FRST log
Kód: Vybrat vše
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.01.2024
Ran by Michi (administrator) on DESKTOP-5GGO2EH (Micro-Star International Co., Ltd. MS-7A34) (09-01-2024 16:38:29)
Running from C:\Users\Michi\Desktop\FRST64.exe
Loaded Profiles: Michi
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3803 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A-Volute -> A-Volute) C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe
(A-Volute -> A-Volute) C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe
(C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
(C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logi_crashpad_handler.exe <2>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.Awake.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.CropAndLock.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.FancyZones.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.PowerOCR.exe
(C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(cmd.exe ->) (Agilebits -> AgileBits, Inc.) C:\Users\Michi\AppData\Local\1Password\app\8\1Password-BrowserSupport.exe
(explorer.exe ->) () [File not signed] C:\Program Files (x86)\Monitorian\Monitorian.exe
(explorer.exe ->) (Agilebits -> 1Password) C:\Users\Michi\AppData\Local\1Password\app\8\1Password.exe <4>
(explorer.exe ->) (AutoDarkMode) [File not signed] C:\Program Files (x86)\AutoDarkMode\AutoDarkModeSvc.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <44>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Spotify AB -> Spotify Ltd) C:\Users\Michi\AppData\Roaming\Spotify\Spotify.exe <6>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2019-01-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3022640 2023-11-28] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKLM\...\Run: [NahimicVRSvc32] => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
HKLM\...\Run: [NahimicVRSvc64] => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\120.1.61.114\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10837528 2024-01-04] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26327864 2021-08-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [MSIRegister] => C:\Program Files (x86)\MSI\MSIRegister\MSIRegister.exe [1259008 2021-08-12] (Micro-Star INT'L CO., LTD.) [File not signed]
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Run: [LogiBolt] => C:\Program Files\Logi\LogiBolt\LogiBolt.exe [22423104 2021-12-14] (Logitech Inc -> Logitech)
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Run: [AutoDarkMode] => C:\Program Files (x86)\AutoDarkMode\AutoDarkModeSvc.exe [272896 2021-11-14] (AutoDarkMode) [File not signed]
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Run: [1Password] => C:\Users\Michi\AppData\Local\1Password\app\8\1Password.exe [172714864 2024-01-04] (Agilebits -> 1Password)
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Run: [MicrosoftEdgeAutoLaunch_97CC84EF98F04C9D1697DEF40DB5637D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Run: [Monitorian] => C:\Program Files (x86)\Monitorian\Monitorian.exe [35328 2023-12-08] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.200\Installer\chrmstp.exe [2024-01-04] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\120.1.61.114\Installer\chrmstp.exe [2024-01-04] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {949EA016-2849-48B9-B380-E979A3B3E662} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{D9F98ED1-49DF-47AF-9F09-12AADBBFF0D5} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {AAB5A29D-2B31-44EA-ACE8-401E87D390FD} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{8388AAED-B19E-447C-91F1-0056DA4BCB38} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-07] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {6FEAFB1A-DB4B-4094-A175-F17D48E3C82D} - System32\Tasks\GoogleUpdateTaskMachineCore{3C11118F-5B97-42C7-81BB-E7590BEE8F82} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-16] (Google LLC -> Google LLC)
Task: {3E8191E2-C5F4-43EA-B54B-D89CED5DC08C} - System32\Tasks\GoogleUpdateTaskMachineUA{E2B92CF5-D6AE-4064-97E4-6D348DDEFB54} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-16] (Google LLC -> Google LLC)
Task: {C6348380-DCB2-4FAB-98D1-CADB5D398791} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {22C3745E-833B-47A2-8D28-553AC288B835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {86C65E03-4AC4-49FB-9474-37AE317BAC70} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8BE1A9F-8D8F-47E6-8809-02B846CF5A57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {42C79186-9534-4E9C-B315-68E94F4DD84F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2024-01-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F6EE36F4-42A6-4563-8563-952260B9DA5D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2024-01-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {6FCF66F0-FE28-4358-9E06-20A5FE4C5AF4} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3354296 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {F16D4CAD-4160-49E1-87A0-3ED746A21BCC} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {5545EF66-05AE-48FC-92B8-1D63C44FEBA3} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
Task: {3E3C8440-BB23-48E3-9657-D67DA28AB012} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
Task: {C78FC180-D833-40D3-9267-11B257E7426F} - System32\Tasks\PowerToys\Autorun for Michi => C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe [1212976 2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC7B8313-B884-4DAF-8C77-9A27D3EE07E3} - System32\Tasks\update-S-1-5-21-2358193843-2216578880-2148233775-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C2702F3E-0D2F-4387-95B3-0FF68AC19529} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {8B8E18C9-659C-499B-8E49-89AF3726813B} - System32\Tasks\VivaldiUpdateCheck-71fc11429d4a0e1c => C:\Users\Michi\AppData\Local\Vivaldi\Application\update_notifier.exe [3704720 2024-01-04] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2358193843-2216578880-2148233775-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{12cc6d76-e147-40bb-b489-e05bf7b3ae39}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{12cc6d76-e147-40bb-b489-e05bf7b3ae39}: [DhcpDomain] docsis.vodafone.cz
Tcpip\..\Interfaces\{c4352f7a-0222-433c-b6c8-761aadc1697b}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c4352f7a-0222-433c-b6c8-761aadc1697b}: [DhcpDomain] docsis.vodafone.cz
Tcpip\..\Interfaces\{f17ff3cd-4cfc-4367-88ef-6189135d6577}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f17ff3cd-4cfc-4367-88ef-6189135d6577}: [DhcpDomain] docsis.vodafone.cz
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Michi\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-09]
Edge Extension: (Google Docs Offline) - C:\Users\Michi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-04]
Edge Extension: (Edge relevant text changes) - C:\Users\Michi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-04]
FireFox:
========
FF DefaultProfile: j4u0ayqd.default
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\j4u0ayqd.default [2022-11-07]
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hczqa2ak.default-release [2024-01-09]
FF Session Restore: Mozilla\Firefox\Profiles\hczqa2ak.default-release -> is enabled.
