Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

vyskakování erotických služeb google chrom

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Luckyphonyx
Návštěvník
Návštěvník
Příspěvky: 119
Registrován: 09 říj 2013 20:37

vyskakování erotických služeb google chrom

#1 Příspěvek od Luckyphonyx »

zdravím mám problém s pc při zapnutí chromu se mi zobrazuje divočina typu cecky a vemena :D
kdyby pc nepoužívali děti tak by mi to za jistých okoloností nevadilo


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-12-2022
Ran by Judas (administrator) on DESKTOP-24IL5M3 (Micro-Star International Co., Ltd MS-7C02) (02-01-2023 18:21:39)
Running from C:\Users\Judas\Downloads
Loaded Profiles: Judas
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2364 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(explorer.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.4.101.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <31>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1084704 2020-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194488 2022-11-10] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1787736 2022-12-30] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [479632 2022-03-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [155544 2022-08-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {233044db-87b0-11ed-9adf-2cf05d796980} - "I:\setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {6079a11b-954b-11ec-9aaf-806e6f6e6963} - "E:\autorun.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {8901a07d-954b-11ec-9ab0-2cf05d796980} - "G:\setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdb17-958d-11ec-9ab1-2cf05d796980} - "H:\Autorun.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdc63-958d-11ec-9ab1-2cf05d796980} - "J:\Setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdce1-958d-11ec-9ab1-2cf05d796980} - "K:\Setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {fbd9b398-4cb4-11ed-9ad2-2cf05d796980} - "D:\iStudio.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\108.0.5359.125\Installer\chrmstp.exe [2022-12-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2022-12-06]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2022-12-06]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Startup: C:\Users\Judas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration IL-2 Sturmovik Series [2022-07-05] () <==== ATTENTION [zero byte File/Folder]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {061D9989-E8F8-4139-BAEC-935AAFFEB16C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {06D881F5-32DA-410F-B45C-71CDE916F700} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183224 2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {19CA204A-5CDB-48EB-92B1-2CE583C2E221} - System32\Tasks\MonitorMysticLight => C:\Program Files\GamingOSD\MysticLight\MysticLightController.exe [31224 2018-11-09] (Micro-Star International CO., LTD. -> )
Task: {48EBF212-140D-4235-AA11-C4067A128A41} - System32\Tasks\GoogleUpdateTaskMachineCore{7853FE82-F63D-41FD-A215-F5FB12365F3A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-24] (Google LLC -> Google LLC)
Task: {4B077FF5-A6A8-4715-BF37-85F4BFCE182C} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [102712 2021-07-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {60B48A84-F3CC-48E3-B113-DDB9BBE0CF69} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954808 2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {68BB85C0-A36E-4260-BE59-341FB6656E32} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [102712 2021-07-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {739BF77A-35EC-46A9-B709-F5E33297F5B4} - System32\Tasks\MSI Task Host - MSI.True Color => C:\Program Files (x86)\MSI\One Dragon Center\True Color\MSI.True Color.exe [47416 2021-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {7472A273-ACE9-45CE-B76B-937DA2B51EDC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {764032DB-D7C1-4CE2-9FEC-6CC64684D67B} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954808 2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {8846C071-ED2E-4D75-9853-8CBAD20C0760} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56760 2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {B27A3058-B060-4DD8-927C-8141141593C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B3B33DB8-2FEC-436F-ABA3-CEFE548372EA} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe [1781072 2021-12-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {B73D9809-AA37-4FCF-9371-68DB483A5A35} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BFF95E0D-E85D-4909-987E-F1C00616D265} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [56816 2022-12-03] (HP Inc. -> HP Inc.)
Task: {C1D53D27-7F5D-4A43-BF01-4A98B15FBE60} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-12-30] (Overwolf Ltd -> Overwolf LTD)
Task: {D0D9D7F2-204E-4CEE-9C10-4CDF356A9687} - System32\Tasks\GoogleUpdateTaskMachineUA{95B664CA-33F1-46D9-994B-AE8037D41A79} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-24] (Google LLC -> Google LLC)
Task: {DE79FF15-405A-40B5-AB44-67801DD1199C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E02A2758-8F83-4A07-B932-7F50AB76445E} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [56816 2022-12-03] (HP Inc. -> HP Inc.)
Task: {E3BAABF9-4F2E-49F3-8E9E-1CF2CBEAAADD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [56760 2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E745726F-8CA9-4252-9376-87229CA6516B} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [679352 2022-11-10] (Advanced Micro Devices Inc. -> AMD)
Task: {F0F48C26-DEAA-4818-AD98-687782156858} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [291768 2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F23F05F7-F08C-4E72-9D62-101C1C2D40AD} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.54\Installer\setup.exe [3367848 2022-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB66C571-67CF-41BE-85BA-BAEBA5347E2E} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954808 2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ad4a27bb-d558-460c-bae5-128cacb23198}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\Judas\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-18]

FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2022-12-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2022-12-06] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR Profile: C:\Users\Judas\AppData\Local\Google\Chrome\User Data\Default [2023-01-02]
CHR Notifications: Default -> hxxps://club.autodoc.cz; hxxps://first.copperblade.top; hxxps://www.divokekmeny.cz
CHR Extension: (Dokumenty Google offline) - C:\Users\Judas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Judas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-24]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [509880 ] (Advanced Micro Devices Inc. -> AMD)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [602376 2021-07-29] (cFos Software GmbH -> cFos Software GmbH)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4957584 2022-03-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3549656 2022-11-10] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3549656 2022-11-10] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229360 2022-12-03] (HP Inc. -> HP Inc.)
S2 LightKeeperService; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8892256 2023-01-02] (Malwarebytes Inc. -> Malwarebytes)
S2 MSI Foundation Service; C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\FoundationService\MSIAPService.exe [75216 2020-09-23] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
S2 MSI_Central_Service; C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe [147088 2020-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S2 MSI_Companion_Service; C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe [143160 2021-03-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe [36152 2021-08-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S2 Mystic_Light_Service; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe [39760 2021-05-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-12-30] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35360 2022-06-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [27256 2022-01-27] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV19; C:\Windows\system32\AMDRyzenMasterDriver.sys [43336 2022-11-10] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_1a1a381a2c0e293c\amdsafd.sys [113056 2022-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 AmdTools64ICD; C:\Windows\System32\drivers\AmdTools64ICD.sys [63408 2020-05-27] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0385749.inf_amd64_adf299d144273fde\B385520\amdkmdag.sys [94454688 2022-11-21] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [59920 2022-05-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 cFosSpeed; C:\Windows\system32\DRIVERS\cfosspeed6.sys [1695016 2021-07-29] (cFos Software GmbH -> cFos Software GmbH)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [29208 2022-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2022-03-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [63696 2022-03-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [198400 2022-11-10] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [16336 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [237672 2022-11-10] (ESET, spol. s r.o. -> ESET)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [122504 2022-11-10] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [38544 2018-12-13] (Feature Integration Technology Inc -> FINTEK Corp.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-01-02] (Malwarebytes Inc. -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
S3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\One Dragon Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\One Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2022-03-07] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
S3 atillk64; \??\C:\Windows\TEMP\LiveUpdateAPI\Atiflash\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-02 18:21 - 2023-01-02 18:21 - 002376192 _____ (Farbar) C:\Users\Judas\Downloads\FRST64.exe
2023-01-02 18:21 - 2023-01-02 18:21 - 000022526 _____ C:\Users\Judas\Downloads\FRST.txt
2023-01-02 18:21 - 2023-01-02 18:21 - 000000000 ____D C:\FRST
2023-01-02 18:12 - 2023-01-02 18:12 - 008791352 _____ (Malwarebytes) C:\Users\Judas\Downloads\adwcleaner (1).exe
2023-01-02 18:01 - 2023-01-02 18:01 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-01-02 18:01 - 2023-01-02 18:01 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-01-02 18:01 - 2023-01-02 18:01 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-01-02 18:01 - 2023-01-02 18:01 - 000000000 ____D C:\Users\Judas\AppData\Local\mbam
2023-01-02 18:00 - 2023-01-02 18:00 - 002542312 _____ (Malwarebytes) C:\Users\Judas\Downloads\MBSetup-08018D73.exe
2023-01-02 18:00 - 2023-01-02 18:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-01-02 18:00 - 2023-01-02 18:00 - 000000000 ____D C:\Program Files\Malwarebytes
2023-01-02 10:30 - 2023-01-02 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2023-01-02 10:30 - 2023-01-02 10:30 - 000000000 ____D C:\ProgramData\ESET
2023-01-02 10:30 - 2023-01-02 10:30 - 000000000 ____D C:\Program Files\ESET
2023-01-02 10:29 - 2023-01-02 10:29 - 008971520 _____ (ESET) C:\Users\Judas\Downloads\eset_nod32_antivirus_live_installer.exe
2023-01-02 09:11 - 2023-01-02 10:20 - 000000000 ____D C:\Users\Judas\Documents\WWE2K19
2023-01-02 09:11 - 2023-01-02 09:11 - 000000000 ____D C:\Users\Public\Documents\Steam
2023-01-02 09:07 - 2023-01-02 09:07 - 000000754 _____ C:\Users\Judas\Desktop\WWE 2K19.lnk
2023-01-02 09:07 - 2023-01-02 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWE 2K19
2023-01-01 12:01 - 2023-01-02 02:46 - 000000000 ____D C:\Users\Judas\Downloads\WWE.2K19-CODEX
2023-01-01 11:22 - 2023-01-01 11:22 - 000111260 _____ C:\Users\Judas\Downloads\[SkT]WWE_2K19_(2018).torrent
2022-12-27 15:01 - 2022-12-27 15:01 - 000001184 _____ C:\Windows\system32\Drivers\etc\hosts.rollback
2022-12-27 15:01 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.backup
2022-12-23 18:11 - 2022-12-23 18:11 - 000001325 _____ C:\Users\Judas\Desktop\BurnoutParadise.exe – zástupce.lnk
2022-12-23 18:11 - 2022-12-23 18:11 - 000000000 ____D C:\Users\Judas\AppData\Local\Criterion Games
2022-12-16 10:07 - 2022-12-16 10:07 - 000000000 ___HD C:\$WinREAgent
2022-12-11 11:43 - 2022-12-23 17:43 - 000000000 ____D C:\Users\Judas\AppData\Local\ForzaHorizon5
2022-12-11 11:43 - 2022-12-11 11:43 - 000000000 ____D C:\Users\Public\Documents\EMPRESS
2022-12-11 09:52 - 2022-12-11 09:52 - 000000803 _____ C:\Users\Public\Desktop\Forza Horizon 5.lnk
2022-12-11 09:52 - 2022-12-11 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forza Horizon 5
2022-12-10 17:45 - 2022-12-10 17:45 - 000000664 _____ C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
2022-12-10 17:45 - 2022-12-10 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2022-12-10 16:53 - 2022-12-10 16:53 - 000119663 _____ C:\Users\Judas\Downloads\[SkT]Forza_Horizon_5__Premium_Edition_[v_1.405.2.0_ _DLCs]_(2021)_PC_.torrent
2022-12-10 16:52 - 2022-12-10 16:52 - 000303322 _____ C:\Users\Judas\Downloads\[SkT]Grand_Theft_Auto_V___GTA_V___GTA_5_(2015)(CZ).torrent
2022-12-10 16:49 - 2022-12-10 16:49 - 000015817 _____ C:\Users\Judas\Downloads\[SkT]Burnout_Paradise__The_Ultimate_Box_(RELOADED)(EN_CZ)(2008).torrent
2022-12-10 16:49 - 2022-12-10 16:49 - 000000000 ____D C:\Users\Judas\Downloads\ArchiCAD 18 CZ
2022-12-08 16:52 - 2022-12-08 17:12 - 3077804528 _____ C:\Users\Judas\Desktop\Grinch CZ dabing_x264.mp4
2022-12-08 14:23 - 2022-12-08 15:58 - 1049085952 _____ C:\Users\Judas\Desktop\Grinch CZ dabing.avi
2022-12-06 19:11 - 2022-12-06 19:11 - 029586263 _____ () C:\Users\Judas\Downloads\LF2_v2.0a.exe
2022-12-06 19:05 - 2022-12-06 19:05 - 004237776 _____ C:\Users\Judas\Desktop\puda.pln
2022-12-06 18:44 - 2022-12-10 17:31 - 000000293 _____ C:\Users\Judas\Documents\BIMx_Export_Log.txt
2022-12-06 18:44 - 2022-12-10 17:31 - 000000000 ____D C:\Users\Judas\Graphisoft
2022-12-06 18:44 - 2022-12-10 16:42 - 000000000 ____D C:\Users\Judas\Documents\BIMx
2022-12-06 18:44 - 2022-12-06 18:44 - 000000000 ____D C:\Users\Judas\AppData\Roaming\MAXON
2022-12-06 18:44 - 2022-12-06 18:44 - 000000000 ____D C:\Users\Judas\AppData\Roaming\Graphisoft
2022-12-06 18:44 - 2022-12-06 18:44 - 000000000 ____D C:\Users\Judas\AppData\Local\Graphisoft
2022-12-06 18:34 - 2022-12-06 18:34 - 000000976 _____ C:\Users\Public\Desktop\BIMx pro ArchiCAD 18.lnk
2022-12-06 18:34 - 2022-12-06 18:34 - 000000743 _____ C:\Users\Public\Desktop\ArchiCAD 18.lnk
2022-12-06 18:34 - 2022-12-06 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2022-12-06 18:34 - 2022-12-06 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter
2022-12-06 18:34 - 2022-12-06 18:34 - 000000000 ____D C:\ProgramData\CodeMeter
2022-12-06 18:34 - 2022-12-06 18:34 - 000000000 ____D C:\Program Files\CodeMeter
2022-12-06 18:34 - 2022-12-06 18:34 - 000000000 ____D C:\Program Files (x86)\CodeMeter
2022-12-06 18:34 - 2013-12-18 19:07 - 000106760 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\WibuKey64.sys
2022-12-06 18:34 - 2013-12-18 19:07 - 000021376 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\Drivers\Wibukey2_64.sys
2022-12-06 18:34 - 2013-12-18 06:20 - 000630640 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WibuXpm4J64.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000618896 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\wibuKJni64.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000491888 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WibuXpm4J32.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000471440 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\wibuKJni.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000431984 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkExt64.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000344432 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkExt32.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000176496 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000157552 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.dll
2022-12-06 18:34 - 2013-12-18 06:20 - 000022528 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lde
2022-12-06 18:34 - 2013-12-18 06:20 - 000022016 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lde
2022-12-06 18:34 - 2013-12-18 06:20 - 000022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lfr
2022-12-06 18:34 - 2013-12-18 06:20 - 000022016 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.les
2022-12-06 18:34 - 2013-12-18 06:20 - 000021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lfr
2022-12-06 18:34 - 2013-12-18 06:20 - 000021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.les
2022-12-06 18:34 - 2013-12-18 06:20 - 000021504 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lbr
2022-12-06 18:34 - 2013-12-18 06:20 - 000021504 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lit
2022-12-06 18:34 - 2013-12-18 06:20 - 000020992 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lit
2022-12-06 18:34 - 2013-12-18 06:20 - 000020992 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.ljp
2022-12-06 18:34 - 2013-12-18 06:20 - 000020480 _____ C:\Windows\system32\WkWin64.lhu
2022-12-06 18:34 - 2013-12-18 06:20 - 000020480 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.ljp
2022-12-06 18:34 - 2013-12-18 06:20 - 000019968 _____ C:\Windows\SysWOW64\WkWin32.lhu
2022-12-06 18:34 - 2013-12-18 06:20 - 000015360 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WkWin64.lcn
2022-12-06 18:34 - 2013-12-18 06:20 - 000014848 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WkWin32.lcn
2022-12-06 18:33 - 2022-12-06 18:38 - 000010521 _____ C:\Windows\vpd.properties
2022-12-06 18:33 - 2022-12-06 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRAPHISOFT
2022-12-06 18:33 - 2022-12-06 18:33 - 000000000 ____D C:\Program Files\WIBU-SYSTEMS
2022-12-06 18:33 - 2022-12-06 18:33 - 000000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2022-12-06 18:33 - 2022-12-06 18:33 - 000000000 ____D C:\Program Files (x86)\WIBUKEY
2022-12-06 18:31 - 2022-12-06 18:37 - 000000000 ____D C:\Users\Judas\AppData\Roaming\Install.GS
2022-12-06 18:31 - 2022-12-06 18:31 - 000264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2022-12-06 18:31 - 2022-12-06 18:31 - 000175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2022-12-06 18:31 - 2022-12-06 18:31 - 000174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2022-12-06 18:31 - 2022-12-06 18:31 - 000096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2022-12-06 18:31 - 2022-12-06 18:31 - 000000000 ____D C:\Users\Judas\AppData\LocalLow\Sun
2022-12-06 18:31 - 2022-12-06 18:31 - 000000000 ____D C:\ProgramData\Sun
2022-12-06 18:31 - 2022-12-06 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-12-06 18:31 - 2022-12-06 18:31 - 000000000 ____D C:\Program Files (x86)\Java

