alonzop\Desktop\Games
2022-01-10 16:30 - 2020-06-07 03:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2022-01-10 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-05 09:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ========

2021-12-29 23:03 - 2021-07-03 09:34 - 000000056 _____ () C:\ProgramData\benchmark_10M.cmd
2021-12-29 23:03 - 2021-07-03 09:34 - 000000055 _____ () C:\ProgramData\benchmark_1M.cmd
2021-12-29 23:03 - 2021-07-03 09:34 - 000001026 _____ () C:\ProgramData\pool_mine_example.cmd
2010-04-29 13:46 - 2020-11-07 14:04 - 002043137 _____ () C:\Program Files (x86)\DirectX_11_Technology_Update_US.pptx
2010-07-16 14:30 - 2020-11-07 14:04 - 044951665 _____ () C:\Program Files (x86)\DirectX_11_Technology_Update_US.wma
2020-07-29 11:22 - 2020-07-29 11:28 - 000007666 _____ () C:\Users\Alonzop\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addi log :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by Alonzop (31-01-2022 22:36:06)
Running from C:\Users\Alonzop\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1469 (X64) (2020-12-03 08:25:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3622225975-1328666760-5524277-500 - Administrator - Disabled)
Alonzop (S-1-5-21-3622225975-1328666760-5524277-1001 - Administrator - Enabled) => C:\Users\Alonzop
DefaultAccount (S-1-5-21-3622225975-1328666760-5524277-503 - Limited - Disabled)
Guest (S-1-5-21-3622225975-1328666760-5524277-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3622225975-1328666760-5524277-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.1.2 - Advanced Micro Devices, Inc.)
Baldur's Gate - Enhanced Edition (HKLM-x32\...\1207666353_is1) (Version: 2.1.0.3 - GOG.com)
Baldur's Gate - Siege of Dragonspear (HKLM-x32\...\Baldur's Gate: Siege of Dragonspear_is1) (Version: 2.1.0.3 - GOG.com)
Branding64 (HKLM\...\{15E10477-5999-498F-A988-E22FAA096B5E}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CCleaner v5.84.9126 (HKLM\...\CCleaner_is1) (Version: 5.84.9126 - Piriform Ltd. (RePack by Dodakaedr))
Discord (HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
Discord PTB (HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\DiscordPTB) (Version: 1.0.1010 - Discord Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
File Viewer Plus 3 (HKLM-x32\...\{14AA67B8-9215-4E7F-8C9C-1C3239668C7E}_is1) (Version: 3.3.0 - Sharpened Productions)
Gaming Keyboard Driver (HKLM-x32\...\{B3CDED64-7DC2-429D-A325-BBC3CF793AA6}) (Version: 1.0 - Senbiz)
Glary Utilities PRO 5.177 (HKLM-x32\...\Glary Utilities 5) (Version: 5.177.0.205 - Glarysoft Ltd)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.22 (x64) (HKLM-x32\...\{68de94b9-46ac-495e-a96b-de484c02f5b3}) (Version: 3.1.22.30721 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.22 (x86) (HKLM-x32\...\{675abf0e-683c-414e-8b1b-9cd40aeb368b}) (Version: 3.1.22.30721 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 96.0.3 (x64 cs)) (Version: 96.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
MTG Arena (HKLM\...\{66FDD77C-5A8C-4AC8-971C-98F5FD3B2901}) (Version: 0.1.3971 - Wizards of the Coast)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 82.0.4227.58 (HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\Opera 82.0.4227.58) (Version: 82.0.4227.58 - Opera Software)
PATRIOT VIPER HEADSET V370 (HKLM-x32\...\{D8D9AEBE-1712-4A4A-BC70-4CD9C82D1951}) (Version: 1.00.0010 - Patriot Memory LLC)
qBittorrent 4.4.0 (HKLM-x32\...\qBittorrent) (Version: 4.4.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
X-VCD Player (HKLM-x32\...\X-VCD Player_is1) (Version: Version 2.0 - Xequte Software)
YoutubeAdBlock (HKLM-x32\...\76971AD9-375A-4B7D-84A9-324E18E7883E) (Version: 2.0.0.1667 - )