FF Extension: (1Password – Password Manager) - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hczqa2ak.default-release\Extensions\{d634138d-c276-4fc8-924b-40a0ea21d284}.xpi [2024-01-09]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default [2024-01-09]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR DefaultSearchKeyword: Default -> g
CHR Session Restore: Default -> is enabled.
CHR Extension: (Charcoal: Dark Mode for Messenger) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaekanoannlhnajolbijaoflfhikcgng [2024-01-04]
CHR Extension: (lock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeblfdkhhhdcdjpifhhbdiojplfjncoa [2024-01-04]
CHR Extension: (JSTorrent) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\anhdpjpojoipgpmfanmedjghaligalgb [2022-04-19]
CHR Extension: (uBlock Origin) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-01-04]
CHR Extension: (Postman) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2022-07-11]
CHR Extension: (Return YouTube Dislike) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2024-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-04]
CHR Extension: (Super Simple Highlighter) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2023-08-09]
CHR Extension: (Heap Note) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2022-04-16]
CHR Extension: (MetaMask) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-16]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2024-01-04]
CHR Extension: (Privacy Test) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2022-07-02]
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-19]
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-03]
Brave:
=======
BRA Profile: C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-01-04]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-01-04]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-01-04]
BRA Extension: (Brave NTP background images) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-01-04]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-11-07]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-01-04]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-11-07]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-01-04]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-01-04]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-01-04]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Michi\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2024-01-04]
Vivaldi:
=======
VIV Profile: C:\Users\Michi\AppData\Local\Vivaldi\User Data\Default [2023-01-27]
VIV Notifications: Default -> hxxps://www.youtube.com
VIV DefaultSearchKeyword: Default -> g
VIV Extension: (Charcoal: Dark Mode for Messenger) - C:\Users\Michi\AppData\Local\Vivaldi\User Data\Default\Extensions\aaekanoannlhnajolbijaoflfhikcgng [2023-01-27]
VIV Extension: (lock) - C:\Users\Michi\AppData\Local\Vivaldi\User Data\Default\Extensions\aeblfdkhhhdcdjpifhhbdiojplfjncoa [2023-01-27]
VIV Extension: (uBlock Origin) - C:\Users\Michi\AppData\Local\Vivaldi\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-01-27]
VIV Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\Michi\AppData\Local\Vivaldi\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2023-01-27]
VIV Extension: (News Feed Eradicator) - C:\Users\Michi\AppData\Local\Vivaldi\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2023-01-27]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174968 2022-11-07] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\120.1.61.114\brave_vpn_helper.exe [2765336 2024-01-04] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\120.1.61.114\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10837528 2024-01-04] (Brave Software, Inc. -> Brave Software, Inc.)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2019-01-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSIREGISTER_MR; C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe [2023224 2021-08-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2210616 2021-08-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_866484083fc526af\Display.NvContainer\NVDisplay.Container.exe [1274992 2023-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [18168576 2024-01-04] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2024-01-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9623432 2023-11-28] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-01-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-01-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\120.1.61.114\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [36928 2022-09-16] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R1 EneIo; C:\WINDOWS\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [1049936 2022-02-25] (Realtek Semiconductor Corp. -> Realtek Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22035200 2023-11-27] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2024-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2024-01-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2024-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz157; \??\C:\WINDOWS\temp\cpuz157\cpuz157_x64.sys [X]
S3 MpKsla867d10a; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78AE10F8-57B0-4190-9A16-E90E2A7602DC}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-01-09 16:38 - 2024-01-09 16:39 - 000027623 _____ C:\Users\Michi\Desktop\FRST.txt
2024-01-09 16:38 - 2024-01-09 16:38 - 000000000 ____D C:\FRST