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-02 18:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-02 18:01 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-01-02 17:58 - 2022-03-07 11:19 - 000000000 ____D C:\Users\Judas\AppData\Local\CrashDumps
2023-01-02 17:55 - 2022-02-24 10:01 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-02 17:07 - 2022-02-24 09:25 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-01-02 13:52 - 2022-04-03 17:19 - 000004212 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{69104953-8301-48C5-A205-A3BA69BD0241}
2023-01-02 11:25 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-01-02 10:43 - 2022-03-04 09:11 - 000000000 ____D C:\Users\Judas\AppData\Roaming\uTorrent
2023-01-02 10:30 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-01-02 09:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-01-01 17:15 - 2022-03-05 10:50 - 000000000 ____D C:\Program Files (x86)\Overwolf
2023-01-01 11:20 - 2022-11-26 12:57 - 000003118 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2023-01-01 11:20 - 2022-06-30 20:22 - 000003078 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2022-12-31 19:37 - 2022-03-29 17:40 - 000000000 ____D C:\Users\Judas\AppData\Local\AMD_Common
2022-12-30 08:52 - 2022-03-05 10:49 - 000000000 ____D C:\Users\Judas\AppData\Local\Overwolf
2022-12-29 19:29 - 2022-02-24 09:32 - 000000000 ____D C:\Users\Judas\AppData\Local\Packages
2022-12-27 15:00 - 2022-03-11 20:34 - 000000000 ____D C:\Windows\SysWOW64\directx
2022-12-25 08:58 - 2022-02-24 09:31 - 001693656 _____ C:\Windows\system32\PerfStringBackup.INI
2022-12-25 08:58 - 2019-12-07 15:43 - 000716894 _____ C:\Windows\system32\perfh005.dat
2022-12-25 08:58 - 2019-12-07 15:43 - 000145072 _____ C:\Windows\system32\perfc005.dat
2022-12-25 08:51 - 2022-09-14 14:40 - 000000000 ___RD C:\Users\Judas\iCloudDrive
2022-12-25 08:51 - 2022-03-05 10:50 - 000002321 _____ C:\Users\Judas\Desktop\MSI companion.lnk
2022-12-25 08:51 - 2022-02-24 09:33 - 000000000 ___RD C:\Users\Judas\OneDrive
2022-12-25 08:51 - 2022-02-24 09:29 - 000000000 ____D C:\Users\Judas
2022-12-25 08:51 - 2022-02-24 09:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-12-25 08:51 - 2022-02-24 09:25 - 000008192 ___SH C:\DumpStack.log.tmp
2022-12-23 17:57 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-12-19 10:18 - 2022-02-24 09:32 - 000000000 ____D C:\Users\Judas\AppData\Local\D3DSCache
2022-12-18 19:45 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-12-18 19:44 - 2022-02-24 09:25 - 000267576 _____ C:\Windows\system32\FNTCACHE.DAT
2022-12-18 19:44 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemApps
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-12-18 19:44 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-12-17 16:41 - 2022-02-24 09:29 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-12-17 16:41 - 2022-02-24 09:26 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-12-16 10:15 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-12-16 10:12 - 2022-02-24 09:27 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-12-16 10:07 - 2022-02-24 11:39 - 000000000 ____D C:\Windows\system32\MRT
2022-12-16 10:04 - 2022-02-24 11:39 - 148633544 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-12-15 22:56 - 2022-02-24 10:02 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-12-15 22:56 - 2022-02-24 10:02 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-12-10 10:58 - 2022-02-24 09:33 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1422029196-1844015361-2285211139-1001
2022-12-10 10:58 - 2022-02-24 09:33 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1422029196-1844015361-2285211139-1001
2022-12-10 10:58 - 2022-02-24 09:29 - 000002381 _____ C:\Users\Judas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-12-09 12:03 - 2022-02-24 09:26 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-12-03 15:38 - 2022-03-29 17:24 - 000000000 ____D C:\Windows\system32\Tasks\HP
2022-12-03 15:38 - 2022-03-11 19:55 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