Packages:
=========
Age of Empires IV -> E:\qBittorrent\Age of Empires IV [2022-01-06] (Microsoft Studios)
All Media Player -> C:\Program Files\WindowsApps\BluskySoftwareInc.AllMediaPlayer_2.2.8.0_x86__61yk12x6sxn40 [2021-08-08] (Blusky Software Inc.)
Any DVD -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.2.6.0_x64__y5c4dfz5b21fm [2021-08-18] (Any DVD &amp; Office App)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.11.265.0_x64__rz1tebttyb220 [2021-12-14] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-29] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
DVD Player+ -> C:\Program Files\WindowsApps\61878MobilityinLifeapplic.DVDPlayer_13.1.3.0_x64__zfxkqydss3nar [2021-07-14] (Mobility in Life applications) [Startup Task]
HiSuite -> C:\Program Files\WindowsApps\6530varisteGalois.HiSuite_1.1.0.0_x86__gcbhn7m1f6q1a [2020-08-05] (Évariste Galois)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1320.12.119.0_x64__8xx8rvfyw5nnt [2021-12-15] (Facebook Inc) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12160.0_x64__8wekyb3d8bbwe [2021-12-23] (Microsoft Studios) [MS Ad]
Nero DVD Player -> C:\Program Files\WindowsApps\NeroAG.NeroDVDPlayer_1.0.29.0_x86__k5ye2zvjqqeaw [2021-12-31] (NeroAG)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-14] (Spotify AB) [Startup Task]
Video Player All Format - Full HD Video Player for VLC -> C:\Program Files\WindowsApps\9943DocumentProfessional.VideoPlayerAllFormat-Full_1.1.0.0_x64__gnk190jnb5a88 [2020-07-29] (DocumentProfessional)
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-02-24] (VideoLAN)
Warm Winter Nights -> C:\Program Files\WindowsApps\Microsoft.WarmWinterNights_1.0.0.0_neutral__8wekyb3d8bbwe [2021-11-20] (Microsoft Corporation)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2147.16.0_x64__cv1g1gvanyjgm [2021-12-20] (WhatsApp Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-01-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2021-11-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-08-09 20:36 - 2012-11-05 07:37 - 000061440 _____ () [File not signed] C:\Program Files (x86)\Gaming Keyboard\hiddriver.dll
2020-08-09 20:36 - 2012-11-05 07:09 - 000057344 _____ () [File not signed] C:\Program Files (x86)\Gaming Keyboard\lan.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2022-01-18 00:45 - 2022-01-18 00:45 - 001717248 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-10-21 05:29 - 2020-10-21 05:02 - 000254464 ____N (C-MEDIA Electronics INC.) [File not signed] C:\Program Files\PATRIOT VIPER HEADSET V370\CPL\Driver\x64\vista\osConfLib.dll
2020-10-21 05:29 - 2020-10-21 05:02 - 000053760 ____N (Cmedia) [File not signed] C:\Program Files\PATRIOT VIPER HEADSET V370\CPL\Driver\CMHID\CMHID_X64.dll
2017-09-04 23:15 - 2017-09-04 23:15 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\AMD\CNext\CNext\D3DCompiler_47.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000057856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\audio\qtaudio_windows.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-04-21 02:30 - 2021-04-21 02:30 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
SearchScopes: HKU\S-1-5-21-3622225975-1328666760-5524277-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3622225975-1328666760-5524277-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\localhost -> localhost