2024-01-09 16:36 - 2024-01-09 16:36 - 002388992 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2024-01-09 12:42 - 2024-01-09 14:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-01-07 11:25 - 2024-01-08 07:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2024-01-07 11:25 - 2024-01-07 11:25 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-01-07 11:25 - 2024-01-07 11:25 - 000000000 ____D C:\Users\Michi\AppData\Local\PowerToys
2024-01-06 22:28 - 2024-01-06 22:28 - 000000000 ____D C:\Users\Michi\AppData\Local\NVIDIA Corporation
2024-01-06 10:49 - 2024-01-06 22:36 - 000716878 _____ C:\WINDOWS\system32\perfh005.dat
2024-01-06 10:49 - 2024-01-06 22:36 - 000145076 _____ C:\WINDOWS\system32\perfc005.dat
2024-01-06 10:49 - 2024-01-06 10:50 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2024-01-06 10:49 - 2024-01-06 10:50 - 000000000 ____D C:\WINDOWS\system32\cs
2024-01-06 10:49 - 2024-01-06 10:49 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2024-01-05 13:24 - 2024-01-05 13:24 - 000092924 _____ C:\Users\Michi\Downloads\Software Test Engineer - NCR.pdf
2024-01-05 08:44 - 2024-01-05 08:44 - 185073664 _____ C:\Users\Michi\Downloads\EpicInstaller-15.17.1.msi
2024-01-04 22:18 - 2024-01-09 12:39 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Ledger Live
2024-01-04 22:18 - 2024-01-06 22:31 - 000001900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ledger Live.lnk
2024-01-04 22:18 - 2024-01-04 22:18 - 000001888 _____ C:\Users\Public\Desktop\Ledger Live.lnk
2024-01-04 22:18 - 2024-01-04 22:18 - 000000000 ____D C:\Users\Michi\AppData\Local\ledger-live-desktop-updater
2024-01-04 22:18 - 2024-01-04 22:18 - 000000000 ____D C:\Program Files\Ledger Live
2024-01-04 21:44 - 2024-01-04 21:44 - 000000000 ____D C:\Users\Michi\AppData\LocalLow\NVIDIA
2024-01-04 21:44 - 2024-01-04 21:44 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-01-04 21:43 - 2024-01-04 21:43 - 000000000 ____D C:\WINDOWS\system32\lxss
2024-01-04 21:43 - 2024-01-04 21:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-01-04 21:41 - 2024-01-09 12:32 - 000000000 ____D C:\Users\Michi\AppData\Local\D3DSCache
2024-01-04 21:39 - 2024-01-07 23:25 - 000000000 ____D C:\ProgramData\NVIDIA
2024-01-04 21:39 - 2024-01-05 08:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-01-04 21:39 - 2024-01-04 21:42 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-01-04 21:39 - 2023-12-08 02:23 - 001487368 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-01-04 21:39 - 2023-12-08 02:23 - 001424064 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-01-04 21:39 - 2023-12-08 02:23 - 001424064 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-01-04 21:39 - 2023-12-08 02:23 - 001246400 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-01-04 21:39 - 2023-12-08 02:23 - 001246400 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-01-04 21:39 - 2023-12-08 02:23 - 001227288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-01-04 21:39 - 2023-12-08 02:23 - 000850616 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-01-04 21:39 - 2023-12-08 02:23 - 000850616 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-01-04 21:39 - 2023-12-08 02:23 - 000731320 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-01-04 21:39 - 2023-12-08 02:23 - 000731320 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-01-04 21:39 - 2023-12-08 02:19 - 000957960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-01-04 21:39 - 2023-12-08 02:19 - 000670232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-01-04 21:39 - 2023-12-08 02:19 - 000505480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 012375688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 002170992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 001624712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 001541256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 001198728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 000997512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 000810096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-01-04 21:39 - 2023-12-08 02:18 - 000773744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-01-04 21:39 - 2023-12-08 02:18 - 000459912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-01-04 21:39 - 2023-12-08 02:17 - 015095408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-01-04 21:39 - 2023-12-08 02:17 - 006462600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-01-04 21:39 - 2023-12-08 02:17 - 005862512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-01-04 21:39 - 2023-12-08 02:17 - 005861000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-01-04 21:39 - 2023-12-08 02:17 - 003620488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-01-04 21:39 - 2023-12-08 02:17 - 000853640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-01-04 21:39 - 2023-12-08 02:16 - 007869576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-01-04 21:39 - 2023-12-08 02:16 - 006745768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-01-04 21:39 - 2023-12-07 00:05 - 000113947 _____ C:\WINDOWS\system32\nvinfo.pb
2024-01-04 21:30 - 2023-06-21 04:45 - 000131560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2024-01-04 21:24 - 2024-01-04 21:24 - 000000000 ____D C:\Users\Michi\AppData\Local\Monitorian
2024-01-04 21:23 - 2024-01-08 17:27 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monitorian.lnk
2024-01-04 21:23 - 2024-01-04 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2024-01-04 21:23 - 2024-01-04 21:23 - 000000000 ____D C:\Program Files (x86)\Monitorian