==================== Files in the root of some directories ========

2022-03-07 11:20 - 2022-03-14 10:48 - 000028672 _____ () C:\Users\Judas\AppData\Roaming\crash.bin
2022-03-04 22:42 - 2022-04-03 17:50 - 000007597 _____ () C:\Users\Judas\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2022
Ran by Judas (02-01-2023 18:22:19)
Running from C:\Users\Judas\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.2364 (X64) (2022-02-24 08:27:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1422029196-1844015361-2285211139-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1422029196-1844015361-2285211139-503 - Limited - Disabled)
defaultuser100001 (S-1-5-21-1422029196-1844015361-2285211139-1006 - Limited - Enabled)
Guest (S-1-5-21-1422029196-1844015361-2285211139-501 - Limited - Disabled)
Judas (S-1-5-21-1422029196-1844015361-2285211139-1001 - Administrator - Enabled) => C:\Users\Judas
WDAGUtilityAccount (S-1-5-21-1422029196-1844015361-2285211139-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.)
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.18.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.7.0.1725 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.11.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{0fd12917-eb35-466f-b411-02c45a8a505d}) (Version: 4.03.03.431 - Advanced Micro Devices, Inc.) Hidden
Any Video Converter 7.1.5 (HKLM-x32\...\Any Video Converter) (Version: 7.1.5 - Anvsoft)
ArchiCAD 18 CZE (HKLM\...\001FFF2FFF18FF00FF1101F01F02F000-R1) (Version: 18.0 - GRAPHISOFT)
Assassins Creed Odyssey v.1.5.3 (HKLM-x32\...\Assassins Creed Odyssey_is1) (Version: - )
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
Burnout(TM) Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Call of Duty 2 verze v1.3 (HKLM-x32\...\Call of Duty 2_is1) (Version: v1.3 - (R.G.Danik1B9))
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
cFosSpeed 12.01 (HKLM\...\cFosSpeed) (Version: 12.01 - cFos Software GmbH, Bonn)
CodeMeter Runtime Kit v5.10a (HKLM\...\{CADFF08A-A157-474F-B6A8-8F26F81F7ABE}) (Version: 5.10.1224.501 - WIBU-SYSTEMS AG)
Counter-Strike 1.6 verze 4554 (HKLM-x32\...\{5A81CBD0-4C7E-4C5A-9F6D-A4C316E3560C}}_is1) (Version: 4554 - Valve)
CPUID CPU-Z MSI 1.92 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.92 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.0.0.1960 - Disc Soft Ltd)
ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.3.31 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{cb8809b0-c2ad-40f3-80c7-8ebf6c6f8f63}) (Version: 1.0.3.31 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.7 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{aeca6fd4-1d77-499a-b01c-d4521a6b7bff}) (Version: 1.0.9.7 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden
ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden
ESET Security (HKLM\...\{AC01C534-2ECB-460E-9D4E-D4D158076F50}) (Version: 16.0.24.0 - ESET, spol. s r.o.)
Forza Horizon 5 (HKLM-x32\...\Forza Horizon 5_is1) (Version: - )
GamingOSD(x64) (HKLM\...\{11E14722-1213-4021-AD72-32252315CB8B}) (Version: 0.0.2.3 - MICRO-STAR INT'L,.LTD.) Hidden
GamingOSD(x64) (HKLM-x32\...\Installshield_{11E14722-1213-4021-AD72-32252315CB8B}) (Version: 0.0.2.3 - MICRO-STAR INT'L,.LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 108.0.5359.125 - Google LLC)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Heroes of Might and Magic III Complete (HKLM-x32\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
iCloud Outlook (HKLM\...\{B8056148-C2ED-44EC-A3D1-93FDA8B120FC}) (Version: 13.4.0.101 - Apple Inc.)
IL-2 Sturmovik Series: Complete Edition (HKLM-x32\...\InstallShield_{51F24145-A833-4BD5-AA38-AFC5268928E5}) (Version: 1.00.0000 - Název společnosti:)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Krtek (HKLM-x32\...\Krtek_is1) (Version: 1.0 - Game shop, s.r.o.)
Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\OneDriveSetup.exe) (Version: 22.238.1114.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30133 (HKLM\...\{E699E009-1C3C-4E50-9B57-2B39F0954C7F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30133 (HKLM\...\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29913 (HKLM-x32\...\{572DCD10-CF2E-43D1-8151-8BD9AC9086D0}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29913 (HKLM-x32\...\{6236EBBD-F50F-40B3-B819-8DB0C608308C}) (Version: 14.28.29913 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Mount and Blade: Warband (HKLM-x32\...\1207666913_is1) (Version: 2.054 - GOG.com)
MSI companion (HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\Overwolf_ddlhcmnbjcondncokaaocnpbhbmhchohknbhpnbd) (Version: 2.0.39 - Overwolf app)
MSI Display Kit(x64) (HKLM\...\{5A8E3E72-D260-4DB3-BCE3-AF47C364F275}) (Version: 0.0.1.1 - MSI) Hidden
MSI Display Kit(x64) (HKLM-x32\...\Installshield_{5A8E3E72-D260-4DB3-BCE3-AF47C364F275}) (Version: 0.0.1.1 - MICRO-STAR INT'L,.LTD.)
MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2021.1227.01 - MSI)
Need for Speed Heat (HKLM-x32\...\Need for Speed Heat_is1) (Version: 0.0.0 - DODI-Repacks)
Need for Speed Most Wanted Black Edition (HKLM-x32\...\Need for Speed Most Wanted Black Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )
Nero (HKLM-x32\...\Nero) (Version: - )
NFS: Most Wanted CZ (HKLM-x32\...\NFS: Most Wanted) (Version: CZ - Sub - Zero)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.215.0.15 - Overwolf Ltd.)
Port Royale (HKLM-x32\...\Port Royale_is1) (Version: 1.4 - US-ACTION, s.r.o.)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8960.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
RyzenMasterSDK (HKLM\...\{0ECA7DE7-16D6-4A9B-9860-3C2FBFDB95B2}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
SuperDVD Player 5.0 (HKLM-x32\...\SuperDVD Player_is1) (Version: - MasterSoft*ImageTeam*, Inc.)
TZB modelár AC18 CZE (HKLM\...\042FFF2FFF18FF00FF1101F01F02F000-R1) (Version: 18.0 - GRAPHISOFT)
Vietcong - Gold Edition verze 1.60 (HKLM-x32\...\{C77CF4A8-70F3-41AA-84AE-AA82298A4725}_is1) (Version: 1.60 - )
Vietcong & Vietcong: Fist Alpha (HKLM-x32\...\{DCF5C463-BD5C-4982-91F9-2C3F8F9E9C88}) (Version: 1.06 - )
Warcraft III - Complete Edition verze 1.26a (HKLM-x32\...\{52FD4969-2C1C-4F9C-A71B-C6F04777FFAA}_is1) (Version: 1.26a - )
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.20 of 2013-Dec-18 (Build 1230) (Setup) - WIBU-SYSTEMS AG)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WWE 2K19 (HKLM-x32\...\WWE 2K19_is1) (Version: - )
WWE 2K20 (HKLM-x32\...\WWE 2K20_is1) (Version: - )
Základní software zařízení HP DeskJet 2300 series (HKLM\...\{23C892A9-BEF7-4205-B773-D78B8D289B0C}) (Version: 51.3.4843.21310 - HP Inc.)