2020-10-08 22:39 - 2020-10-09 21:31 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3622225975-1328666760-5524277-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alonzop\Desktop\moje\PT27GcJDPMHyoHZcK5HEG6.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: JumpStart Wireless Filter Driver -> MS_NdisLwf (enabled)
Ethernet: JumpStart Wireless Filter Driver -> MS_NdisLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: GUPMService => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: sshd => 3
MSCONFIG\Services: Steam Client Service => 3
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\StartupFolder: => "Herjkjsbyjpg.js"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\StartupFolder: => "Nhxte.js"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "DLByb"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\StartupApproved\Run: => "DiscordPTB"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{001F6109-D5D3-4ADA-B60D-FCB5C233C6AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{68613A63-1C63-4373-8BC7-D7F28FED2E75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{95CF78BC-0C73-4B61-9EA6-E6093DDFA97D}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{2B3E1679-34FA-4F1E-93D5-D72CB1A91064}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{A94941A0-9D8D-46D3-AE52-EAB7520BD5D5}] => (Allow) E:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FD27C8C1-CF42-4224-845D-7C9C27DA9A41}] => (Allow) E:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{941BF95A-BE36-44DF-8572-8F7DB859B692}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{91357B5D-DD1E-442E-B85E-6841AD38974E}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{EC4F8BD2-09FC-4E43-BEE6-C3EA1538A3B4}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{77B73213-DE9C-4F1F-AD3D-758CCA183E0A}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{4C438B67-FB29-4E32-82AA-40BC2C56D934}] => (Allow) E:\steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution LTD -> OpenTTD Development Team)
FirewallRules: [{31596759-D52B-42A3-9C88-623E80B4D840}] => (Allow) E:\steam\steamapps\common\OpenTTD\openttd.exe (OpenTTD Distribution LTD -> OpenTTD Development Team)
FirewallRules: [TCP Query User{E8C5B514-D01E-4128-A432-32371BCD2497}E:\games\sudden\sudden strike 4\suddenstrike4.exe] => (Block) E:\games\sudden\sudden strike 4\suddenstrike4.exe () [File not signed]
FirewallRules: [UDP Query User{5794558E-9B82-4DDF-B71B-EC832F538EEB}E:\games\sudden\sudden strike 4\suddenstrike4.exe] => (Block) E:\games\sudden\sudden strike 4\suddenstrike4.exe () [File not signed]
FirewallRules: [{F6DA3769-56E2-4772-8C06-B69143C032D9}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{27961C98-EF2E-4756-9D43-819171FC8231}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{22C4B9B7-C922-4997-AAA9-AE09BCF1EC04}] => (Allow) E:\steam\steamapps\common\Tribal Wars\tribalwars.exe (Jon Dawson) [File not signed]
FirewallRules: [{0B05B895-C4C7-43FC-BE21-E11DAB6DD98A}] => (Allow) E:\steam\steamapps\common\Tribal Wars\tribalwars.exe (Jon Dawson) [File not signed]
FirewallRules: [{4FE0F9F6-8164-44F1-BBA1-40834A7BD64D}] => (Allow) E:\steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{8A55B2AF-B796-40BB-9063-0D533216C2FA}] => (Allow) E:\steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [TCP Query User{88CDA622-4CED-4F99-BA81-AA1572F06403}E:\qbittorrent\age of empires iv\reliccardinal_ws.exe] => (Allow) E:\qbittorrent\age of empires iv\reliccardinal_ws.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment)
FirewallRules: [UDP Query User{C673FF31-D36C-41F4-BD3A-0B8D47EEECE2}E:\qbittorrent\age of empires iv\reliccardinal_ws.exe] => (Allow) E:\qbittorrent\age of empires iv\reliccardinal_ws.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment)
FirewallRules: [TCP Query User{09C3F801-8C8E-4AB7-B73C-A3B83A5C585B}C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe] => (Allow) C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe (BluSky) [File not signed]
FirewallRules: [UDP Query User{7F86F075-CF34-4353-99B8-52F71BB9B529}C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe] => (Allow) C:\program files\windowsapps\bluskysoftwareinc.allmediaplayer_2.2.8.0_x86__61yk12x6sxn40\amp.exe (BluSky) [File not signed]
FirewallRules: [TCP Query User{013EA731-D03D-4CE6-9FC1-3B359BE5B167}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{94B7DED9-8F24-49B6-9C19-3BD1DA6705D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{683630CA-E4F0-43F9-8AE9-31F9BDAF5065}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D11C9C9D-FE28-43CE-94C2-3DEDC21E6C0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{14C3C801-60D2-41D1-BA1F-4EBB45A6BF22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{701CD034-EFBC-450E-B939-86087BB61AE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3596B14F-AD79-4BF1-8DBC-A65D384D86F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60CE8AB8-395F-48FF-A76B-62374CB62774}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{64749B69-BE50-4F15-B426-A3C99A727394}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{139F2309-E0B6-453C-9EC7-8653F48C986F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{746F4229-3EB7-4920-9E3F-C0E1BF0E6890}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5DF060F-A1CA-437B-ACCA-C6A4B640BFC9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7717166F-821C-4885-9551-1835A7A2C597}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7D3AF4D1-1CE6-431B-A982-BD6E86662FA8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EFB93EF3-AC62-448A-8E4C-C5814B792C13}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{356C03F5-E155-4363-B20F-0EAD7F4E6D40}] => (Allow) E:\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{D4F99D22-1093-4A75-BC57-8735CC8C860F}C:\users\alonzop\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\alonzop\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{7EBE9E2B-D0B1-49C5-8FA8-8268C63F240E}C:\users\alonzop\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\alonzop\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{62B27E2A-9CDA-4A1D-9AE5-F642EFCA6CE0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:110.83 GB) (Free:30.48 GB) (28%)