2024-01-04 21:21 - 2024-01-04 21:21 - 000000000 ____D C:\Program Files\JetBrains
2024-01-04 21:20 - 2024-01-04 21:20 - 655557184 _____ C:\Users\Michi\Downloads\aqua-233.13135.75.exe
2024-01-04 21:12 - 2023-08-24 23:00 - 001296760 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2024-01-04 21:09 - 2024-01-04 21:09 - 000000859 _____ C:\Users\Public\Desktop\Logi Options+.lnk
2024-01-04 21:09 - 2024-01-04 21:09 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-01-04 21:08 - 2024-01-04 21:08 - 000000000 ____D C:\ProgramData\PLUG
2024-01-04 21:03 - 2024-01-04 21:04 - 000000000 ____D C:\WINDOWS\InboxApps
2024-01-04 20:38 - 2024-01-04 20:38 - 000016707 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-01-04 20:31 - 2024-01-04 20:31 - 000000000 ___HD C:\$WinREAgent
2024-01-04 20:28 - 2024-01-04 20:28 - 000000000 ____D C:\Program Files\RUXIM
2024-01-04 20:26 - 2024-01-04 20:26 - 000027653 _____ C:\Users\Michi\Downloads\252843151_20231231_52_WCZB.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-01-09 16:30 - 2022-11-06 15:51 - 000000000 ____D C:\Users\Michi\AppData\Roaming\1Password
2024-01-09 16:30 - 2022-11-06 15:51 - 000000000 ____D C:\Users\Michi\AppData\Local\1Password
2024-01-09 16:29 - 2022-08-10 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2024-01-09 16:13 - 2022-04-16 20:00 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-01-09 16:13 - 2022-04-16 19:45 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-09 15:35 - 2022-04-16 18:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-09 14:53 - 2022-11-07 12:19 - 000000000 ____D C:\Users\Michi\AppData\Local\Spotify
2024-01-09 14:52 - 2022-11-07 12:19 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Spotify
2024-01-09 14:52 - 2022-04-16 19:52 - 000000000 ____D C:\ProgramData\Riot Games
2024-01-09 14:52 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-09 14:50 - 2022-11-07 10:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-09 14:44 - 2022-11-07 10:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-01-09 14:44 - 2022-11-07 10:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-01-09 14:42 - 2022-07-03 14:49 - 000000000 ____D C:\Users\Michi\AppData\Local\LogiOptionsPlus
2024-01-09 10:51 - 2022-11-06 15:59 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Postman
2024-01-08 17:27 - 2022-04-27 20:46 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-01-08 17:27 - 2022-04-16 20:01 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2024-01-08 17:27 - 2022-04-16 19:50 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2024-01-08 17:27 - 2022-04-16 19:45 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-08 17:27 - 2022-04-16 18:43 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-08 08:00 - 2022-04-16 19:44 - 000000000 ____D C:\MSI
2024-01-07 11:25 - 2022-06-30 21:54 - 000000000 ____D C:\Users\Michi\AppData\Local\Package Cache
2024-01-07 10:22 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-01-07 10:19 - 2022-04-16 18:43 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-01-07 10:19 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-07 10:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-06 22:36 - 2022-04-16 18:50 - 001693664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-01-06 22:30 - 2022-04-16 18:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-01-06 22:30 - 2022-04-12 02:49 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-06 22:29 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-01-06 22:28 - 2022-04-16 20:07 - 000000000 ____D C:\Users\Michi\AppData\Local\NVIDIA
2024-01-06 22:10 - 2022-11-06 16:10 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Slack
2024-01-06 22:10 - 2022-11-06 16:10 - 000000000 ____D C:\Users\Michi\AppData\Local\slack
2024-01-06 10:50 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-01-06 10:49 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-01-06 10:49 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-01-06 10:49 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\winrm
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\slmgr
2024-01-06 10:49 - 2019-12-07 10:50 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-01-06 10:49 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-01-06 10:49 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2024-01-06 10:48 - 2022-04-16 19:42 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Spelling
2024-01-06 10:48 - 2022-04-16 18:49 - 000000000 ____D C:\Users\Michi\AppData\Local\Packages
2024-01-06 10:47 - 2022-04-19 19:24 - 000000000 ____D C:\Users\Michi\AppData\Local\PlaceholderTileLogoFolder
2024-01-06 10:47 - 2019-12-07 10:52 - 000000000 ____D C:\WINDOWS\OCR
2024-01-06 10:34 - 2022-11-07 10:34 - 000002389 _____ C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2024-01-06 10:34 - 2022-11-07 10:34 - 000002352 _____ C:\Users\Michi\Desktop\Vivaldi.lnk
2024-01-06 10:34 - 2022-11-07 10:33 - 000000000 ____D C:\Users\Michi\AppData\Local\Vivaldi
2024-01-05 20:58 - 2022-04-16 18:49 - 000000000 ____D C:\ProgramData\Packages
2024-01-05 09:08 - 2022-08-10 13:20 - 000000000 ____D C:\Users\Michi\AppData\Local\Steam
2024-01-04 21:29 - 2022-04-16 19:52 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-01-04 21:28 - 2022-04-16 18:48 - 000000000 ____D C:\Users\Michi
2024-01-04 21:21 - 2022-11-06 16:36 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-01-04 21:21 - 2022-11-06 16:36 - 000000000 ____D C:\Users\Michi\AppData\Roaming\Code