Packages:
=========
AMD Link -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.22.20004.0_x64__0a9344xs7nr4m [2022-08-01] (Advanced Micro Devices Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-03-22] (Microsoft Corporation)
DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.123.0_x64__kzh8wxbdkxb8p [2022-03-05] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_141.2.441.0_x64__v10z8vjag6ke6 [2022-12-03] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_13.4.101.0_x86__nzyj5cx40ttqa [2022-09-14] (Apple Inc.) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.12.219.0_x64__dt26b99r8h8gj [2022-03-03] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-08] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0 [2022-12-08] (Spotify AB) [Startup Task]
Super Meida and DVD Player -> C:\Program Files\WindowsApps\19539EasthillsMediaInc.SuperMedia_2.0.21.0_x86__5dbwh4mbgpwyw [2022-10-09] (Easthills Media Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1422029196-1844015361-2285211139-1001_Classes\CLSID\{6779A658-4C84-4ABD-AA84-E3A2471224E6} -> [iCloud Drive] => C:\Users\Judas\iCloudDrive [2022-09-14 14:40]
CustomCLSID: HKU\S-1-5-21-1422029196-1844015361-2285211139-1001_Classes\CLSID\{72FAA8C9-46A6-4573-838A-F723A7D5F5DA} -> [Fotky na iCloudu] => C:\Users\Judas\Pictures\iCloud Photos\Photos [2022-09-14 14:41]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-11-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2022-03-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-11-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2022-03-07] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2022-11-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-11-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-12-06 18:37 - 2014-10-21 17:00 - 001011200 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GDL.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 001581056 _____ (Graphisoft SE) [File not signed] F:\programy\cad\Geometry.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000798208 _____ (Graphisoft SE) [File not signed] F:\programy\cad\Graphix.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000036352 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GSProfiler.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 001334272 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GSRoot.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 001186816 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GSShellX64.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000310272 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GSUtils.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 002579968 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GSXML.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000219648 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GSXMLUtils.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000070656 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GSZLib.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000056832 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GX.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000053760 _____ (Graphisoft SE) [File not signed] F:\programy\cad\GXImageBase.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 001019904 _____ (Graphisoft SE) [File not signed] F:\programy\cad\InputOutput.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000632320 _____ (Graphisoft SE) [File not signed] F:\programy\cad\JACK.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000142848 _____ (Graphisoft SE) [File not signed] F:\programy\cad\Network.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 002830848 _____ (Graphisoft SE) [File not signed] F:\programy\cad\ObjectDatabase.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000113664 _____ (Graphisoft SE) [File not signed] F:\programy\cad\ProjectFile.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000394240 _____ (Graphisoft SE) [File not signed] F:\programy\cad\ProjectInfo.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000543232 _____ (Graphisoft SE) [File not signed] F:\programy\cad\ProjectIO.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000367616 _____ (Graphisoft SE) [File not signed] F:\programy\cad\TextEngine.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000231424 _____ (Graphisoft SE) [File not signed] F:\programy\cad\TWRoot.dll
2022-12-06 18:37 - 2014-10-21 17:00 - 000544256 _____ (Graphisoft SE) [File not signed] F:\programy\cad\VBUtils.dll
2010-11-18 21:08 - 2010-11-18 21:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2022-12-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2022-12-06] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2022-12-27 15:01 - 000001256 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Judas\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_0669.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BCBBE7F7-D40B-498F-B50A-110B7F0977D9}] => (Allow) C:\program files\GamingOSD\GamingOSD.exe (Micro-Star International CO., LTD. -> MICRO-STAR INT'L,.LTD.)
FirewallRules: [TCP Query User{442D49A8-E0EA-4B5C-995F-45D06B4D235A}C:\users\judas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\judas\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{F0387D68-8018-4A7C-96D2-8DAE6C41FB45}C:\users\judas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\judas\appdata\roaming\utorrent\utorrent.exe (Zdenek Svub -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{7DCC6CC7-845E-4B99-80DD-AB81A0810DCE}F:\call of duty 1\the call of duty\codmp.exe] => (Allow) F:\call of duty 1\the call of duty\codmp.exe => No File
FirewallRules: [UDP Query User{59DB6DB7-7DD5-4AA7-8218-764F859B3126}F:\call of duty 1\the call of duty\codmp.exe] => (Allow) F:\call of duty 1\the call of duty\codmp.exe => No File
FirewallRules: [{0FBE7661-8B52-4223-891A-A33C8AF5D79D}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{95CBE25F-7944-42E0-83A3-A580A0B98518}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{8CE05623-C689-4116-BFBA-D2F9B3F0FEF7}] => (Allow) C:\Users\Judas\AppData\Local\Temp\7zS3CAD\HP.EasyStart.exe (HP Inc. -> HP)
FirewallRules: [{8D2A28F3-B8CB-45C8-9FFD-0C7C2D71EA8D}] => (Allow) C:\Program Files\HP\HP DeskJet 2300 series\Bin\USBSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{A4F71424-B3A0-48E5-A517-240934C5BF4F}] => (Allow) C:\Program Files\HP\HP DeskJet 2300 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{2B6FCCF6-0FAD-42F4-BF5F-23075BD9C577}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{A99939E6-878C-479B-A6B4-91D3FA23938D}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7CFEA9BC-5993-4AA0-81F0-062E32E5DECB}] => (Allow) F:\roz instalovane\bitva o středozem 1\game.dat => No File
FirewallRules: [{82F3AD43-8C81-4392-839C-7A391560E277}] => (Allow) F:\roz instalovane\bitva o středozem 1\game.dat => No File
FirewallRules: [{3404F13F-9216-43EB-B40C-84946EB4BFEB}] => (Allow) F:\programy\cad\ArchiCAD.exe (Graphisoft SE) [File not signed]
FirewallRules: [{7F00FC91-A796-492B-A23D-1DB1145B895A}] => (Allow) F:\programy\cad\ArchiCAD.exe (Graphisoft SE) [File not signed]
FirewallRules: [{D3028EBD-1512-4A8C-87CC-3B2A1282FBBB}] => (Allow) F:\programy\cad\CineRender\CineRender 64bit.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{E97B62EB-5C1C-4A5C-91AA-F01456E69D68}] => (Allow) F:\programy\cad\CineRender\CineRender 64bit.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{326D737F-FD3D-4965-AB0E-844FF0DE3C44}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{0276158B-242F-4557-9137-2AB9959990CA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{7542FC3A-17E7-47AC-896D-5EF3B4DE3EE4}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{121A2E1D-F44C-4C93-9E90-03FA30A5A4DB}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{C154A8A3-07FE-4C2A-8153-0D2B44D87493}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{57C0D9DA-BA0B-4D5F-9E36-844432618E06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{283CBCFB-EE69-4C8D-B2F4-1D2AEC2B4CDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B2B841E5-11BE-467F-A122-A3CCD9A12E86}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{34CB491A-A2C6-412B-86DA-951F55E30944}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5316D85D-E266-4CC2-AEA3-1AF2E783D9BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B70C8057-E840-49A3-998D-BD9880249CBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CB3D8CF7-73A7-486D-BF48-C78F724CFC90}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5C248C6C-40EF-4CD3-8BCD-127A2725DD4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E35BD656-7FEF-4D22-A4DD-080AC1EA5302}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{28F64DE8-F905-4601-AA83-6FBE6A27EDE1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{261414BD-9A3C-4720-A7EC-218760F8D5CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE5959B6-3AD6-42E6-AE9E-3EFC64BB8966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{67C7B282-05A9-48F8-B9EE-6153AEA14F46}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E9319CA1-14E2-4DFC-B99A-61193042544E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D96F39A3-F905-44A1-8280-E6568AFECB3B}] => (Allow) F:\roz instalovane\burnout paradise\BurnoutLauncher.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{9B5817CA-6AFC-4612-B7DF-49BEE09141B2}] => (Allow) F:\roz instalovane\burnout paradise\BurnoutLauncher.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{5269A1BA-E349-4C51-B6EF-929EB0F404A0}] => (Allow) F:\roz instalovane\burnout paradise\BurnoutConfigTool.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{ED07C5D1-41D8-4F1A-8C19-22893AA99043}] => (Allow) F:\roz instalovane\burnout paradise\BurnoutConfigTool.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{369421AB-5FC3-4286-A08C-E63B6E8AF011}] => (Allow) F:\roz instalovane\burnout paradise\BurnoutParadise.exe (Electronic Arts) [File not signed]
FirewallRules: [{38787980-CDBB-4C80-89AA-978730F72190}] => (Allow) F:\roz instalovane\burnout paradise\BurnoutParadise.exe (Electronic Arts) [File not signed]
FirewallRules: [{272BADA7-9973-48A7-BF2D-82E4D7386B21}] => (Allow) LPort=32682
FirewallRules: [{EF00EC9E-9612-4CAB-9166-D490BD380E81}] => (Allow) C:\Program Files (x86)\Overwolf\0.215.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F372A569-5208-45B1-9693-9ACAA53A3E7D}] => (Allow) C:\Program Files (x86)\Overwolf\0.215.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5394470E-4DBE-4824-B391-B5B3E18C23E6}] => (Block) C:\Program Files (x86)\Overwolf\0.215.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{39D2B4D9-CE0D-46FE-A4BD-9C9D56DC3131}] => (Block) C:\Program Files (x86)\Overwolf\0.215.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0E0A3517-3E91-4988-97F8-AC3777529C7A}] => (Allow) C:\Program Files (x86)\Overwolf\0.215.0.15\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{1D916774-A868-48A8-BA5C-F1276609BF69}] => (Allow) C:\Program Files (x86)\Overwolf\0.215.0.15\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