==================== Faulty Device Manager Devices ============

Name: Časovač událostí s vysokou přesností
Description: Časovač událostí s vysokou přesností
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní systémová zařízení)
Service:
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/31/2022 10:16:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070565, Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.
.

Error: (01/31/2022 10:16:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x80070565, Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.
]

Error: (01/31/2022 10:16:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80070565, Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.
.

Error: (01/31/2022 10:16:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x80070565, Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.
]

Error: (01/31/2022 09:45:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program 72648541.exe verze 20.0.10.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2408

Čas spuštění: 01d816e31b92e657

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\Alonzop\AppData\Local\Temp\{75d7ef38-6c94-4d21-a7f4-06ae81496e07}\72648541.exe

ID hlášení: 3f2d6faf-621c-4bc6-98f4-2a7a86a29833

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (01/30/2022 04:39:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/30/2022 04:39:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/30/2022 04:39:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.


System errors:
=============
Error: (01/31/2022 10:17:01 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (01/31/2022 10:16:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HuaweiHiSuiteService64.exe neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/31/2022 10:16:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (01/31/2022 10:16:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MBAMChameleon neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/31/2022 10:16:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 5 při pokusu o spuštění služby camsvc s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Internal.CapabilityAccess.Management.CapabilityConsentManager

Error: (01/31/2022 10:16:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Capability Access Manager neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (01/31/2022 10:16:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.

Error: (01/31/2022 10:16:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Klient zásad skupiny neuspěla při spuštění v důsledku následující chyby:
Přístup byl odepřen.


Windows Defender:
================
Date: 2022-01-31 22:18:08
Description:
Řízený přístup ke složkám zablokoval pro C:\Users\Alonzop\AppData\Local\Temp\{0108104f-a9a4-414f-a2d9-b3bf9a3124bd}\3ab9fae4.exe provádění změn v paměti.
Čas detekce: 2022-01-31T21:18:08.062Z
Uživatel: X-COM\Alonzop
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Users\Alonzop\AppData\Local\Temp\{0108104f-a9a4-414f-a2d9-b3bf9a3124bd}\3ab9fae4.exe
Verze bezpečnostních informací: 1.355.2795.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

Date: 2022-01-31 21:46:14
Description:
Řízený přístup ke složkám zablokoval pro C:\Users\Alonzop\AppData\Local\Temp\{0108104f-a9a4-414f-a2d9-b3bf9a3124bd}\3ab9fae4.exe provádění změn v paměti.
Čas detekce: 2022-01-31T20:46:14.460Z
Uživatel: X-COM\Alonzop
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Users\Alonzop\AppData\Local\Temp\{0108104f-a9a4-414f-a2d9-b3bf9a3124bd}\3ab9fae4.exe
Verze bezpečnostních informací: 1.355.2795.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

Date: 2022-01-31 21:43:19
Description:
Řízený přístup ke složkám zablokoval pro C:\Users\Alonzop\AppData\Local\Temp\{75d7ef38-6c94-4d21-a7f4-06ae81496e07}\72648541.exe provádění změn v paměti.
Čas detekce: 2022-01-31T20:43:19.201Z
Uživatel: X-COM\Alonzop
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Users\Alonzop\AppData\Local\Temp\{75d7ef38-6c94-4d21-a7f4-06ae81496e07}\72648541.exe
Verze bezpečnostních informací: 1.355.2795.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