2024-01-04 21:21 - 2022-11-06 16:36 - 000000000 ____D C:\Users\Michi\.vscode
2024-01-04 21:18 - 2022-11-06 16:35 - 000000000 ____D C:\Users\Michi\AppData\Local\DBeaver
2024-01-04 21:12 - 2022-04-16 19:47 - 000000000 ____D C:\Program Files (x86)\Realtek
2024-01-04 21:10 - 2022-04-16 18:53 - 000000000 ____D C:\Users\Michi\AppData\Local\ElevatedDiagnostics
2024-01-04 21:09 - 2022-04-16 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-01-04 21:05 - 2022-04-16 18:43 - 000259496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-04 21:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-01-04 21:04 - 2019-12-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-01-04 21:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-04 20:42 - 2022-07-03 14:49 - 000000000 ____D C:\Users\Michi\AppData\Roaming\logioptionsplus
2024-01-04 20:42 - 2019-12-07 10:54 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-01-04 20:42 - 2019-12-07 10:54 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-01-04 20:42 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-01-04 20:42 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-01-04 20:41 - 2022-04-16 19:44 - 000000000 ____D C:\Users\Michi\AppData\Local\LogiBolt
2024-01-04 20:37 - 2022-04-16 18:47 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-01-04 20:31 - 2022-04-16 19:44 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-01-04 20:30 - 2022-04-16 19:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-04 20:28 - 2022-04-16 19:42 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-01-04 20:16 - 2022-11-07 10:34 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-01-04 20:16 - 2022-11-07 10:34 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2024-01-04 20:13 - 2022-04-19 05:42 - 000000000 ____D C:\Users\Michi\Desktop\zaloha
2024-01-04 20:11 - 2022-11-06 15:51 - 000001356 _____ C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2024-01-04 20:11 - 2022-04-16 19:45 - 000002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-01-04 20:11 - 2022-04-16 18:43 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-01-04 20:11 - 2022-04-16 18:43 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-01-04 20:10 - 2022-11-07 10:33 - 000003566 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{8388AAED-B19E-447C-91F1-0056DA4BCB38}
2024-01-04 20:10 - 2022-11-07 10:33 - 000003442 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{D9F98ED1-49DF-47AF-9F09-12AADBBFF0D5}
2024-01-04 20:10 - 2022-04-16 19:42 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2358193843-2216578880-2148233775-1001
2024-01-04 20:10 - 2022-04-16 18:51 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2358193843-2216578880-2148233775-1001
2024-01-04 20:10 - 2022-04-16 18:48 - 000002383 _____ C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-01-04 20:08 - 2022-04-16 19:45 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{E2B92CF5-D6AE-4064-97E4-6D348DDEFB54}
2024-01-04 20:08 - 2022-04-16 19:45 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{3C11118F-5B97-42C7-81BB-E7590BEE8F82}
2024-01-04 20:06 - 2022-04-16 18:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2022-08-28 14:29 - 2022-08-28 14:29 - 000000003 _____ () C:\Users\Michi\AppData\Local\updater.log
2022-08-28 14:29 - 2022-08-28 14:29 - 000000424 _____ () C:\Users\Michi\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================Kód: Vybrat vše
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.01.2024
Ran by Michi (09-01-2024 16:39:58)
Running from C:\Users\Michi\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.3803 (X64) (2022-04-16 17:47:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2358193843-2216578880-2148233775-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2358193843-2216578880-2148233775-503 - Limited - Disabled)
Guest (S-1-5-21-2358193843-2216578880-2148233775-501 - Limited - Disabled)
Michi (S-1-5-21-2358193843-2216578880-2148233775-1001 - Administrator - Enabled) => C:\Users\Michi
WDAGUtilityAccount (S-1-5-21-2358193843-2216578880-2148233775-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Password (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\1Password) (Version: 8.10.23 - AgileBits Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.11.02.217 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.83 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.17.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.4 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{e71cddfd-8f71-4905-aa60-1a6b9b7d1630}) (Version: 5.11.02.217 - Advanced Micro Devices, Inc.) Hidden
APOInstallerMSISetup (HKLM\...\{6D8108E5-FBDD-4547-9C04-B052336E4046}) (Version: 1.0.19 - Nahimic) Hidden
Aqua 233.13135.75 (HKLM-x32\...\Aqua 233.13135.75) (Version: 233.13135.75 - JetBrains s.r.o.)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A6A8AE0B-30CC-4641-8BE4-8A70E44A2448}) (Version: 1.0.1901 - Nahimic) Hidden
Auto Dark Mode (HKLM-x32\...\{470BC918-3740-4A97-9797-8570A7961130}_is1) (Version: 10.1.0.10 - Armin Osaj & Samuel Schiegg)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 120.1.61.114 - Brave Software Inc)
CPUID HWMonitor 1.50 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.50 - CPUID, Inc.)
DBeaver 23.3.1 (current user) (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\DBeaver (current user)) (Version: 23.3.1 - DBeaver Corp)
Discord (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Discord) (Version: 1.0.9011 - Discord Inc.)