16-12-2022 10:07:04 Instalační služba modulů systému Windows
23-12-2022 17:53:09 Installed ProductName from default.wxl
31-12-2022 09:40:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/02/2023 05:58:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WWE2K19_x64.exe, verze: 1.0.0.0, časové razítko: 0x5baeea00
Název chybujícího modulu: XAudio2_7.DLL_unloaded, verze: 9.29.1962.0, časové razítko: 0x4c0643cc
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000032891
ID chybujícího procesu: 0x81e0
Čas spuštění chybující aplikace: 0x01d91e97453520c2
Cesta k chybující aplikaci: F:\roz instalovane\WWE 2K19\WWE2K19_x64.exe
Cesta k chybujícímu modulu: XAudio2_7.DLL
ID zprávy: f993f9c5-5c89-4460-983d-de8364189820
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/02/2023 11:20:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WWE2K19_x64.exe, verze: 1.0.0.0, časové razítko: 0x5baeea00
Název chybujícího modulu: WWE2K19_x64.exe, verze: 1.0.0.0, časové razítko: 0x5baeea00
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000001c921db
ID chybujícího procesu: 0x6148
Čas spuštění chybující aplikace: 0x01d91e8ffc7eeea1
Cesta k chybující aplikaci: F:\roz instalovane\WWE 2K19\WWE2K19_x64.exe
Cesta k chybujícímu modulu: F:\roz instalovane\WWE 2K19\WWE2K19_x64.exe
ID zprávy: c5e9d86c-0e1b-4d20-84b4-bdc741df0909
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/02/2023 11:00:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.19041.546, časové razítko: 0x5da7ab91
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x80131623
Posun chyby: 0x00007ff99fc2200f
ID chybujícího procesu: 0x6c60
Čas spuštění chybující aplikace: 0x01d91e911286173d
Cesta k chybující aplikaci: C:\Windows\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 7fb6f6d8-cc9e-4c24-b971-b67ee45f3030
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/02/2023 11:00:41 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (01/02/2023 11:00:41 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (01/02/2023 11:00:41 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (01/02/2023 11:00:41 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (01/02/2023 10:43:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 3.1.3.26837, časové razítko: 0x4f5934c0
Název chybujícího modulu: GDI32.dll, verze: 10.0.19041.2130, časové razítko: 0x463c9bed
Kód výjimky: 0xc000041d
Posun chyby: 0x00005e57
ID chybujícího procesu: 0x7ec8
Čas spuštění chybující aplikace: 0x01d91dcacbffc87b
Cesta k chybující aplikaci: C:\Users\Judas\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\Windows\System32\GDI32.dll
ID zprávy: eaec1757-ee35-4831-887c-c2ee1afa988f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD User Experience Program Data Uploader byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LightKeeperService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MSI_Companion_Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba MSI Foundation Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CodeMeter Runtime Server byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/02/2023 06:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Mystic_Light_Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2023-01-02 11:38:29
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D86B8C88-C3A1-4272-B0CE-042201AF011E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-01-01 20:32:36
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/CredentialAccess!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_F:\roz instalovane\WWE 2K20\codex64.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-24IL5M3\Judas
Název procesu: F:\roz instalovane\WWE 2K20\_Redist\QuickSFV.EXE
Verze bezpečnostních informací: AV: 1.381.1518.0, AS: 1.381.1518.0, NIS: 1.381.1518.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2