Date: 2022-01-31 19:23:20
Description:
Řízený přístup ke složkám zablokoval pro C:\Users\Alonzop\AppData\Local\Temp\_iu14D2N.tmp možnost upravit %userprofile%\Documents\Steam\CODEX\1016800.
Čas detekce: 2022-01-31T18:23:20.102Z
Uživatel: X-COM\Alonzop
Cesta: %userprofile%\Documents\Steam\CODEX\1016800
Název procesu: C:\Users\Alonzop\AppData\Local\Temp\_iu14D2N.tmp
Verze bezpečnostních informací: 1.355.2795.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

Date: 2022-01-31 15:34:32
Description:
Řízený přístup ke složkám zablokoval pro E:\qBittorrent\Age of Empires IV\RelicCardinal_ws.exe možnost upravit %userprofile%\Documents.
Čas detekce: 2022-01-31T14:34:32.062Z
Uživatel: X-COM\Alonzop
Cesta: %userprofile%\Documents
Název procesu: E:\qBittorrent\Age of Empires IV\RelicCardinal_ws.exe
Verze bezpečnostních informací: 1.355.2795.0
Verze modulu: 1.1.18800.4
Verze produktu: 4.18.2111.5

CodeIntegrity:
===============
Date: 2021-02-04 23:58:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V11.1 05/02/2013
Motherboard: MSI FM2-A55M-P33 (MS-7721)
Processor: AMD Athlon(tm) X4 740 Quad Core Processor
Percentage of memory in use: 36%
Total physical RAM: 8145.84 MB
Available physical RAM: 5201.12 MB
Total Virtual: 20433.84 MB
Available Virtual: 14935.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.83 GB) (Free:30.48 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Fixed) (Total:488.59 GB) (Free:240.22 GB) NTFS
Drive f: (FULLFILED_SEXUAL_FANTASIES) (CDROM) (Total:3.99 GB) (Free:0 GB) UDF
Drive h: (Nový svazek) (Fixed) (Total:442.38 GB) (Free:130.35 GB) NTFS

\\?\Volume{db5a8614-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{350f029c-0000-0000-0000-102c7a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{db5a8614-0000-0000-0000-c0d41b000000}\ () (Fixed) (Total:0.47 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 350F029C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=442.4 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: DB5A8614)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=482 MB) - (Type=27)

==================== End of Addition.txt =======================

[JaRon]

ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {2110b0f5-66dc-11ec-936b-d43d7e9f40c1} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350a3-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350b2-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {65ae4bed-75ba-11eb-92dd-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {6c5ce6c0-7394-11eb-92db-98ded01fd416} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {eac6ed1e-e491-11eb-9315-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {03BA5A1D-0F9F-4108-B305-E3584E8FE166} - System32\Tasks\ZdRZnrjKyQsBNVCvy2 => rundll32 "C:\Program Files (x86)\PUTBNyYtQYqvGavJmbR\QEGLZQZ.dll",#1
Task: {39FC4181-6D3E-45B8-9217-0AA7B1F28375} - System32\Tasks\spuIWhTQhwsk => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\RzGxquSs\pYFnWcC.exe fC /S (No File) <==== ATTENTION
Task: {5D0AE3F9-59E4-49F3-BBE5-311AEA2FFFBE} - System32\Tasks\lBYcDcXnfCvTgIFELsa2 => rundll32 "C:\Program Files (x86)\LyHbcpPejbWiC\DwumTVc.dll",#1
Task: {5F5E72DB-5C85-4A18-BC72-3DF504E89979} - System32\Tasks\YwEmbjKTGeiDrT => rundll32 "C:\Program Files (x86)\gymFwwWhwGGU2\vzbWHXDJWMxus.dll",#1
Task: {AE9B5F91-C63E-491B-8454-7344110585C5} - System32\Tasks\spuishjbDsdp => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\prBggLAu\OYXWomL.exe fC /S (No File) <==== ATTENTION
Task: {CB9F9F66-7397-4D50-B021-645223D40E71} - System32\Tasks\Skype => C:\Users\Alonzop\AppData\Local\Temp\Herjkjsbyjpg.js (No File) <==== ATTENTION
Task: {DA04CA39-D9DB-4720-9552-92E4A37B7FB3} - System32\Tasks\aiMhZFBWchsQYNe2 => rundll32 "C:\Program Files (x86)\bLNFZeFNU\zWXJMu.dll",#1
Task: {E7302600-1997-49FB-B244-5C6E6EE000DA} - \spulzFtqQdbB -> No File <==== ATTENTION
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\ProgramData\LppCdugwJEFTFvVB
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\ymOrlWHWLwxcC
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\LfSBRosenDpU2
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\eqmbuardANwxjVSjLvR
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\rOmbDYoeTSUn
2022-01-27 17:34 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\ESDPZMrpU



EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Alonzop]

Servus ,

Zde fix log :

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by Alonzop (01-02-2022 17:41:43) Run:1
Running from C:\Users\Alonzop\Desktop
Loaded Profiles: Alonzop
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {2110b0f5-66dc-11ec-936b-d43d7e9f40c1} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350a3-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {44a350b2-0dec-11ec-932e-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {65ae4bed-75ba-11eb-92dd-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {6c5ce6c0-7394-11eb-92db-98ded01fd416} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\...\MountPoints2: {eac6ed1e-e491-11eb-9315-d43d7e9f40c1} - "H:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {03BA5A1D-0F9F-4108-B305-E3584E8FE166} - System32\Tasks\ZdRZnrjKyQsBNVCvy2 => rundll32 "C:\Program Files (x86)\PUTBNyYtQYqvGavJmbR\QEGLZQZ.dll",#1
Task: {39FC4181-6D3E-45B8-9217-0AA7B1F28375} - System32\Tasks\spuIWhTQhwsk => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\RzGxquSs\pYFnWcC.exe fC /S (No File) <==== ATTENTION
Task: {5D0AE3F9-59E4-49F3-BBE5-311AEA2FFFBE} - System32\Tasks\lBYcDcXnfCvTgIFELsa2 => rundll32 "C:\Program Files (x86)\LyHbcpPejbWiC\DwumTVc.dll",#1
Task: {5F5E72DB-5C85-4A18-BC72-3DF504E89979} - System32\Tasks\YwEmbjKTGeiDrT => rundll32 "C:\Program Files (x86)\gymFwwWhwGGU2\vzbWHXDJWMxus.dll",#1
Task: {AE9B5F91-C63E-491B-8454-7344110585C5} - System32\Tasks\spuishjbDsdp => C:\Users\Alonzop\AppData\Local\Temp\ehjJuWYiscOGQTXLc\prBggLAu\OYXWomL.exe fC /S (No File) <==== ATTENTION
Task: {CB9F9F66-7397-4D50-B021-645223D40E71} - System32\Tasks\Skype => C:\Users\Alonzop\AppData\Local\Temp\Herjkjsbyjpg.js (No File) <==== ATTENTION
Task: {DA04CA39-D9DB-4720-9552-92E4A37B7FB3} - System32\Tasks\aiMhZFBWchsQYNe2 => rundll32 "C:\Program Files (x86)\bLNFZeFNU\zWXJMu.dll",#1
Task: {E7302600-1997-49FB-B244-5C6E6EE000DA} - \spulzFtqQdbB -> No File <==== ATTENTION
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\ProgramData\LppCdugwJEFTFvVB
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\ymOrlWHWLwxcC
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\LfSBRosenDpU2
2022-01-27 17:38 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\eqmbuardANwxjVSjLvR
2022-01-27 17:38 - 2022-01-27 17:38 - 000000000 ____D C:\Program Files (x86)\rOmbDYoeTSUn
2022-01-27 17:34 - 2022-01-31 22:09 - 000000000 ____D C:\Program Files (x86)\ESDPZMrpU