EndpointMonitoring Install MSISetup (HKLM\...\{F1F90F23-6FFC-481E-B72A-B2D51C6DA257}) (Version: 1.0.1901 - Nahimic) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.200 - Google LLC)
League of Legends (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Ledger Live 2.73.1 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.73.1 - Ledger Live Team)
Lens 2022.11.41813-latest (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\aa51b2b3-6ec1-5b89-bcc4-2b0b1e949d84) (Version: 2022.11.41813-latest - Mirantis, Inc.)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.60.496306 - Logitech)
Microsoft .NET Host - 6.0.10 (x64) (HKLM\...\{0222FFF1-57A3-48A6-9AD2-0D6B5D0172B3}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.10 (x64) (HKLM\...\{A93C4E12-1BAB-4CFB-ADBC-9CE0B93176FF}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.10 (x64) (HKLM\...\{A2A39CB9-677D-4299-8537-C00B99F3D4A4}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.121 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212 (HKLM-x32\...\{844ECB74-9B63-3D5C-958C-30BD23F19EE4}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212 (HKLM-x32\...\{37B55901-995A-3650-80B1-BBFD047E2911}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.85.1 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM\...\{3EC7701F-54F2-491D-AFD1-0395F465BC5A}) (Version: 48.43.48870 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM-x32\...\{ff748137-9c9a-4056-be0a-48c7e465453c}) (Version: 6.0.10.31726 - Microsoft Corporation)
Monitorian (HKLM-x32\...\{D95CA6B4-AA41-4C4F-ADD5-CBC3ED7CEDED}) (Version: 4.6.0 - emoacht)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 121.0 (x64 en-US)) (Version: 121.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 106.0.5 - Mozilla)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.98 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.76 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.23 - MSI)
Nahimic VR (HKLM-x32\...\{3d84610f-4cfb-4165-aa15-bb859bd0f0e3}) (Version: 1.0.19 - Nahimic)
NVIDIA Graphics Driver 546.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Postman x86_64 10.1.1 (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Postman) (Version: 10.1.1 - Postman)
PowerToys (Preview) (HKLM\...\{A1714639-6DA6-49DE-A244-7D7AC908C3B2}) (Version: 0.76.2 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\{f9d6c94f-298f-4ce5-907b-48e1e78db540}) (Version: 0.76.2 - Microsoft Corporation)
ProductDaemon Install Setup (HKLM\...\{32D62D40-F8F6-408E-8F8C-6A6593E3ACE9}) (Version: 1.0.1901 - Nahimic) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Python 3.10.5 (64-bit) (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\{e15803b8-d809-47f3-8818-73f0d155cf58}) (Version: 3.10.5150.0 - Python Software Foundation)
Python 3.10.5 Add to Path (64-bit) (HKLM\...\{514A924A-361B-4BF4-8FD0-1A431CE7C56E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Core Interpreter (64-bit) (HKLM\...\{496B2CAE-CF79-440A-82F1-7587559ABA00}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Development Libraries (64-bit) (HKLM\...\{7B0F6EAD-C8A1-4496-8492-801EDE1A6323}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Documentation (64-bit) (HKLM\...\{3BC23B98-3D25-4A74-98FD-A1BE957A1340}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Executables (64-bit) (HKLM\...\{0FE1250F-6DD6-4948-B211-741B7CDBB335}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 pip Bootstrap (64-bit) (HKLM\...\{C3B084B6-D193-4633-BBB4-E890AAB946A2}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Standard Library (64-bit) (HKLM\...\{67F90672-C696-4DBB-8F33-95CCCFA21DCE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Tcl/Tk Support (64-bit) (HKLM\...\{7F7E3C5D-2A37-4F1D-8E8C-3BB073D36BFE}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Test Suite (64-bit) (HKLM\...\{269FCA5D-D0CF-43B2-B656-24DF6DAA0D4E}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python 3.10.5 Utility Scripts (64-bit) (HKLM\...\{BBD9CCC0-981B-4976-91EC-4C1E637BCF85}) (Version: 3.10.5150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{25196DA8-29BD-4383-B7B5-B36C3BAF43F3}) (Version: 3.10.7826.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.68.815.2023 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8619 - Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Spotify (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Spotify) (Version: 1.2.26.1187.g36b715a1 - Spotify AB)
SSAudioDaemon Install MSISetup (HKLM\...\{F77EA0C2-B0EB-47C7-990D-EACA981D75E8}) (Version: 1.0.19 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\TeamSpeak 3 Client) (Version: 3.6.0 - TeamSpeak Systems GmbH)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 135.0.10753 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Vivaldi (HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\Vivaldi) (Version: 6.5.3206.50 - Vivaldi Technologies AS.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2024-01-04] (NVIDIA Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{0236e5a1-eb34-14dd-2033-5dc5c63daa45}\localserver32 -> C:\Program Files (x86)\AutoDarkMode\AutoDarkModeSvc.exe (AutoDarkMode) [File not signed]
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{0440049F-D1DC-4E46-B27B-98393D79486B}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{51B4D7E5-7568-4234-B4BB-47FB3C016A69}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.ImageResizerExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{664ef21f-9756-e6a5-ff33-b39242304fd9}\localserver32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{7EEAC1DF-6994-4208-BF3E-59AA0FBC5B09}\localserver32 -> C:\Users\Michi\AppData\Local\Vivaldi\Application\6.5.3206.50\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{84D68575-E186-46AD-B0CB-BAEB45EE29C0}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{DD5CACDA-7C2E-4997-A62A-04A597B58F76}\localserver32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2358193843-2216578880-2148233775-1001_Classes\CLSID\{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 -> C:\Users\Michi\AppData\Local\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_866484083fc526af\nvshext.dll [2023-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers2_S-1-5-21-2358193843-2216578880-2148233775-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Users\Michi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-2358193843-2216578880-2148233775-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Users\Michi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3_S-1-5-21-2358193843-2216578880-2148233775-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Users\Michi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5_S-1-5-21-2358193843-2216578880-2148233775-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Users\Michi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2023-12-13] (Microsoft Corporation -> Microsoft Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\JSTorrent.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=anhdpjpojoipgpmfanmedjghaligalgb