Date: 2022-12-31 12:51:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FE8B4616-2080-4797-8663-FB83E197E836}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-12-30 12:51:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1BA834A1-7A65-473A-98EB-970D0DE293B1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-12-29 12:37:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {85B05BBE-DC0D-4231-8090-7A74E46E1097}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2023-01-02 18:22:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends International, LLC. 3.C3 09/27/2021
Motherboard: Micro-Star International Co., Ltd B450 TOMAHAWK MAX (MS-7C02)
Processor: AMD Ryzen 5 5600G with Radeon Graphics
Percentage of memory in use: 39%
Total physical RAM: 14228.84 MB
Available physical RAM: 8616.63 MB
Total Virtual: 26004.84 MB
Available Virtual: 17061.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.33 GB) (Free:222.48 GB) (Model: ADATA SX6000PNP) NTFS
Drive e: (Krtek) (CDROM) (Total:0.06 GB) (Free:0 GB) UDF
Drive f: (Data) (Fixed) (Total:1863.02 GB) (Free:1148.13 GB) (Model: ST2000DM008-2UB102) NTFS

\\?\Volume{0dfeb749-edfd-45f2-99ce-38e87141a643}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{5dd6b847-59fa-489c-a027-c7210273ce3b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: vyskakování erotických služeb google chrom

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Luckyphonyx
Návštěvník
Návštěvník
Příspěvky: 119
Registrován: 09 říj 2013 20:37

Re: vyskakování erotických služeb google chrom

#3 Příspěvek od Luckyphonyx »

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-03-2023
# Duration: 00:00:01
# OS: Windows 10 (Build 19044.2364)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [29/11/2022 13:20:56]
AdwCleaner[S01].txt - [1481 octets] - [02/01/2023 18:12:45]
AdwCleaner[C01].txt - [1671 octets] - [02/01/2023 18:18:21]
AdwCleaner[S02].txt - [1603 octets] - [02/01/2023 18:18:45]
AdwCleaner[S03].txt - [1664 octets] - [03/01/2023 13:08:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: vyskakování erotických služeb google chrom

#4 Příspěvek od Rudy »

Toro je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {233044db-87b0-11ed-9adf-2cf05d796980} - "I:\setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {6079a11b-954b-11ec-9aaf-806e6f6e6963} - "E:\autorun.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {8901a07d-954b-11ec-9ab0-2cf05d796980} - "G:\setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdb17-958d-11ec-9ab1-2cf05d796980} - "H:\Autorun.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdc63-958d-11ec-9ab1-2cf05d796980} - "J:\Setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdce1-958d-11ec-9ab1-2cf05d796980} - "K:\Setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {fbd9b398-4cb4-11ed-9ad2-2cf05d796980} - "D:\iStudio.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2022-12-06]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2022-12-06]
Startup: C:\Users\Judas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration IL-2 Sturmovik Series [2022-07-05] () <==== ATTENTION [zero byte File/Folder]
Task: {48EBF212-140D-4235-AA11-C4067A128A41} - System32\Tasks\GoogleUpdateTaskMachineCore{7853FE82-F63D-41FD-A215-F5FB12365F3A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-24] (Google LLC -> Google LLC)
Task: {D0D9D7F2-204E-4CEE-9C10-4CDF356A9687} - System32\Tasks\GoogleUpdateTaskMachineUA{95B664CA-33F1-46D9-994B-AE8037D41A79} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-24] (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{7DCC6CC7-845E-4B99-80DD-AB81A0810DCE}F:\call of duty 1\the call of duty\codmp.exe] => (Allow) F:\call of duty 1\the call of duty\codmp.exe => No File
FirewallRules: [UDP Query User{59DB6DB7-7DD5-4AA7-8218-764F859B3126}F:\call of duty 1\the call of duty\codmp.exe] => (Allow) F:\call of duty 1\the call of duty\codmp.exe => No File
FirewallRules: [{7CFEA9BC-5993-4AA0-81F0-062E32E5DECB}] => (Allow) F:\roz instalovane\bitva o středozem 1\game.dat => No File
FirewallRules: [{82F3AD43-8C81-4392-839C-7A391560E277}] => (Allow) F:\roz instalovane\bitva o středozem 1\game.dat => No File
F:\roz instalovane\WWE 2K20\codex64.dll