EmptyTemp:
Reboot:
End

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive" => removed successfully
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2110b0f5-66dc-11ec-936b-d43d7e9f40c1} => removed successfully
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44a350a3-0dec-11ec-932e-d43d7e9f40c1} => removed successfully
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44a350b2-0dec-11ec-932e-d43d7e9f40c1} => removed successfully
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65ae4bed-75ba-11eb-92dd-d43d7e9f40c1} => removed successfully
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c5ce6c0-7394-11eb-92db-98ded01fd416} => removed successfully
HKU\S-1-5-21-3622225975-1328666760-5524277-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eac6ed1e-e491-11eb-9315-d43d7e9f40c1} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03BA5A1D-0F9F-4108-B305-E3584E8FE166}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03BA5A1D-0F9F-4108-B305-E3584E8FE166}" => removed successfully
C:\WINDOWS\System32\Tasks\ZdRZnrjKyQsBNVCvy2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZdRZnrjKyQsBNVCvy2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39FC4181-6D3E-45B8-9217-0AA7B1F28375}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39FC4181-6D3E-45B8-9217-0AA7B1F28375}" => removed successfully
C:\WINDOWS\System32\Tasks\spuIWhTQhwsk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\spuIWhTQhwsk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D0AE3F9-59E4-49F3-BBE5-311AEA2FFFBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D0AE3F9-59E4-49F3-BBE5-311AEA2FFFBE}" => removed successfully
C:\WINDOWS\System32\Tasks\lBYcDcXnfCvTgIFELsa2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\lBYcDcXnfCvTgIFELsa2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F5E72DB-5C85-4A18-BC72-3DF504E89979}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5E72DB-5C85-4A18-BC72-3DF504E89979}" => removed successfully
C:\WINDOWS\System32\Tasks\YwEmbjKTGeiDrT => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YwEmbjKTGeiDrT" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE9B5F91-C63E-491B-8454-7344110585C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE9B5F91-C63E-491B-8454-7344110585C5}" => removed successfully
C:\WINDOWS\System32\Tasks\spuishjbDsdp => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\spuishjbDsdp" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB9F9F66-7397-4D50-B021-645223D40E71}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9F9F66-7397-4D50-B021-645223D40E71}" => removed successfully
C:\WINDOWS\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA04CA39-D9DB-4720-9552-92E4A37B7FB3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA04CA39-D9DB-4720-9552-92E4A37B7FB3}" => removed successfully
C:\WINDOWS\System32\Tasks\aiMhZFBWchsQYNe2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aiMhZFBWchsQYNe2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7302600-1997-49FB-B244-5C6E6EE000DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7302600-1997-49FB-B244-5C6E6EE000DA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\spulzFtqQdbB" => removed successfully
HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe => removed successfully
HuaweiHiSuiteService64.exe => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMChameleon => removed successfully
MBAMChameleon => service removed successfully
C:\ProgramData\LppCdugwJEFTFvVB => moved successfully
C:\Program Files (x86)\ymOrlWHWLwxcC => moved successfully
C:\Program Files (x86)\LfSBRosenDpU2 => moved successfully
C:\Program Files (x86)\eqmbuardANwxjVSjLvR => moved successfully
C:\Program Files (x86)\rOmbDYoeTSUn => moved successfully
C:\Program Files (x86)\ESDPZMrpU => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34756751 B
Java, Flash, Steam htmlcache => 328944430 B
Windows/system/drivers => 54392010 B
Edge => 0 B
Firefox => 31242635 B
Opera => 374416986 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 596040 B
systemprofile32 => 1592030 B
LocalService => 1592030 B
NetworkService => 15459356 B
Alonzop => 419939714 B

RecycleBin => 331861088 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-02-2022 17:43:48)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

==== End of Fixlog 17:43:48 ====

[JaRon]

Doporucujem vycistit PC s CCleanerom vcetne registrov a hotovo

[Alonzop]

Vyčištěno . Cc v reg opakovaně najde "ActiveX/COM Issue LocalServer32\C:\WINDOWS\SysWOW64\Speech_OneCore\Common\SpeechRuntime.exe -ToastNotifier HKCR\CLSID\{265b1075-d22b-41eb-bc97-87568f3e6dab} Alonzop" i po fixisue . Jestli to není potenciální hrozba neřešme to .

Mockrát Vám děkuji za pomoc . Skvělá spolupráce .

Na Rudyho kolegium je vždy spoleh .

[JaRon]

Je to OK
Pekny vecer prajem