ShortcutWithArgument: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
==================== Loaded Modules (Whitelisted) =============
2022-06-25 21:14 - 2021-06-28 21:35 - 000220160 _____ () [File not signed] [File is in use] C:\Program Files (x86)\AutoDarkMode\YamlDotNet.dll
2023-05-04 18:03 - 2017-08-02 13:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2023-05-04 18:00 - 2005-07-18 12:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2023-05-04 18:03 - 2016-04-20 13:12 - 000772608 _____ () [File not signed] C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2018-02-05 17:12 - 2018-02-05 17:12 - 000172544 _____ () [File not signed] C:\Program Files\Nahimic\Nahimic VR\AnalogDriver\EndpointMonitoring.dll
2022-06-25 21:14 - 2021-11-14 22:06 - 000541184 _____ (AutoDarkMode) [File not signed] [File is in use] C:\Program Files (x86)\AutoDarkMode\AutoDarkModeSvc.dll
2022-06-25 21:14 - 2021-11-14 22:06 - 000100352 _____ (AutoDarkModeConfig) [File not signed] [File is in use] C:\Program Files (x86)\AutoDarkMode\AutoDarkModeConfig.dll
2023-05-04 18:03 - 2015-06-23 15:41 - 000082432 _____ (Fintek) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2022-06-25 21:14 - 2019-11-04 21:13 - 000781824 _____ (NLog) [File not signed] [File is in use] C:\Program Files (x86)\AutoDarkMode\NLog.dll
2023-05-04 18:03 - 2016-10-03 12:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\SDKDLL.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Dark Mode.lnk:8A7ABCE5F3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ledger Live.lnk:F720486877 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monitorian.lnk:3E64401F6A [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\Users\Public\Desktop\ApoSpeakerTuning.Audy:E9A22CF7E6 [3442]
AlternateDataStreams: C:\Users\Public\Documents\ApoSpeakerTuning.Audy:F2F71CDAF6 [3442]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\Software\Classes\.cmd: => <==== ATTENTION
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "LogiBolt"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\StartupApproved\Run: => "LogiBolt"
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\StartupApproved\Run: => "1Password"
HKU\S-1-5-21-2358193843-2216578880-2148233775-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_97CC84EF98F04C9D1697DEF40DB5637D"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{18A8990F-E1DD-4B59-8D88-C2E07E6C2FEF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{64B1955C-7192-417A-B47A-7729F7680FBD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC684165-8F4A-415E-B4D7-3A17BA0EC3BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{250D7738-4B96-426F-8416-37BBEC1E0AF0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC496629-F09B-46B6-9411-B387EF5A9C4C}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{ADF9518E-0ACD-45B1-B11E-294E5BB7A01B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6F762705-7B71-4A28-A196-970A68965702}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EE211556-7CA6-4220-849E-097EF82F0831}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F60114F0-5621-4DFA-AE4E-7E712C28A650}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{6E82716E-3A5D-4AA1-BF83-240B6A2238DC}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{233F4F6D-31C0-4E35-94BC-ACA124F238B1}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{74307577-5044-42DA-AA5F-2A2CF6A58D90}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{7D18A5F6-E92E-4CE6-96A4-9D3B419ADA6E}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{56A2DC33-8C1D-41DC-8C92-C614E28BB8CE}C:\users\michi\appdata\local\dbeaver\dbeaver.exe] => (Allow) C:\users\michi\appdata\local\dbeaver\dbeaver.exe (DBeaver Corp -> )
FirewallRules: [UDP Query User{A956E5F3-3EA0-414E-AF9A-06C76CED73E9}C:\users\michi\appdata\local\dbeaver\dbeaver.exe] => (Allow) C:\users\michi\appdata\local\dbeaver\dbeaver.exe (DBeaver Corp -> )
FirewallRules: [{4DA8BC4F-1321-49F7-BA87-3F3E20A6C544}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{512B2416-DF34-4A76-860A-8A16D4256026}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2717DE5D-1C73-4AFF-9EA2-7C1BA30C6473}C:\users\michi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{6EF2C67F-687F-45D7-A464-8C226EEDCEB4}C:\users\michi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{821C9660-8690-44EB-A2D7-61AC800ADA21}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [UDP Query User{27ECF027-D484-40BC-A9C5-1BAA6FEAF06D}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [{D4685F80-56A6-49F2-9152-E93EF424F21C}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{FD7F68A5-BE36-4B04-B7AE-C1AC0F77AF68}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [TCP Query User{6596B293-1E27-4EE4-AEF7-B5BF45078DB2}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{097997F4-4AFB-4CF8-81DA-8307E331874B}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{1E4BF1AC-9996-4AE4-95D9-38A269BE7337}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6901B921-7B35-4D95-AFF1-975D80C2218F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{F944EA62-2BC6-4CED-A448-C4A4ED4E3F98}C:\program files\ledger live\ledger live.exe] => (Allow) C:\program files\ledger live\ledger live.exe (Ledger SAS -> Ledger Live Team)
FirewallRules: [UDP Query User{1134E0D1-1B4A-48A0-B8E7-7C7C5125D807}C:\program files\ledger live\ledger live.exe] => (Allow) C:\program files\ledger live\ledger live.exe (Ledger SAS -> Ledger Live Team)
FirewallRules: [{7492F121-F2A7-48FF-928E-FDBC4AD7602B}] => (Allow) LPort=26789
FirewallRules: [{D99D8F6C-4BF7-4410-9E63-77EAF03B8E90}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.121\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1A58054B-ACB9-473E-B153-6EF2D3F802E8}C:\users\michi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{04679879-AFF9-41B2-AD4C-45447BD60D04}C:\users\michi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
05-01-2024 09:44:47 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: Realtek PCIe GbE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/07/2024 12:10:27 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-5GGO2EH)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (01/04/2024 09:42:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVDisplay.Container.exe, version: 1.37.3103.4323, time stamp: 0x621dbda6
Faulting module name: USER32.dll, version: 10.0.19041.3636, time stamp: 0x12e47419
Exception code: 0xc0000005
Fault offset: 0x0000000000031c6c
Faulting process id: 0x2724
Faulting application start time: 0x01da3f4e1ca74f3d
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe
Faulting module path: C:\WINDOWS\System32\USER32.dll
Report Id: ae6dbe8f-103e-402a-8917-126cd871d6ed
Faulting package full name:
Faulting package-relative application ID:
Error: (01/04/2024 09:27:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8c2df955-5804-4c07-98b8-07e5215403f4}
Error: (01/04/2024 09:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Live Update.exe, version: 6.2.0.75, time stamp: 0x6115fe46
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x09943208
Faulting process id: 0x315c
Faulting application start time: 0x01da3f4a4d1f8c26
Faulting application path: C:\Program Files (x86)\MSI\Live Update\Live Update.exe
Faulting module path: unknown
Report Id: 4bfc718b-7349-4b81-b4fc-3f3c3e4eb1ea
Faulting package full name:
Faulting package-relative application ID:
Error: (01/04/2024 08:31:22 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-5GGO2EH)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (08/11/2023 10:53:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.3031, time stamp: 0x35946a52
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3086, time stamp: 0xe1ac3f79
Exception code: 0xc0000409
Fault offset: 0x000000000012d8b2
Faulting process id: 0x21b4
Faulting application start time: 0x01d9cc396aecee16
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: eba3b387-2f8b-4f62-ada3-aa977ad860bf
Faulting package full name:
Faulting package-relative application ID:
Error: (08/09/2023 08:07:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: logioptionsplus_agent.exe, version: 1.48.7015.0, time stamp: 0x64ca7beb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000275bbff000
Faulting process id: 0x3d58
Faulting application start time: 0x01d9ca8fb53ea77d
Faulting application path: C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
Faulting module path: unknown
Report Id: e5642a89-49f1-4c4d-b4e8-184a217ffd84
Faulting package full name:
Faulting package-relative application ID:
Error: (08/09/2023 08:02:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: logioptionsplus_agent.exe, version: 1.44.5778.0, time stamp: 0x64837101
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000009a4bafe630
Faulting process id: 0x1e70
Faulting application start time: 0x01d9ca8f419f1f19
Faulting application path: C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
Faulting module path: unknown
Report Id: daef4d81-8bfd-4cfe-8a7e-33cba320a7d6
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (01/09/2024 02:55:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Error: (01/09/2024 02:52:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Error: (01/09/2024 10:59:12 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Error: (01/08/2024 06:12:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Error: (01/08/2024 05:27:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Error: (01/08/2024 05:08:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Error: (01/08/2024 04:47:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Error: (01/08/2024 02:52:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5GGO2EH)
Description: The server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2024-01-08 21:12:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-01-06 21:52:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-06-05 18:41:43
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-05-22 22:13:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-04-02 22:09:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-01-04 20:09:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.612.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-01-04 20:09:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.612.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-01-04 20:09:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.612.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-01-04 20:09:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.612.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-01-04 20:09:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.612.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2023-03-17 16:00:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.
Date: 2023-03-17 16:00:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1.OQ 11/15/2019
Motherboard: Micro-Star International Co., Ltd B350 TOMAHAWK (MS-7A34)
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 51%
Total physical RAM: 16338.02 MB
Available physical RAM: 7869.27 MB
Total Virtual: 18770.02 MB
Available Virtual: 4073.07 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.15 GB) (Free:132.06 GB) (Model: Samsung SSD 970 EVO 500GB) NTFS
Drive d: (T7) (Fixed) (Total:1862.96 GB) (Free:1090.3 GB) (Model: Samsung PSSD T7 SCSI Disk Device) exFAT
\\?\Volume{9e709dc0-00d0-495b-b7fe-c5d036273bb1}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{23ac62c2-fa28-4c82-9142-3e697febafa5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0628DC51)
Partition: GPT.
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 07BAA3E4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Přispějete na provoz fóra?