EmptyTemp:
Hosts:

End
Uložte do C:\Users\Judas\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

V systému jsou 2 antiviry. MBAM a ESET. Jeden z nich odinstalujte, nebo alespoň vypněte rez. štít. Dochází k ovlivnění obou antivirů.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Luckyphonyx
Návštěvník
Návštěvník
Příspěvky: 119
Registrován: 09 říj 2013 20:37

Re: vyskakování erotických služeb google chrom

#5 Příspěvek od Luckyphonyx »

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-12-2022
Ran by Judas (03-01-2023 17:13:20) Run:1
Running from C:\Users\Judas\Downloads
Loaded Profiles: Judas
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {233044db-87b0-11ed-9adf-2cf05d796980} - "I:\setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {6079a11b-954b-11ec-9aaf-806e6f6e6963} - "E:\autorun.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {8901a07d-954b-11ec-9ab0-2cf05d796980} - "G:\setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdb17-958d-11ec-9ab1-2cf05d796980} - "H:\Autorun.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdc63-958d-11ec-9ab1-2cf05d796980} - "J:\Setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {df8fdce1-958d-11ec-9ab1-2cf05d796980} - "K:\Setup.exe"
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\...\MountPoints2: {fbd9b398-4cb4-11ed-9ad2-2cf05d796980} - "D:\iStudio.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2022-12-06]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2022-12-06]
Startup: C:\Users\Judas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration IL-2 Sturmovik Series [2022-07-05] () <==== ATTENTION [zero byte File/Folder]
Task: {48EBF212-140D-4235-AA11-C4067A128A41} - System32\Tasks\GoogleUpdateTaskMachineCore{7853FE82-F63D-41FD-A215-F5FB12365F3A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-24] (Google LLC -> Google LLC)
Task: {D0D9D7F2-204E-4CEE-9C10-4CDF356A9687} - System32\Tasks\GoogleUpdateTaskMachineUA{95B664CA-33F1-46D9-994B-AE8037D41A79} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-24] (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{7DCC6CC7-845E-4B99-80DD-AB81A0810DCE}F:\call of duty 1\the call of duty\codmp.exe] => (Allow) F:\call of duty 1\the call of duty\codmp.exe => No File
FirewallRules: [UDP Query User{59DB6DB7-7DD5-4AA7-8218-764F859B3126}F:\call of duty 1\the call of duty\codmp.exe] => (Allow) F:\call of duty 1\the call of duty\codmp.exe => No File
FirewallRules: [{7CFEA9BC-5993-4AA0-81F0-062E32E5DECB}] => (Allow) F:\roz instalovane\bitva o středozem 1\game.dat => No File
FirewallRules: [{82F3AD43-8C81-4392-839C-7A391560E277}] => (Allow) F:\roz instalovane\bitva o středozem 1\game.dat => No File
F:\roz instalovane\WWE 2K20\codex64.dll

EmptyTemp:
Hosts:

End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{233044db-87b0-11ed-9adf-2cf05d796980} => removed successfully
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6079a11b-954b-11ec-9aaf-806e6f6e6963} => removed successfully
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8901a07d-954b-11ec-9ab0-2cf05d796980} => removed successfully
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df8fdb17-958d-11ec-9ab1-2cf05d796980} => removed successfully
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df8fdc63-958d-11ec-9ab1-2cf05d796980} => removed successfully
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df8fdce1-958d-11ec-9ab1-2cf05d796980} => removed successfully
HKU\S-1-5-21-1422029196-1844015361-2285211139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbd9b398-4cb4-11ed-9ad2-2cf05d796980} => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk => moved successfully
C:\Users\Judas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration IL-2 Sturmovik Series => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48EBF212-140D-4235-AA11-C4067A128A41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48EBF212-140D-4235-AA11-C4067A128A41}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{7853FE82-F63D-41FD-A215-F5FB12365F3A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{7853FE82-F63D-41FD-A215-F5FB12365F3A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0D9D7F2-204E-4CEE-9C10-4CDF356A9687}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0D9D7F2-204E-4CEE-9C10-4CDF356A9687}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{95B664CA-33F1-46D9-994B-AE8037D41A79} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{95B664CA-33F1-46D9-994B-AE8037D41A79}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7DCC6CC7-845E-4B99-80DD-AB81A0810DCE}F:\call of duty 1\the call of duty\codmp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{59DB6DB7-7DD5-4AA7-8218-764F859B3126}F:\call of duty 1\the call of duty\codmp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CFEA9BC-5993-4AA0-81F0-062E32E5DECB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82F3AD43-8C81-4392-839C-7A391560E277}" => removed successfully
"F:\roz instalovane\WWE 2K20\codex64.dll" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 550506626 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1596086107 B
Edge => 0 B
Chrome => 626510159 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 3194691 B
LocalService => 3218927 B
NetworkService => 3922249 B
Judas => 324647230 B

RecycleBin => 0 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:13:49 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: vyskakování erotických služeb google chrom

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Luckyphonyx
Návštěvník
Návštěvník
Příspěvky: 119
Registrován: 09 říj 2013 20:37

Re: vyskakování erotických služeb google chrom

#7 Příspěvek od Luckyphonyx »

ano po spuštění se nic nezobrazuje a při zapnutí prohlížeče taky ne páráda děkuji jste schopní zjisti příčinu ? kde se ta verbeš vzala ?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: vyskakování erotických služeb google chrom

#8 Příspěvek od Rudy »

určitě idněkud z internetu. Postačí registry klíč, aby spustil podobné neřády. Pokud chodíte do "temných" zákoutí internetu, tak nejspíš odtamttd.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Luckyphonyx
Návštěvník
Návštěvník
Příspěvky: 119
Registrován: 09 říj 2013 20:37

Re: vyskakování erotických služeb google chrom

#9 Příspěvek od Luckyphonyx »

právě že nechodím

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: vyskakování erotických služeb google chrom

#10 Příspěvek od Rudy »

Tak třeba stránka fitgirl je tím vyhlášená. Měl jste ji v Hosts:
==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2022-12-27 15:01 - 000001256 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
Bylo resetováno. Když na to kliknu, Avast hned zařve.

Také je možné to chytit nastránkách s různými cracky k programům. Někdy ani netušíte, kde jste k tomu přišl. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět